discordrat | 9f60b978b4e60a70cbc1037acb55ff4f6d61765b30ac2e12cf9cf8b2c51f8347

Analysis

max time kernel
335s
max time network
337s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
01/03/2025, 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hi.exe
Size

78KB
MD5

40ad387a93b7cd81f0f79be861ab93d9
SHA1

4102508d22f1aaa136f881a063ddce8e1e1fac51
SHA256

9f60b978b4e60a70cbc1037acb55ff4f6d61765b30ac2e12cf9cf8b2c51f8347
SHA512

23b1d218b42f973e4adc1b7d9c26df80da86ad38ed0c64d2dd9a5d89c854a947abd506eeeb89778fcd97d4b3f503996fc0f4d06d3def33717ac586d3fbfcfb91
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM0NTM5MzQ2MDI1MzAzNjY0NQ.GrXV21.mbLL4SHVtIfeuQK4zD7pSOfnc8VzTKgzYjGA-Y
server_id
1345255073441251349

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 4 IoCs

pid	Process
5596	hi.exe
1928	hi.exe
3784	hi.exe
5916	hi.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
131	drive.google.com
132	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133853127620599446"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2278412438-3475196406-3686434223-1000\{D943DEB0-494B-48D4-A754-D618DDF255AE}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3176	chrome.exe
3176	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe
5844	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	412	hi.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe
Token: SeCreatePagefilePrivilege	3176	chrome.exe
Token: SeShutdownPrivilege	3176	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 2004	3176	chrome.exe	108
PID 3176 wrote to memory of 2004	3176	chrome.exe	108
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 2996	3176	chrome.exe	109
PID 3176 wrote to memory of 468	3176	chrome.exe	110
PID 3176 wrote to memory of 468	3176	chrome.exe	110
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111
PID 3176 wrote to memory of 216	3176	chrome.exe	111

C:\Users\Admin\AppData\Local\Temp\hi.exe
"C:\Users\Admin\AppData\Local\Temp\hi.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:412

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffba86cc40,0x7fffba86cc4c,0x7fffba86cc58
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3288,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5236,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5256,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:5204
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7d3cc4698,0x7ff7d3cc46a4,0x7ff7d3cc46b0
    3⤵
    - Drops file in Program Files directory
    PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5372,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5644,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5652 /prefetch:2
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4872,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3396,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5852,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5856,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  - Modifies registry class
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5400,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4728,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5608,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5368,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5308,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6256,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  PID:2944
- C:\Users\Admin\Downloads\hi.exe
  "C:\Users\Admin\Downloads\hi.exe"
  2⤵
  - Executes dropped EXE
  PID:5596
- C:\Users\Admin\Downloads\hi.exe
  "C:\Users\Admin\Downloads\hi.exe"
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5752,i,963963103626303877,10067266345045331640,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5844
- C:\Users\Admin\Downloads\hi.exe
  "C:\Users\Admin\Downloads\hi.exe"
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Users\Admin\Downloads\hi.exe
  "C:\Users\Admin\Downloads\hi.exe"
  2⤵
  - Executes dropped EXE
  PID:5916

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3364

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
555565e075ceeaeb13d6c8b1e1c7703f

SHA1
d8ab69cc05a3311dde9eeb10472442b73fc88ad6

SHA256
a8d59e1072d494ba101758a7cb2db3d67b895199611281c88b70ef3a251e81f0

SHA512
4f24e4954751303bbda2845fe0fd7362603c2032f00ba680898fe40099d6ea699cf6a230ec116fe3da41182f5cee2f47b242d7094c12354328dbcce7a9f07000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
43KB

MD5
0087b35835d2820949e80eefcabc6969

SHA1
363a2bcc15192d269c2c988bb0dc54f48151348a

SHA256
36bd45663adb837f682b08e56ede845783bcca72b6f58f515701736d87171ab1

SHA512
8619846c07acb167243928e48215c43c7a0e6e5b167a256ff8dfb5d91d1990a00dc4051fcbd9ca22137c6030f88b6db4690d5be0b9391efeaef600a62a2e162c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
33KB

