discordrat | d8c209995de6183ed8a8b8d1b9c00dd579d9be234e53ee4434594b61316303fe

Analysis

max time kernel
900s
max time network
857s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2025 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

matcha (cracked version).exe
Size

78KB
MD5

d10c0cba07a9045f70eeb19a6bc2f703
SHA1

a2a9c919adb704df40a4c3639c7d096100d72a7b
SHA256

d8c209995de6183ed8a8b8d1b9c00dd579d9be234e53ee4434594b61316303fe
SHA512

172a0b233b5078cc65beaf369c18d24dca11241a6b6d345d343e1ed7165f34cc30be103a159294a288507ee88f46de3e6f0e2b194ede51d17612d536a31c3a9c
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPIC:5Zv5PDwbjNrmAE+8IC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyODc5Mzk3MDI4NDk1MzY0MA.GhqsV4.13mA2LtQ6a7mV61HJRU_YgCDDtklHY36T8nFoM
server_id
1328793805209731173

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133825034484635916"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3776	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	916	matcha (cracked version).exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe
3776	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 1376	4684	chrome.exe	92
PID 4684 wrote to memory of 1376	4684	chrome.exe	92
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 804	4684	chrome.exe	93
PID 4684 wrote to memory of 3032	4684	chrome.exe	94
PID 4684 wrote to memory of 3032	4684	chrome.exe	94
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95
PID 4684 wrote to memory of 1948	4684	chrome.exe	95

C:\Users\Admin\AppData\Local\Temp\matcha (cracked version).exe
"C:\Users\Admin\AppData\Local\Temp\matcha (cracked version).exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff838cbcc40,0x7ff838cbcc4c,0x7ff838cbcc58
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,14104078677787486010,15942922636685080659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,14104078677787486010,15942922636685080659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,14104078677787486010,15942922636685080659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,14104078677787486010,15942922636685080659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,14104078677787486010,15942922636685080659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,14104078677787486010,15942922636685080659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,14104078677787486010,15942922636685080659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,14104078677787486010,15942922636685080659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4740,i,14104078677787486010,15942922636685080659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3504,i,14104078677787486010,15942922636685080659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4976

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3776

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1645da57-3976-4bd1-9e24-a8e7459383ec.tmp

Filesize
9KB

MD5
9ba8f345980d65c9842b4fcb9b42d576

SHA1
e62d843728558e468cb6f86acb5dc0a5c3a2d033

SHA256
c8d0f78ba07fc12a4860bdbc6b1d984d2394fac714fba2b62209b13d4c7a08d0

SHA512
8e0820db093aba37e0a79db4a20bdaa4a9b165f966650aa28fd3df0aeed05b8ccad8088291da363458177b502975515a7748f2f6f87fbc783099d35b76b77d7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8af798a2-6777-4a39-8328-c6e2ebdcdbb4.tmp

Filesize
9KB

MD5
6489b619d2829d7e90113a6b3a2e344d

SHA1
a1d8a4c5a8b08dfca03c8556959cb64deb3d0be8

SHA256
a2e9cb3d14887b42f4b6d89784e80bba9242ca1e41f81985e80a910dc5e0cac8

SHA512
9dfaaac13e339fb4d4a4277762e1629519cc16311d855eb6782163177bf452a9ea37f3d3a39ad8728168cb928c5323ecff8f362d8e2b990737e8a0ae084ee556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
39174134b5c4026b7a4e927a727b57fe

SHA1
756cf49ba80f6e74c1f180bb019d80de1bf4a035

SHA256
592193c56e050abf1e0472a879b35485345ad0736101d97029180b5969b50a5f

SHA512
f7249be09f225b7355f8dc2bf8af461da9af47c55a6a54102884d045bfd34e2c07c544a32f8e7d666406d4723ad85902f039c70270141b5e767db930a83909a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c9e7fa3254b5059420fe0ca789984423

SHA1
fb0944bcef96ee31bef031ed297fdf0b886873e9

SHA256
269e746112013a3f089d2a4323c997f8d47885eeb6e751d3ee33377582d37977

SHA512
c2e194821a4c047102dba5c3b38181252ae9dea8b9b9cb79bb5f633fe55f461991ad8c75c9641653002782fac48fa53953ec8d6df2594e61b4084e561f2a0a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ee48b9d4035ca67beef93a7e840fa27a

