discordrat | ea0dfa0aa7c5442efd8b3cf0a553f83bbcdd5f64e9b96470f5e17d12edfdf945

Resubmissions

26/01/2025, 20:58

250126-zr6r9atkfx 10

26/01/2025, 20:49

250126-zl6kastjcx 10

Analysis

max time kernel
128s
max time network
168s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26/01/2025, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

seba.exe
Size

78KB
MD5

9641d619bf8575e1b2d43ae2e4ca28bb
SHA1

e19700f8a645a513bf184146821b6b52676040f7
SHA256

ea0dfa0aa7c5442efd8b3cf0a553f83bbcdd5f64e9b96470f5e17d12edfdf945
SHA512

3d332a91a9c3f66df77101ae74465a41721f85551d6f675cdc049ed1017427887d163915655b07c555c0898d04229d82f207a69dff2f78694cfb5d73a8c0684d
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPIC:5Zv5PDwbjNrmAE+ZIC

Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzMzE3NTA2MTQzOTQ0NzEwMQ.GF7IPf.28Nx_t4P-22zVkKEjaXGlf2UjTqkyWZJ-GTh8k
server_id
1333175340633423913

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 1 IoCs

pid	Process
4016	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
1	discord.com
41	discord.com
43	discord.com
44	discord.com
47	discord.com
48	discord.com
19	raw.githubusercontent.com
45	discord.com
46	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133823994266714237"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3908	seba.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe
Token: SeCreatePagefilePrivilege	4660	chrome.exe
Token: SeShutdownPrivilege	4660	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe
4660	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 2064	4660	chrome.exe	82
PID 4660 wrote to memory of 2064	4660	chrome.exe	82
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 1476	4660	chrome.exe	83
PID 4660 wrote to memory of 3076	4660	chrome.exe	84
PID 4660 wrote to memory of 3076	4660	chrome.exe	84
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85
PID 4660 wrote to memory of 2692	4660	chrome.exe	85

C:\Users\Admin\AppData\Local\Temp\seba.exe
"C:\Users\Admin\AppData\Local\Temp\seba.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf0d9cc40,0x7ffbf0d9cc4c,0x7ffbf0d9cc58
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1980,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5188,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5192,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5100,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:2
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4996,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4652,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5296,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3592,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5052,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5432,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5448,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5452,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5504,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5512,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6236,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6232,i,2038881205868995895,4933190330628770600,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2588
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  PID:4016

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5ea96f0c148dd1f80f0e69bc9591c76c

SHA1
6424c099f7bcc11cc590f534187c9c43b26deb3a

SHA256
de411d3205b77ada501dc9153629e287bbe8a62085c850123bb4d3df1cd0a4e4

SHA512
016c8d8194ee9d262a67c4888465f354803b89d695b8cb739c1193793a05b0ec4a16291b14c68b0c7aad9824e85ea8228d1db0b32529737a386b7dfe194105ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0b50d30689bde6c756699e01b24c8b32

SHA1
f42c938096e55bc4ba7202042ee8730e67f18eb1

SHA256
ec7dab8eb6a3d6048d71a825001f5ad03b81154df26d37a168b42ec0684d6529

SHA512
c6111d27da59d09c353aa62507f8205ecf8a9f7b1b3153236bcf6796efa7b1f1ca559f3cb48074a7cae22124cde45821a6dcb7f28ae3c947a514ce7719ff3c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_limewire.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_limewire.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ba58556fb85129cae30294ebe49cef76

SHA1
521054bcbd9367276bd5cc838e4138f6ec3f0755

SHA256
703a5ba9157ad6cf767ff05f60ee7c63c4342a83f433f8b53d491eb052c9fc98

SHA512
6d8583d593dc9a3532c1372df0de85123f86d8f1226c75308f5e2fad18def81dd2e8faae27f001bb8344f0fcc11abcd5cce69744d2c64fb12ac6e7476cd7dda2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5c1aa7c748527e084168a13ea517aeb6

SHA1
6b6b20b8ddd151578a1b67f679fbeef6d1d5c526

SHA256
1c4ff70fc40ddd8dfff2d556cbca9153c402787fa7546dff8869f2d59d41e5f2

SHA512
3ce2cbb0a3ab47e8830c35b74d269cc3f6abd93b50783ca0935f6c559e0dcb429cd19ba626570ac2c9cc1a3bcf6eb70baa08eb576002887f7e929dfc1b731e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d114fe6b73aa200532194592bea10ac8