MD5
008dc11b6253e4c31a87594e230d267e

SHA1
aa05c5a8534d22ec5712ab6d51d707bb4e79e3f3

SHA256
f47dcbf619e79fde4f02dedd2dbbf5e141860b77074a582bb416929b7ff81ddc

SHA512
2410911789db3653e98cc38795e71937bdb87cac5d299f90b7eff970d3f1d324f8a066561b2486a97d2cb22d8092f6a9b7321be56b31d288a82e0b38999c5a4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
20fb3efaab6ed1a3d1016e1937ef889a

SHA1
9f619c87551bd4f9f126d313cb46dae0e1722f16

SHA256
86ff2d9ec0b0b9e824c9d5153baf19f219cf5423ed25d7c418a649740506c5a5

SHA512
e7aa47a66e177d5752f88c27ff4a768c1de084362bff6f6892c591ca4cdb1add018674c6f98509a5a386dda6ee61c3a890c16e912d49c721b74a1f5b854ceca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
107d9fbd6c52ae20d0960c1befded0cc

SHA1
ab205847a911e231910d11991f895a4c9a7a6fc5

SHA256
922ffd035723cff5586fe0ef0f837ea37a3e994a1fa8d48877907c0513f24974

SHA512
8fd0d597bdacde5165d68049f3b678fac1201aec86cc06e63bd195a3ddd943a8bfb8773b49a121e001cdcdc4ed6f48cf99994e0f3f87e1fa59b217579bb021ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bc9a22797630fd04a2bdfecb99de04bc

SHA1
509c18334f78963103c9f81cbf7bcffa7a21073d

SHA256
8d6942f55098debe07a99f35bf792cfbab0e004f8aa231cbd0da673e5ff9d18d

SHA512
bdc1d75c50ae2ae946a8aaa18032abade04bbcbe55fecc08e589d451b2c7bd68d93439100e3473054d9d0837726a65e6248f37c312c53e1503444f62d43bf08b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e81a25e489746eed41134924a3f6b6cb

SHA1
7c61300705639fe265e557fec5d9e60c496a4c19

SHA256
5255fc777e6c872c2bb31fa6a29589c1997e9438cc374a3fff2dac3d4a09cc7d

SHA512
1281652199578227740ec4ebd8b93fc3620341040aa58423152604c2b71064a5704bf6a5fe99ee47d564091673293525232fcc7cb66d607643df601989082193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\page_embed_script.js

Filesize
338B

MD5
0396274aaf2eae8917e5eb52cf69dfa4

SHA1
96f53cfb2d6980e12aacedc6d91759e7f5ca1718

SHA256
13e1562cd07fc06d692fdf1aa471e3ceae3cf7c1e42c5345d430a947139a24d5

SHA512
091212dd84fce06e0d47c6e26e0959a660b36b53d7aade1dac5ca2795e44b4d81ab271213dae68e70a04ee2bde9bce4a63587580ec06b3fbbb7a2576b62abd16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
d92a2dd53618b571dc6ea364acf98a99

SHA1
1f8d8c5213eb040f46b424f6e02ee43a5a320cb9

SHA256
6ef49803fbf26e1cf0d28d593232900ceb18b970d362cc979d9f2c83feacffea

SHA512
43af505cef7035d96813e3913416618dd40bc969b88d00362ab05aa1d6dabc2701fdf51eb770ccd6af8ec7895e68093ed77cac2c15de92156ea4442661fcb921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
13cf08545efb49b5bea86456c2cf828d

SHA1
7ea9c6f7c52d4e58b90fc6daafac451293f16eaf

SHA256
b0ad88dce9c4bbcaa8e7f651050858879800707719e4cefb8b97361773a8058c

SHA512
70ee19e95857b9598d20e9edd2ca0dde0624864c5fc8a443bcefff22735006eb9d6024039e5decce26bad68bf2726b4e908cbf3189dd2658a5f68af493b84522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
ebf9a87a07ac2d16b2ab7158646f17ae

SHA1
e3e2d866586bba3f50345d2e37159530a3faf0d6

SHA256
2c542974389c55739ea944f4395062ac173dc36c24e4fb9bf6c9f283731ad743

SHA512
3eaefea99166150e07c765c22b714cfeb4eaae9102499f7293576623d7bb48561879c1c104c76f897f1ccdf0cf42d960b6e4ab60b39ea5095bceda3a91d7c70f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
c0427fecaaf21c5fc869b753a8ca8b0b