SHA1
5c7792ad9b996ee2bd876ee0447a4c927929b9c0

SHA256
d39e75cae741628f0ba460a95745ced8e37aa50fa5221a925b720ad1e0dc3b8d

SHA512
b127865fe5a8a92c1e98671736051e2631be491437ef3e2961751a1135bcc3a57ac6c2058695bbf3552f6fe15c0e0eaf749553d673c634ac6c3195b2eab9a0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dc6c0809ccf28e57a1bc502ef2fc9e3d

SHA1
64439d8621a129da19a7b9beaef7fa1c02b59d9a

SHA256
5f59ba8a304fed8dc17ce09169a349ee399fdaaa556277043208a18edf783afd

SHA512
e26f4cd7eb33a9bf182af5a73d9b36507be90a022950ab925b77c183bab9a0a677df905c7e056438699ff20eae70115aabf30835ef6bbef32d4a39e68a3f378a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f8d87f3ae9107df78dd34f297515a2d6

SHA1
29caae4d53121c56ac9592582465a282227b7ce1

SHA256
3e2a59672d96e7677ece983eab4c3a5f56b8074aa88443ecd3b6e133964b17af

SHA512
859c5c0fdafb1d8245c744204559af1cfefd9bc4fa4658d69d946636aafe2284934625b49ae1af3231eb9a1125854357b86d1a13b4a8a6227782fe957f39458c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3486514da2514391a41d02ffe3bc9b08

SHA1
3cdf4edbc41879bd7e31df79733f5bcb5b8f216a

SHA256
cf0bffd7b24eb59880fb3f0339da6102acfc163c844e5ab70711a50047e575ca

SHA512
0123a85c1c9e0f865f4ecae9438d40d755e04a7565c5e6d90b0c04a89bb384b4ab6835c1aa800a1be72971430367cd747cd0748f414c4f19f728f4333f86cc5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bcee0efaf4e9edc22c24cf9d559a6ad8

SHA1
ce811d79419c9203a795d59a6211b9d9e2cd5283

SHA256
77f032ed75226e76581a630a10ca205e89afac8762344d39e79b1f8f52a1f400

SHA512
2e41c4305c19e5b888871aa5366958a2709dc2a1b64bed691e264440fa51b8b2847ebca9cfe626f7d2d11662cde4605a253f38d4650e1b8868593279f5f98614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e4a6c5d1efa6dc2a932193fcec841ad4

SHA1
24e8de0572fddafc1043b7dd8d3e35b029a682c7

SHA256
7473bd0334adad75b1f7dac25efc19a9edda103902cab001e65ff936d6c41ce0

SHA512
a6d355f90ae1756c8d9a8b183805551f29fe6c6a4d3eecf42babf623c20639e662880b9d167519d7ead888816303d479acf32099eb8888e82208aa1d33f46592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
614f84cdd71c9554c30d6567c1967c2a

SHA1
b6d8490486079225e4e7f2a4010e2350b7afffbd

SHA256
04cde0eeff54c42bc9643501fed2a1b51a0725b115d4ea9322c3635d2ba8bbe3

SHA512
5970662bf0f92fb8b4aebe5157e4bbb315d954004b42e63dc4673a2cb5c6ce955a3859970a1bb8944f1505405660e68eadcf9fea581e1acd8a0ed8b25f7f3e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e082e7c8255d01bfc4dc5c862139d766

SHA1
e64ab638e06fac5145ff811b6d67a1792ccf29a6

SHA256
09c6b12887e9f51ed82daa1afc3f1419fa91a74d7198aacb6e70fa28df18b91e

SHA512
59f598c92cd6866bcd49c6252cde97475276416aae4d0d6d24f4baef472ba9704825f651e25ef4728882acf9c8adb0829b49a4d3dc86096718df45863fb75bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
262c12314a5fed03f0a3a7f738a6b94d

SHA1
8b500e9f7f77ec208923682014cf619bdec8b1f7

SHA256
ad56e3258be8bba06fd1c557899d43754652ca685f83db76d9c15d351be68690

SHA512
0eb5d7b194d0a8a07c92788ba3a518ffaa8626921e127da4a95b9784aca55e47fbdae4171f7898d5dbb1814459a82b416c30c36797445fd18ca2c283a82ffe80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe5deef9ebe7fc4ee77242192e0bb361