SHA1
35024e66d1ba60f7258dd2fdb33247ee2b645373

SHA256
354e324b99115ae631e8de422836dd076b62d5c3b623545b49966adc79e7b98b

SHA512
6c8f624880c4ee540d20bc1c88a5b3ba834219c3fc9dd64654c3700a863636da93be0e48be99ea53bfa28a2077a3a983d0b23ec50266e6981373cc15a92f5e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a0e470562a79b9498cfd7d36618a2970

SHA1
dad6b067a08a2c5318424d74be8785d8636b4a6e

SHA256
357bdc8b8cf63cfe2b3ddc26f19ef4fb19357a3144edbb9a0a22e0b5bc286598

SHA512
7e2b7407ba6bd8cfdc1270cc1f84c01231faf47e27c51a107038ac0d3fbc8473ebdf3e1510929d009088dd495227afde9cf8cc63748c044bf406295b3ddff12d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
29f65e3023de8ef8303078ad2b799acb

SHA1
4079f35de63aa7bbf63f288611cd36db99544969

SHA256
e36e48652eeeac6bddea4a3687d7c0ef83be82c4da272a8e75239d5607464c77

SHA512
b661285e4c5ec440dad87374dfbfd7492e605982fb1afd7db5a2eb5bb8dd90ce58c619142c0dc6fd0d860a5eb340620ecf21f3315e9c1a624dc1df42cc559f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
c35b7847e25062a22d8d46c25a5ef6bb

SHA1
c7bee5c3f89ef6345ae2c5a2f152122d5c9bdc49

SHA256
674265b7f73f8e8044f083e20a97a9da2105ed71f724ac4a757511956656ed16

SHA512
94f89e0ed4f82af44195120ecd68eabd4373452e4796f3a4c1cc86af4d8ed3d927e522d034cde8d5fb1e613afde6495fb8f8d9a8393e908540e7ea6a6484987b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b79bc83a133002725ecddf13aca2a11

SHA1
461a70827f4f8b98f97d9ba9ff841d4d440bcecd

SHA256
7e9866cde925c2fdd226e9e38f220e63b76680fdfc2c4c8a97639121264792cc

SHA512
114d97220ec8b1946f76338ea4e88c06fcc9cd8ea85f7b18352ee4f14c5f39dcdeaddb88bfd4d396543bde52b9d8553d7fb913fa4e15f3dc4f0dd6aa7640cb26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5320db02a54a70b837fcdd24b7178d97

SHA1
90a62718507423f44599c6b8cc6e0fee477da0f2

SHA256
370f914e7d54ff6153c6d5a6d00515a4abf651437729748ee33e3a623c5cf382

SHA512
d0f6824548341a70951b8e165aa5c80c7ef012be38f97319db4fa90190e3d877e55b76e44765b1f9854ee60d7d4b1efe6acce35414417cf8cbbf77394189aa68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c4be21c949e9b6359c7cad84eeae0d74

SHA1
d46b31b7582512d4cebadacb9b601d4a462d64a5

SHA256
c132a560b2b1042d313ae34a49a3444b7965758b12ac9708f2352dfeab42ef80

SHA512
cda988b716f708c7833c725a3603c1b995cb74594e7d12b9b879daf555c9724fd8491df4a39ab506d03ecf06153e38a8d69a60360f737d39f3782543fbef53ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ffa32f116769082efc8ef4d41c19ca9

SHA1
0106f98f488414a33c4558d4385005c6a0eb564c

SHA256
352a980c47854d6e2fad214117e4f3cdd159830688a2424ad60015cdb6281a2f

SHA512
c505ed5b56015cb69e29cdb66f62261640c91fac4f82d523e49b7e2992dbc44b1e231c0cc88a385748791164d014aa026fa10053e0cfaa4e746e0fee932e6e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34926860bb1177f72a641fed86403a65

SHA1
0caff538ab8418c5ec477c474553f0c0efc5c375

SHA256
8eebb660f51ffc5dda6df576020314b0ce588f236028b249faf27ae1f3b1a300

SHA512
8683e305181963a2bd2ff09ce25c012618d45d9b069e741dbaec8aa784a994ad444b32f1d0ec938a3f8d6292e3afae799c868a85bc1925044d715d4b274ebd1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
476c2ac788bff4bfb940b3efe996bd48