SHA1
12f1b7d7e02b3319367edbc38650ab62b8e37b5b

SHA256
52ebdce96bccb8276237caa01305a34c5aa6b231a7328b823d84735db9b3c7aa

SHA512
0dada4812a62782c44b7f3f886a0da77b5ed33613ed49ff903a5731d6c99ac03b16bc075a2951cd45b47e44237b2ad3abcb7831e9a5dec943adc02a3348765c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
96352d61b501983cf6fe7836ea7ddc6c

SHA1
bbc70a0219d17f88d3f383320afd3dcc56e85ec1

SHA256
ba6eb152b7d945c1a506a60b8abf53143900c738ecdb6e417a38e2d0723ba4cd

SHA512
e75160f6f0f6e38693df817b5f35b91db00aa5184f6a36b7de5741e4f30e6b040ab81025f0319777609e6b3f2dd6734faf59e7ee5efe1be295e5fc3984546b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
24bbda4a0cd54bfbfe519777639435bd

SHA1
1354896f55c09d040f84083c6dffadc40c040517

SHA256
3bc842c60e652369a2320058d0a77d7231395aff5dc6c3fd819498931b7a9a9d

SHA512
30ff0eee5efa3828b3a1e6a7c3731dce61ddd37f3a906144b6262c4e1c0ed50779ca56ecabef8c2ec1c529d1bd44f34d5e3e557dfe52e32b47344fb8ccfe0f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
46f732a444533980cbef4f52fbc92416

SHA1
c1c6c64b66dc932fa984a1aa0ee55bc90c393ef2

SHA256
329ff86fc0686805a0576416cc65e35375141d706b8f9dbe2a4d9f39ca798032

SHA512
4cbe26a8d6ae57a9c82f3487429c3a9a455a39f6c720241a9397ff6a2174696b55abf700103e28bc2348ba14c38d253f19776fb42912fa6fb0765e288ebcfce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0ba44d828fb6b75de1889047c9f62b81

SHA1
7699eca847813795b527a9e88f2d22983f7b25be

SHA256
62b7c7cb671397a79f40f44b002c886e9b0a3e6578676bc92c57bfde2689e5a5

SHA512
4cb5573978755784cb366bd15f3249c8f1a56279e16cc5739dacd55eac7b0dc24576a1ba052f277a3a8f444449089c4450ab6b17678d634d1b6ff17679a3a9f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
257699342c26b112c23f24dda307970c

SHA1
79df842ab8aebab788603b8a5396d5e01ca5c4f1

SHA256
0898bd9ee284cf436ef8818b6063d389090200208633c33a13dd9c61ba2b6fac

SHA512
2f5ab413321c02713b31e3cf2927a2a1732547da428f370c1bd8443a19f70ef95ba1607ec26efeddfd5f2c2352ed6a4c3d654a8604a73772cb110beaf1ae63e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6922f24377b4859ffb6a99d74362c446

SHA1
c0304d164a8122e1513379f8dd26bcb49a5e8710

SHA256
98c5ad2e778ec449bfa88f044b3d53048d3930bddc33c50403ed3e52bd9e03b4

SHA512
bc9d27319e97432822063b6dbb24a27a2cc8fb0ba085165f65219869b0b2c8bd3f8a5e97600e41b7b43ced97317174f925d16f98e33d5a422fa85b6b514ca5d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4e9ed659456efb504482bea300dbb33f

SHA1
eae05e2929fbc996fbb620aa53d6422e67dea234

SHA256
2cd8c48112f65d955bb0920ac33367c4eb0f80df335c6d11f173773509e81323

SHA512
cc8a7c80074f284a5beb52e4288e07f492fe3600c89d63be4f7d74a3a04e2a4f31905f2ac0c1930608eb3065e1a8cfc6730b4071c0b31d6d7f40b162923a8561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b4bfaba4feccff125276ef3bb8c8753c

SHA1
7209a4e84428c62adf1ba9cbba427fdcf1e8222d

SHA256
2a1d91717699b2b380c9b420b37652690c86f2337009d4b8bbd63b8a27df04dd

SHA512
d136e29b9ace07a7da25f77e13de63dae50e38f8145e4b6dabe6fd9e82efac5493e44cff138f680157f05bf0ecea445e27b769e021269aa0bb19a5ce946c89c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
176176813c16ddbf07ed70a77b0ecd80