SHA1
c4607714e9816df6d1819defcef8170f07b933e4

SHA256
900f224004659177521ecc70a9c93280061f3e5db481628b9a94760c61d41a6f

SHA512
47b466e88ea549e3eb5ec180ebf180e6b660a3f26fa5ec3691db6233624b1fdea4bd7b36aa270360c25d6eac065dab0bb6a20cc9b88ef08674c6a6dd5e3401e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
234f55ea83c7cbebe2e190a5d23af636

SHA1
99e47643811d1faaead8a1e1fc979b4490d47611

SHA256
7d1d39839cf973f01e9dfbbb1d5ab7a8570851d2319b0d21a266b3f030f8fde3

SHA512
738696e1a5a48e22a514c21f13a8f3aa041b0932a185636f21ee115f16a5227a089b754899bb5a4a48ea4b0fb0a61dd664f6880308bad5cbc80df1900d7991c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac07ea193e4431c11ea028a661a82159

SHA1
c6d2b86a00fcbc8ecff74f07f532c9d9535574a7

SHA256
20ba4620515493282ed03c5972e75aab048108422b79e36efba1b77bbad75ac2

SHA512
d983d117314ab37e200857301b994b3f873b980be03cc80590d769ea41c3d0740c36466501d6171d17a72f5290a56f2e38e6bcb951d57fc47f63ddbb7c4d94d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ad719ce2242f5760987bd22e73bef2e

SHA1
8507bfd4ff6c3fe6dbd2c779bed4297833067f81

SHA256
8582f230f4c1f959456be91f2d0195d94528a36c2ad3d2754efa68334c4b3d90

SHA512
8425e6f334c66453c1c1b87aa506770a7e6bc1b47c1f8d7d40742bb981246d5d8ffea6fce90cd7fe56660ebd8ea21da769996c3f7990bd701f3b1c492a2ade5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
550db5c9003b402c17eb8dd406bc599b

SHA1
432360c8cd342c484080f1e08ee6a0ad962f418c

SHA256
62f1e4cbb0ef63164e1b69db21c3878f8039c8595cb037ae9b1f6dfad9c07584

SHA512
b3a99f48cc283eb78dc5f57b2d13dc8eb690308cac10a33e43ad05a964c6a8e7b3c226aaabe70b5914d64c3a34532b2aba8775d9e7318ff62fabfa73d23f8a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
589acb31565e36391aabd1f6b2ff6b6e

SHA1
4da1b61b78e9e4b0cb93b222def5c3aa852c7d2b

SHA256
f38711bf98c54602869a664f343d2166719ab6ac209b14ac54f56269515db8bd

SHA512
08cd942916f89574dd6ec8a2792e8190b7d510264c3ad46c01180a7c92ec5c85e82eac58f3af307dc7ea0a646554c9f6c7ef54a6aa6eefd4a8a880372875f6b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d33fa2f5b027b8307b556c64ce89122f

SHA1
a5a7673a0c4736dc32b29f8bfad0ab0714905571

SHA256
c8988fcff7cb838eb4d23af5669caf9227e0bfcf86307edda9d383cb31f6c892

SHA512
f51f89cdab04ecb8cee4aca3ddb02978bf650a246f8d1f4b51c2aba8baf4d3cf3c7e96af78cde44373560635d4746ab27009e11ef1f94dfce90024ee8d3b3c57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4f3e120f069c94f6d834777cb7de231

SHA1
f69bcdd60b9183517c8292cef8a1a5bad32ce708

SHA256
1ac584e7120e9bef74f80d74dca3ff5a223108cdbb95626f8efadf7a50ec54ea

SHA512
72be37602532b738b45a3f21242e6027c2643b5d3f6ecb12f084ab77a5986a3b474b1e904e7da4f520f1e1953d676686aa646ec2b881424209b9f2a5113df21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c3fcc469a61f06abd11524bc6a38c221

SHA1
3e3e3b80f01cf1e55ddd0562239fc6e15f403fae

SHA256
0d3560b3717a310402afa743cfb016ac74bba7620c6cd552b25654ecd0e4fe75

SHA512
831f6c7c5a09f7dae138345a61ec4a4b3317c15451351f30ba5ea25d0dcd324871dea15bcc447859b8e844f8ab504ee393b5be4c07b75f1ec0c431aff082cde8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ad13a8421f91383e895766d477f291f