SHA1
934058925f7829d03c74778e03fd660d34e2613f

SHA256
ee414a3f009321ac49f706beed051acfc27c481ace9028ad37395dc071e1f9d9

SHA512
d3a070a2c9f1e082c50718b0b9d5066847cc303c7e4276696b5fc30e08578b5e62fab1b54f8191b7b3e76dce5f5e555e3ad558f88ec2485679d04c6fbf05d461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f21af15ed793356ac72714100684d69

SHA1
74d62c13a3667ef8e200eddb79c2b4b6a7aa9f03

SHA256
98e37cb30a58dbc746887e5f661ca77a25eee30c6414952c77300e52a5321ebe

SHA512
9a5c32aeee6637390dc773068cc61e6d7873aa1d86a39aaacee3523b68b5d4cebad8712c806cff647657da4cfc73ff9eb1558743c3f51726013465d07a938417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c53564c07ab815ff427070f8732a991d

SHA1
1943bd7d79ffc8f3d8dca72b637452921d2f9482

SHA256
46aa7f6a7fd7082fad9ac00bd8f969882885a810df0b01d950b71f08f5d9f022

SHA512
b1819d512ad463da2bf484724cb5cf2dcaa2a5e4f4d9c3819f5565da9c91f421fa71821f5933935f1b51c415f1dfc024d21e28becfe10e864dc35954a7bf0efe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\4df85983-3f53-44fb-a577-6bd6ea413d54\index-dir\the-real-index

Filesize
48B

MD5
2b42547955dd07bbcdec95200ccc3d21

SHA1
1b245895306b2233e297101a35c7774b140e4792

SHA256
8d81ab4a63bed3fdaf79e3059b54cb8efa68c357c85dc1b5076cc29d2010fadc

SHA512
4d3219b14187c0c5e07b9b955b3d85958d8a24b0f4454115afcc465bb801a38efe20312069f6f3cdfc5f0ea1552995899f1a0727ff4d03de5dbfd33d98134de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\4df85983-3f53-44fb-a577-6bd6ea413d54\index-dir\the-real-index~RFe59300f.TMP

Filesize
48B

MD5
bd118df95bef99f13e0b96c6325e1c05

SHA1
deda4b01d6bee48c3786c48d20d28b748a2212b9

SHA256
40c12a41728cfefd8539fee07c9bf0e2782b72e25ca2cf6d88e753a36f4a9b86

SHA512
8e2a0ffeb0b34499afc09522fbcf3cfe53244a37ac5961c8d60bc57087651f6e2c4194da6ee14a3fd32a85f29e9989f975097bb86d9bd3b4ae0b0ca558c2a989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\index.txt

Filesize
111B

MD5
b6e4369bcff6ecb91a476c96edeb20e6

SHA1
e1a6f8bf2496ddfa79c3399012ca256b3d7c64d5

SHA256
906df18053aadb40e7d08914396a07108db49f5f2bfab53bbab675d19fea5489

SHA512
76bf1569e880246b3df3a07e7e8eaffdb112a06fcd96303798a040c9585e8988f3103e4b1b725ff65c603b0a6375626bca9bbe9a52ed1a22386aebb97c71aee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\db4125b5f40e60705005afe796cc0071c6f09794\index.txt~RFe59303e.TMP

Filesize
118B

MD5
3358961289a3ab54e47dd517cc5110ca

SHA1
c1d8b57acfeb42ed4595733751affb0fad87c5d9

SHA256
9990d991c805a663d5a1b7e83c97f97309922e680fb43bac4f82504eab1c280d

SHA512
f1bbef2c6c9db33575e5c937a0cd0e8b09f29f01f36dd7cab0b50b7c9ff36e1f4832ba64fb0093549378a6488674a931f5336484c819d4fff988892cbb11b06c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
96B

MD5
7962f7102327e2e2aeffccf050eb6fa9

SHA1
841c8a68955b170ff4529b17f4915ceba10608c6

SHA256
b9b67db5f473732fed3994638e6d62950fd0c3da1ba52873ea0f9be77df5d520

SHA512
0d44d14531bf413fe8cfb930abef76ab2a39b8308479598cccaf841adb526aca51ae996e9c5293a898b89e21d359f64acf2c9872e35b5575518f7dfc20187bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
de658e81737a49b5a5736845a60e5bfb