SHA1
870db32071217802979bff3829d5220fc55efdf5

SHA256
73574a803a151a023a4193c7ef15b0d4c3e385b22b1591f8db35eabaf7a3cd6e

SHA512
71032943aa62f3215ed164658c68b93fc7e7b3f25748a85cf2b9a46bdbd9bcdb544bb7e54caf9bb9df1400609bea02682434b85af59f4627d66c61a95ed93fc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cb0802c5749ccc291327daa067c7872a

SHA1
9d3886c3f0ad20e0bf3d294b6775f4127c4a008d

SHA256
b9c116f0baa7f6125b876e6cff500602bc0aace8c737caa7fd81f0ddfe81c2bd

SHA512
e3520b6da8cd623897433311a95c4b1edc96d450ae32195d169f492935a5dec56ceb3be68208abe91281012d95c635c12285bfd32b03a42ec6be6885dae1d5cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0a849db76b257a1088b41c38c2805acb

SHA1
60b9f6ea6042e13b9f520372a3c536fdd01334f2

SHA256
33f021c08c1d3dbfc9b3ff4ff1eb32148d2066da6566ea65386620cb28de40e5

SHA512
1002c08830a37df8a50682bb8f96e78ec59421c07d84658af9b1879c814b6901c2618874523fdc42a0d85abd513912adb5081d6cbcd7d1951419847774dbc835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5d65bf868e28a7f7680426f1e67f2e60

SHA1
6eb194cd044ad74aaf42350156f97f9630e1e27a

SHA256
dd4e7d37d747b655a792b869eba67062bc96b2df48f617c045ba94f7be4b0258

SHA512
50536ffe010c45598cd95b801471aaa3473104c6ae0a92ec8176387a7859c3ee4be1a1deb80b7dc1473f08ee5cc1816cfbb097d701a78202573b9fde562b83af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
851890d08de308914cb6fda63a636a30

SHA1
313bf6ebeff6a4932a44dc0f81a8f5c41d9b3f37

SHA256
17e767744c5fb88a59b3fc40351943c4136dfb24dcefb4c548d1e5b163729fde

SHA512
861a03083497178263a3084082f94828b41d68e04fc2695877ef0c8d0d50ca8afa8cba46f462195477a2b2701465f3a16fd32d066cd8a6b43f7d952399b4c433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d706c9331c9b1103062e1d80c028f06d

SHA1
82e58cb32c9a6bbed997a2c1dfe51346ce992979

SHA256
7540c50ad7c060064f2b2f2481eff76d86b76722643e1b4990ada3a5b4367952

SHA512
93ea4010c2a6af087785096a6c4350aa1f8e63684eab46958e3101863092d2483d0b029f50e23d5290c9804dac8c40f9bcce0904527dd0fe2496493df84cd69d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9218408c87c65318b13866f1ea58d474

SHA1
e9cfaf88915008ca788f8b75bc2656d5452ab10e

SHA256
2d6f729aaf26da92f3e85532e152cf882ff702e79a6e5d97722f622164018df7

SHA512
2545e1fe2e18e8e3e663e9afd5fe02b56ab8cd1ed0c47421ae643cba4a19ca7b561c9cb5e0b9ec30d87bb0c3d3b58651f1b256f5363cdf8e5cb3476520b103bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
22445c19c897f2c218953bb3e6b23a08

SHA1
99ed0d2776e44cc363083d7e8203a58ced6a3825

SHA256
35dfffe95723a24cb65a574c449a68c8108bd84bbb0132583f435949955f2cd4

SHA512
bc5d8c9e45c5a8a9e39547fa9911fc359ea24465ab6380ce98363796d025102f6728b65a22635fe75bc5df1f01fc501b772c29c5f921a45cb35f81c8de27753c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
832f2ce5a480a30301012357aeb810d1