SHA1
9d32ff1b6a24726164357de8552720ce8ead4bd6

SHA256
24cc564306c475c604966ebd875b697d78d42571ea34359de922e6025fa3b8e2

SHA512
86a261c855f7707ba7723a2fcd73439d68d6ba63715c8bade68f993952d95cdeb94ca3ea7a5dc650382901be5d86934090a62fb2ab99221067dab5e6281004fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5fc5a8cb0d97f96e8b6be086d33022f

SHA1
270b237bb7d84f7e611e7c4a7d9b7f8c00f4e986

SHA256
b569c1a73cf01d9940dd67d17e0870aa9263d73c7f102d111525cb52cf6d4a6b

SHA512
a50ec91554debee032661fb5487b4a47848a0485a839999370a497ccf70303bee52e30edae67801634d89d820a27a45e09203aac08a0a714ae41019dbac607b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a2509da4d0b89c8df9565437630b3cd

SHA1
ea9333591de6de541aee4c38bf6373805966da1c

SHA256
60f4ebe994eed7ba8301399080316425e760600c962351676977d161020ba35f

SHA512
62b9b79772f455b78afbf73532ebdde5809a1e83ec6e270ef5347cceda6881e5aa1ddc6e91ed56ae5ba139a6277346c339c310f3feb6b53c412525a775cb79aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4daacb39f454f61d663f3c4a0905456f

SHA1
fe494bf46360784f1b5a5b49dc441dd78aaacdb5

SHA256
4fe5b59dc5f8a552a24ed51d5de4ffbbda7b99dc6593496dfe2985adf1f122c0

SHA512
8183acd520827dee3844bc6c1c332d19d3b097b58eab67ae4a420285dd4ee0906b5ad9df70025cd0eec5d4fdea99041a7f2dbc9307ab9e30ddc69ecbc752cd71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc7962f1c2cc44585adaac0b561d502b

SHA1
d32535fe336c7f0df281ed09c5d25440a3ccbd6d

SHA256
ad8eed2e49bc7207556ffea9595d4f94b21af02a0c20dea8d37aba2a49dd94ab

SHA512
aa764311c78faef6fa0358849890510b3477cf95fbe398c7744bb2982d54801b689cea3735e144f3c6b99abc396be68e6529d088996f014cdc340cbfeaf24a94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f42b4b0956326516d3cc3ff452e7ba5

SHA1
8cfe0b9f8e62f536cd5cfcd15a04c7f7dfe0f43c

SHA256
fe96a05ffbda8e02e7221cc37bb1497f100720019856cd182372af1e20854456

SHA512
3a223e498309299889daaeb0289d0e592628570040ff1216cc1c3425061fefacb22d92b0c6d43599f000ffa060e84a03e651a2550eb8dc401abb271761e70fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
097a5290e28da633b18e193c10de04dc

SHA1
e17c37441fb3a70d67b6c893c32acaefe2ae1f88

SHA256
d36e9f494af188301ae4a573dfcca1d21d459be522ed43ff9f4c7ea379f36a85

SHA512
944b4abd7f88cd9c0c9ae66d0a4ec9968f55550f2d52b3da1755427041de7e85bc29df1fd8aff82824afd91c4390de419bab77931fe95c9c97da745cdd92e529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb76bdcd17d49cc90e074120937dd96f

SHA1
a514d1148d47f5e94ffa6e07434f20edc12c5bb1

SHA256
0e3584ee6c5060180a68aca63ca64b619cdbf49574abb8ab08d85669882e1308

SHA512
bf632f5855e7470572d6d3c208aefd0d3b2ebbcadf0d6765e4ab1980f970516fd179cf3b6093c69c5e652e7ed3c5bbd05f0201d4be39d91a2d1c305756fbd81c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9939779cf08a2f321720a649cc6bc36

SHA1
36b8c86990e81141b6d8414fcd8703c18cbcbb69

SHA256
90453f6e3a910865947e14c0684e67a3c5b296871fbc2634ce436d97e86b9501

SHA512
208038d4666a411b451a25c1e7d1557a989a3013aa734f87967afaaf641bed4bfd819317acf5116bcd2446d176193be5bcf4cd5d69e66de716b73da3fb06128d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
143325f6aeb61e3a9d86cc563d875d62