SHA1
a5aa61905afa58b327639b997c05a564f722ef63

SHA256
5488a71ae904b7c46f696f10084f6bd80c94c4e17609809224eb935483d6200c

SHA512
f413c36bfdf7436ed9e0406638d566cf24443f3bbf80e622881a89c1bc6024dd3fd5a3cf974f464867a85508d41265d07f3eaa536bf21732a5a2aae5782668fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
d04b522266853d6b9cdecfb82f29fecd

SHA1
52281014df82a10b12348e7cd757df7e2b23b5fe

SHA256
a2bab6359114abf571ce2888c6bce7cbc0318a54a2eabfc8fdf41de801d86d6a

SHA512
a236bee1e9442889e769b6686c550f9abc61379790b7c783861d3bc017165b3387ba95a21e2d63af6934cf6ae19bbf86bc9d43543982d64f8bdf3082294868ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
bd47e47b5256a8d855d1bbf70ec21b4f

SHA1
f16db670be5605aac9f422b731c35e90754ddb3c

SHA256
03646b590befe8a7d3b33efe863a97db5a393586c53c5ad9c8f74902d7428207

SHA512
ad5125a7bd52b3776fd4e705e54316d5ce2b502216f7864de2157c1a2e20dcf1a8595d1c7a3be50fccf17b2390d79dea2a4ac7b3f70d420afed69412bdc9078c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
bcefc40aba99c1723a100aa4f5acc3e9

SHA1
a03211142b63a58a29b5f1342ba1afbf3785c1a7

SHA256
cca31b6df3afbed0248ffc9e9d4c1f987a1225870879898048e6ad9aa3ce7c80

SHA512
38de6e54a3232cf0c7e84f7e9ab47cb25ee3c2250e20afd73b583f0b48d9c3416274a776bf03bb3b8815c46606497786e6d9dea71de3a96cfaf82298ffa0aa7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4660_274133939\1a3a5a3e-b44d-4a5d-a23a-351a274d9f9e.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4660_274133939\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\Client-built.exe

Filesize
78KB

MD5
a6f08b00b30e86f38c6e520115b10364

SHA1
c52b6f3e609b411b5a82d4acef7dd2b7bd3567dd

SHA256
600b51a1cefef81998e125a5eb97260dba8d5f676c6b2406056e8dc70ab5b60f

SHA512
e856d182c39c264d93648de0a484ae1e0a2e1960c066c8ae8cc207ef5a0eec93daac39bf630e9604c951d57dfa0c7fb2605b683938ab09fec1e0d3950a90750e

Download Submit
C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier

Filesize
181B

MD5
079d7a858085000b537949d29acf1a4d

SHA1
9af97edae58f2eb9cc7587682652c644176e7c8d

SHA256
415b3f3639a518d8a399284027e3359ba01aa380f4570cb759e209cda62fafe7

SHA512
f4b3c1d50daa68e81c3c2cb8d7e8284e2b758302b6154c34051e20444e21bbd87beea56fa472bee529db4f72881fbf4e78167d1c956d54803d01b28d4e375a1f

Download Submit
memory/3908-0-0x00007FFBF58D3000-0x00007FFBF58D5000-memory.dmp

Filesize
8KB

Download
memory/3908-4-0x00000264EE8D0000-0x00000264EEDF8000-memory.dmp

Filesize
5.2MB

Download
memory/3908-5-0x00007FFBF58D3000-0x00007FFBF58D5000-memory.dmp

Filesize
8KB

Download
memory/3908-3-0x00007FFBF58D0000-0x00007FFBF6392000-memory.dmp

Filesize
10.8MB

Download
memory/3908-2-0x00000264ED600000-0x00000264ED7C2000-memory.dmp

Filesize
1.8MB

Download
memory/3908-1-0x00000264D2F00000-0x00000264D2F18000-memory.dmp

Filesize
96KB

Download
memory/3908-6-0x00007FFBF58D0000-0x00007FFBF6392000-memory.dmp

Filesize
10.8MB

Download
memory/4016-895-0x00007FFBF58D0000-0x00007FFBF6392000-memory.dmp

Filesize
10.8MB

Download
memory/4016-894-0x0000028A95590000-0x0000028A955A8000-memory.dmp

Filesize
96KB

Download
memory/4016-955-0x00007FFBF58D0000-0x00007FFBF6392000-memory.dmp

Filesize
10.8MB

Download
memory/4016-983-0x0000028AAFA60000-0x0000028AAFA6E000-memory.dmp

Filesize
56KB

Download