SHA1
add410017580be2fc0a038d24bcf1f0afd290cba

SHA256
05b8854262d339e58ed04e822d7df17eedc8c14700b4ea2ef83b3ea9f89a991c

SHA512
e75ed4d5309be96a168df3188ad75b623146e2eebaa3a57dd673a083df60dcd98d87839a0ab74931a9997180f3d595702af7461fc6ae945721299c48704eb2ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b9a27fcbe3ac305cc20ede0e5cd09994

SHA1
f9f47c41ad89fd3ed38f01894d05027e59797f3c

SHA256
39be57cc8721a71c36fb8d5dbcf826b37581beb67ff8c8e1e2f413241e1cf03c

SHA512
4a868f0e8eccb69de20bf4ae1bf0e98402cce6db25efd992955aaba45fd3214e25f25efb35361549d14e5b8be818dfd0050898cb9c6fb972aef7eb4de8ba2a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
50e696d5708964256cd0f6bf18b334e7

SHA1
4f9c1d76f56371e212e2fb3eaa7514dfddd5426b

SHA256
e7b9023f23c634e595d2abfa86d9859864e7ce6af9f8476d8ea25784cca035d0

SHA512
3652725a8f5b85346161ea8ec3c69e403f63158fddbfd7d270ae67ee6d3833066bac45cd0fc229b02e862613c2afe03dcdc46330ca16c3203790e33206c5084a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3f5f544f3cb71a3f6c6bfa3e15b3887a

SHA1
cc1e57ecc84cc2bc9b8b921305c210d779e97fb2

SHA256
c36849df18314e0dbccc1901e21364f830baab0c3af387d949e1ea6c576028ec

SHA512
48d4d6f77cea17a299aa702f15a3881ab6881e920de512d0208dd1fb3fbd7e0c1151fd81a94b69663e33e178d10e02f53a376e99e5a43f6d32bf452e869d8c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
38a915603bfce27920ef17491a721b9d

SHA1
9a2eba2447638152bc89563f14e56d0f49112a70

SHA256
ff13d5df855fe5f2df76a362f7b5cb89da39e2c26b8e8feec4b97f1a343b1495

SHA512
491e9b6d3bf3db1a4fdfc7a89f325160a624c7f6a19e233bb39a9c2b636af3ff67730f19a353fed52b74af4b9552081bf3d0ff03fa16a46c2d6446dd16b93f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
996f12d0ec6c8fdff7afd73178944832

SHA1
0f3d8a53cde2281c0882206555109535a04e7fd4

SHA256
1e5402f14365ea16db5802403af29e49e2b71197c749cc5a21aa4ee5fe2e9a96

SHA512
c50f7f53e52973879be829b2e732a50704fbfe9cd898999619e5b115ede23e863b0b47a864a8cf81634b3a2c5fd4726d83e4a9ea0102c88d6553e697635e47cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1c9669d9cf50e3ea301fd7eb90a24ca1

SHA1
a6ef4160b446b9065bb2ba2434a43c5c255365c7

SHA256
ae092f8b5184d74c6a064d175e434160cb02c143eff0892c55f2238061c20c97

SHA512
adc26702b49811f8f97df99118989585095bb7340653f887572e3ea553e5b3cde3dd7a002ea1b7c61399848c0468bd1c9c872bf712e31edd495c67aeab1c159c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c6252ca965f6fd2596f553f68579b6ef

SHA1
225243903ffe782007a80a6c18da99662560bbde

SHA256
b6dd049cfc241377eb034ecbac1532eab72b0fea97f2904451e22f81c5448010

SHA512
3712f79b6094d61888316b529297be98a4ec4720dce455096ac9071e497eaf4aa6be809b4ec73a1c5a4c35cce4af35721227921b96ad73ce11379595ef70f517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1cc5edb1ecaddb378629572484ff793f

SHA1
f49cf0569729753f5377573d96c85f75d117c6d8

SHA256
6c6981bae95598e23216aaa10cafae68ec9d8d0fda95ddbc19c8670dec0e14bf

SHA512
33c987f573fbcbf1a17013db021dcc6bb1076ebd97a04c264660fe68895aeec25af6d98d6d96ce6bc0ebc8ab30ca73fcb7f224cb3fef2c199c79441e4513f6d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e5eb9de456a932705bebe7908601bffc