SHA1
987e1e4a2d95594fb0a86cf4fd6eaeae657f7e3f

SHA256
8b540acbfeea6c2077e50da3af40fd8c6f7faf279eb3c0754c27dfea1c32e16b

SHA512
982cf11cd203d71a8f41f2b303cab168811d190e8d9d6754f482dbcb8fce64c3f8f52360681ddce0c567eac4a03c590052390b8ebeaa8520499896aa5700a380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6bfb70b4792a88873c1b42f6b040c735

SHA1
2061bfba0ce735b0191cb0d0c4a9570e540f7d80

SHA256
3f01ac5e934d4afc305c02be8608604c0f84767fff85f68004b0a6ddd5d72bf2

SHA512
667a4363b48a1274a15932ae3ab040f657158270fa2c62cc3eed50d845708cd5050cc6a44a7d6d0a283ed7c1ce94a1f3570219fa94ef0640bc7c5606c5f49330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16df4c9b3a99625f07bebc2c1812fec1

SHA1
a1846c4485ebc2a4afe5bf4c208327c67fd549eb

SHA256
934c9061141a12077c5c8093b29cbf6000996030cdb1e177840671043ba2cc40

SHA512
56ef3d8df06475d2d0f6a18f59ae98acb268fe798757ed7c49234e090818d17db25fb61d9c42a2ecd1da8cf80955ffa1b4fe21e96c9c5c398e2fe417769ec4e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5922402f59609481efe9d5563d385d3

SHA1
dd48a33e5522642c2096c9b443e6eabd5dec7077

SHA256
9ffe948620886c3cf8a5947a6d0734828d66098f62e80910f35bacb16f8ad2ab

SHA512
df93fcb1283f9eea61d249413a313f7cf9851053de110085f42e52bd942c734f0aea8e9305a8e2a2d187bfe6ba845c693cea6e64791be69f7cd11a6ceb388a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c6b6db854c297167d3ed2efe42bb2a8

SHA1
810e0d3407f506b015183fe2f133343a39a77a0a

SHA256
a70dcc59b1024efaf8cf39647d8c8a308cfd59aa2fec4e7d6a3e7825fcbceed6

SHA512
90f7dfa5bf260e599f9d100f0d4a6e9e4ec53ed91e12ecd75df642f04b020b4fb4c1a2f8c99605ea68f90392238d2cfbb16ae8997434cb59ab16cc82efb18fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c78254f34d5fefc2eb312b20b2f1fbfe

SHA1
4207a7f4ad1b349f2e77adc1731f73357e83c365

SHA256
e95bc19dc042752fb1aa3dfd510a3c5b3a9acc9566fae207c2f9611242db314a

SHA512
f17de5cc45f8697631232e77ef5709a0fbacfc3d8959166dce0f700e95b9c23b0e80b30f7d05a3f8ac83dcfd7bf047614526c4e1648e849b518fecc50ab72e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a93fabfe97f9def45f4816812123b22

SHA1
0202f7b6f2a6c92a8fee51c482d8b307cd9330b8

SHA256
286397eb8df8774aaa47ed47fee593d67e9466d877fe46f94ca3a96c7563b40f

SHA512
c8074725a2faee357f6dd853c8baa62df48abbadcc2cdd3535441e23e14589a6e51b5438d497103b23214dba96897d39936daab3219c4a2c44fcdb386b14ac86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed93affe2a236e654e2fb668eaedc864

SHA1
b5441ea7789c7662446dfa351b55aee84d55e878

SHA256
2e2ca11c859456891b546a7bec780a21b2fb96bb94e7ebef36acdbc69658518e

SHA512
c16c3640b417de5b3ed4fd803cf779641d1c0a0657027434493b3e2b1a58b87d7807a1db21697892fc5a087a65762bde3f0c096188095dbb6dba201b62499179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c91cc9e2982c35afaf7fc607a2eb8e63

SHA1
b864dc5f90b8f2c0afd8769eebdf5bcded626a30

SHA256
55ee914f4329b052cd0a7c9ca6910fa72851f50d9259af6318c6f4104036993e

SHA512
78cdc9e652fa44439641f0c85b5906115624307d490405c254f64e3309f4362de8c4f8c25dd838e189b6d0b3e3ba3a161a31d7bbd246b2cc4bda626874f565f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f750963ec0162ce84a4478ffbdb112c4

SHA1
6b2d4d7d23a4a136022968883bc1ff71775620aa

SHA256
2ac94e3f879f9cf0d6e8b99882427e9f34962d63f169f7eb91e13abfe8b6ec5c

SHA512
cc4040932f0a600818c0a26a8f9786607b80db9634d550665636ccdce12ad3cca3d037efec34521004d17c57eddc9212e5a5ec2ecffc2c750abfb76b0ce4f34a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f64def30418d76d5699d9a9dc5c4e27d

SHA1
4382aa3fab33fdf815e15d9573b3f449987d8d19

SHA256
7e3a0d674a21dd85e6f25827ab3c3e5bd60e51a62e8d87a2a86a93ff85de8305

SHA512
e94789a7415a1d171ddcc5218efeb43ea1589da90522bf11ccfef228f10ca4b5f4e8a04cb77a071ce112dd02bef48b52029cee2625221c0c587ec7b5ca0bda7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d8784163ff4b350da938f42d2a63667b

SHA1
286c0919c6f20d11f140dd8082ec4f17fec2d969

SHA256
f17356f1360166ea1c6297dc037cae212fa5ac2e505c07ee4ac5e0dfcc68ac41

SHA512
ee9c2e22c373d92a592372238c01caf9708e76ca680dc25ecc8977c519ac1ae63ed4959c26673f7de3231ae85d102193a7c4a20dbc524924cf976fbba1e94e99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fad5cb7e3bc9f8fde594d26870a40322

SHA1
9cacfef7c1391f06cbbfcdeb6116cfa157dfeb4f

SHA256
d858edafb4a40ba431f6a2ac362636eb9f7e7041d1e9195d7210d541b6ee4a10

SHA512
64b9e15931ba9feb619d0fb6faabd3c5f8e48438fc173a3336b2a42fd04ead5a106a0a1f865ba939c2effea4dce661980280f6435fc1891b05f252c90d2b3a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1be12edcfc9551c6037330190b5ebfad

SHA1
aabb4165fa17e16a1e1bcf437ed64db56712b97d

SHA256
d74144bbccc2856d094a5095b1cb8baa55266fd5970aa53a5ceccfb2b964a245

SHA512
743b36fe8f9b86419b2dcfbb0c0ba1587662bd079c79fe6c8447a37e1d3ce79638e748df93855d1d579327db20092903b4c1ac0578df42b5afd2646bd4159ae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
daea8ce937ba53e5f117f9e90588d014

SHA1
5a838b6eece4d9bdce58b4c9fa617c3c6a226197

SHA256
a55b7b2140a637c65d193a90879ff95f3a2f958017d450c554ded727fd13e6ac

SHA512
62429625cf38e80b595d05b29afe6cbd34b695bc1d1010eb43a792064af4f59b1dd6f94776d21df32fd3e6d8f46c898b2c7d1f3383a0672fd4e98b729f1ccef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1bcc242e528aedec97a46aa99ed90d2c

SHA1
d4877de8b6d716c522cda57fd3c59b5d2301ef43

SHA256
b785d901043bcd489d48cb48f6f82d28a4c8b73e3d928aef78aa0d0e7918a5d4

SHA512
34e0e812275932dcf21e9fcb806b7d341ca505fded15f23a53c6ed8fc1b288b1c913df96e8271ba5dd4821a9925df7f992fce878d2bd070365d56bea927e4cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4536bf96f88c935ace567db5bdedfa47

SHA1
fd1ba701322311215ee22b8e1fc3da6667b876a6

SHA256
a12d63d2e9d580b2a713b61cfc4ce328aed4035826565e7a62d30f7c5b397c90

SHA512
40bb966b16270b81de1c849d2417ec71ec4701399a21f4a5661eb627ce5c764188d96fe311eacb1578790f992eead4e5db820fc06f3e0f463616e4a98c7f6cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
571aba9487a7c2fae66b854dd4134357