SHA1
dba4380793d6a02b4a7b414189512f52a1b07977

SHA256
d8eb4bd34eefea6fab3e79d540ea9598469a3c73584b9da072ef27aacd01408d

SHA512
7ad3c734ce8b8b9b7bf701e65eab6da2e6e5ffa4635680c1c7b6d98496d785ec469b626054c3bcb222f36662a1b493462b1fd03ee3c0b86b9f3f219e3e0c0f4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f4bf6ebbd0582830e71588881f830088

SHA1
9fce1e28ad131b42faee0eb4cccd08b6aca43e21

SHA256
3febe98987acaf173d1a08617478d6037f7322b91d1a62d9e568212916cba107

SHA512
c78d4f04212223fcb3f792580cfd07ef6b730d874b8ff42bb534dc5435cc1f55278f2074052595a5eb7b5b9a2575660ecea59db7ff3adb4f8cde27ccaa651473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8df0c3d81e8602760372eaf605ba49d9

SHA1
980f536b8cda08ebdd802f5578526bfe213986b2

SHA256
806815b399188a5d234be145727641b6d12dd61ece47ae47dec303642a846261

SHA512
2db4e68f8f543711a8507aa6971be707ceaaac01c92d0e810a9fc7507ec8b89b4d3dace47da4d352a02df736ba558125a2876d207bf94a080f8365162053ed4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
20942d65182871c7897b198bebf4b182

SHA1
0003454d4c53275d97360e3d1e77432476cff997

SHA256
22742befdca198a12e9ca1dd040ca7b1d4802bef2d52888aaed2036a37c7e33f

SHA512
e3c532974b2747eba45faf82cbe97f1d6989849d5f73a8dde40fe9f7fe26efa50e4a69ce5f2c470742348b941ae823f242a1784d5e68e9c667d5d33c120d6523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
976e702d696fa27a8a8d4c9422e6c1ea

SHA1
1290183bff7fcde96f8ccc67ddc2a1fa812c9f1b

SHA256
c8bc9e6d36b70914fe3d13c93842147223cddbdc8cc0da6443d116f52fedfe86

SHA512
d4552f270ab9a21e4ac1efe8fb9835af90a3e5fc276628022db9b8101e672c8371b1a9444455233540f9f9a7ba4a892bfcae2c9b0744d8f7550849e817528541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
a65810100055acada1b9ddb0809c151b

SHA1
8cb00ed39eef6c7a0ad6207a0f0a9369dfc95929

SHA256
d349f0e92cd9517760f6d4720fbfa35d83528ddffb7800a9def990a9f1a70d32

SHA512
267fc7a0eca9b7e5bfdf603a488842e077c7bda7ddd258851a243470a6698e73741af9d36b62e63377f05a7780b7f2f52c291746746e949fa24a8f541ccb41c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3176_2011614619\3ff10f18-231c-4fc8-b8f1-b7e2b89e5354.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3176_2011614619\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 732461.crdownload

Filesize
78KB

MD5
40ad387a93b7cd81f0f79be861ab93d9

SHA1
4102508d22f1aaa136f881a063ddce8e1e1fac51

SHA256
9f60b978b4e60a70cbc1037acb55ff4f6d61765b30ac2e12cf9cf8b2c51f8347

SHA512
23b1d218b42f973e4adc1b7d9c26df80da86ad38ed0c64d2dd9a5d89c854a947abd506eeeb89778fcd97d4b3f503996fc0f4d06d3def33717ac586d3fbfcfb91

Download Submit
memory/412-3-0x00007FFFC1290000-0x00007FFFC1D51000-memory.dmp

Filesize
10.8MB

Download
memory/412-4-0x000002031FCE0000-0x0000020320208000-memory.dmp

Filesize
5.2MB

Download
memory/412-5-0x00007FFFC1293000-0x00007FFFC1295000-memory.dmp

Filesize
8KB

Download
memory/412-2-0x000002031F5E0000-0x000002031F7A2000-memory.dmp

Filesize
1.8MB

Download
memory/412-0-0x00007FFFC1293000-0x00007FFFC1295000-memory.dmp

Filesize
8KB

Download
memory/412-6-0x00007FFFC1290000-0x00007FFFC1D51000-memory.dmp

Filesize
10.8MB

Download
memory/412-1-0x0000020304E90000-0x0000020304EA8000-memory.dmp

Filesize
96KB

Download