SHA1
ff5a585c7140f91fc3c819653d9d7bcc94e70362

SHA256
d00dbba2828f0048e5cb0dadd6eba38fa80c08b56877963bc818de3a06c50583

SHA512
86b7b2c8c983b8128fc2a94da3742036963c97017f442c18afec96a416fb0182bfe58974a59940c113a68c116a130219035087d74d42f9d932461426309eb731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd28086911c02e34c842a4e49f008a83

SHA1
93d14efce79e1d4bd3bdb3703c8f8ff3239eba8d

SHA256
6dd092daad173fdf06d7ef5f4ad759a13e21b360ef948c08d8da5f0a0d602274

SHA512
3f322c4fc105c4dc35e73f1ef16df66563a958b3caac6ebe3bfe8a18181012eca7fcf0f3ea0d9ee349eeae747ba1d00a78a5957823f36cccf6102daa47d186f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
23d3d331cb9c2a8ca9438f622dd56948

SHA1
a829dfc46e101fbe96c1a18ef921ae0d4bad713a

SHA256
f48645d864cb568d2e10bae5608d54d0e5acdc692a7eb0094224f079c9de0c7f

SHA512
e512c537e08e7f782d93dc5ae682f5e19fb22c2e6382df9273a5dfcee9c8f2ed2119086b7429986af26a7735df517a577b2d62596161edb26928ca6147747b89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
b1c57c3456cc86314e3624e1a6ffcad0

SHA1
1278e595424b00fa82c2c824cb4f5ea694a7af04

SHA256
4286943334fdb7ad15ffdef779daaaa273e4c5186551e3da669c95bf90983748

SHA512
c5afc1b56cca9bce359e0259d12bbb363c7922cb838c0c294e90809c2555e66ce23a7bc950fd838a401b07df9f4a244b3e8860d8285cf374a70c0c615cf650e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
1c9cbfcda6fce235e63c2abbd8ba17b5

SHA1
e378fd12d2831ddec4ac2500d4e25364b35fc12d

SHA256
6d6e3bf84759a1d6024e41e7711c8206e0c7e0f2458c4249f2f6ee054bd3cef3

SHA512
88dafe58cb68491338fb05aab706531358c51968d47116503e3b32e57c60f8dd8db4d6acb680d7e131ea7b335e457bea3d1f3f6e52d03f424e6e04d62e9c824e

Download Submit
memory/916-5-0x00007FF849A43000-0x00007FF849A45000-memory.dmp

Filesize
8KB

Download
memory/916-0-0x00007FF849A43000-0x00007FF849A45000-memory.dmp

Filesize
8KB

Download
memory/916-1-0x000001856C9E0000-0x000001856C9F8000-memory.dmp

Filesize
96KB

Download
memory/916-2-0x000001856EF80000-0x000001856F142000-memory.dmp

Filesize
1.8MB

Download
memory/916-3-0x00007FF849A40000-0x00007FF84A501000-memory.dmp

Filesize
10.8MB

Download
memory/916-4-0x000001856F780000-0x000001856FCA8000-memory.dmp

Filesize
5.2MB

Download
memory/916-6-0x00007FF849A40000-0x00007FF84A501000-memory.dmp

Filesize
10.8MB

Download
memory/3776-284-0x000001D13E400000-0x000001D13E401000-memory.dmp

Filesize
4KB

Download
memory/3776-280-0x000001D13E400000-0x000001D13E401000-memory.dmp

Filesize
4KB

Download
memory/3776-285-0x000001D13E400000-0x000001D13E401000-memory.dmp

Filesize
4KB

Download
memory/3776-286-0x000001D13E400000-0x000001D13E401000-memory.dmp

Filesize
4KB

Download
memory/3776-283-0x000001D13E400000-0x000001D13E401000-memory.dmp

Filesize
4KB

Download
memory/3776-274-0x000001D13E400000-0x000001D13E401000-memory.dmp

Filesize
4KB

Download
memory/3776-282-0x000001D13E400000-0x000001D13E401000-memory.dmp

Filesize
4KB

Download
memory/3776-275-0x000001D13E400000-0x000001D13E401000-memory.dmp

Filesize
4KB

Download
memory/3776-281-0x000001D13E400000-0x000001D13E401000-memory.dmp

Filesize
4KB

Download
memory/3776-276-0x000001D13E400000-0x000001D13E401000-memory.dmp

Filesize
4KB

Download