discordrat | 73c42981537f9d240a6ba70c63223856a3c5617b79a75807cd1b35c8a494e8c7

Resubmissions

16/04/2025, 19:00

250416-xn3kbat1b1 10

16/04/2025, 02:56

250416-dfenqssnx7 10

Analysis

max time kernel
73s
max time network
75s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
16/04/2025, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Frieren‮gpj.exe
Size

521KB
MD5

c7a711e7ac56d59c2b1db7df5ce34603
SHA1

c53a78ba223f21c8e045d9217f098bfb03ee8a18
SHA256

73c42981537f9d240a6ba70c63223856a3c5617b79a75807cd1b35c8a494e8c7
SHA512

606a90e1f8a6af3f53148043d02d765158d39c11d84ea3ce304ebbd63ed497459e9419ecf73486e5d5f9facf0dab6947fe721d75103f8c9d8b8c8e490f966941
SSDEEP

12288:ZyveQB/fTHIGaPkKEYzURNAwbAg8XIAVVsaMtJJw6:ZuDXTIGaPhEYzUzA0qpdMfJw6

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM2MTg0MjQwNDY2Mjk2ODQ0Mg.GYjtQQ.2ei7p7gWKcrhkl_MZUCJph57lWBVv-ENjjnMjU
server_id
1361842784121782312

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 1 IoCs

pid	Process
1796	totallysafe.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133893037032139665"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-649025904-2769175349-3954215257-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-649025904-2769175349-3954215257-1000\{20E5349D-8D52-40C0-A3C3-D78DFD92D838}	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1796	totallysafe.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: 33	5540	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5540	AUDIODG.EXE
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3284 wrote to memory of 1796	3284	Frieren‮gpj.exe	78
PID 3284 wrote to memory of 1796	3284	Frieren‮gpj.exe	78
PID 1036 wrote to memory of 2796	1036	chrome.exe	85
PID 1036 wrote to memory of 2796	1036	chrome.exe	85
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5152	1036	chrome.exe	86
PID 1036 wrote to memory of 5716	1036	chrome.exe	87
PID 1036 wrote to memory of 5716	1036	chrome.exe	87
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88
PID 1036 wrote to memory of 2528	1036	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\Frieren‮gpj.exe
"C:\Users\Admin\AppData\Local\Temp\Frieren‮gpj.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3284
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\totallysafe.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\totallysafe.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1796

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2c5cdcf8,0x7ffc2c5cdd04,0x7ffc2c5cdd10
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1876,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1380,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2256 /prefetch:11
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2388,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1804 /prefetch:13
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4176,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4200 /prefetch:9
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4628,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5316,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5280 /prefetch:14
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5420,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5480 /prefetch:14
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5344,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5648,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3524,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3648,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3644 /prefetch:12
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5980,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3584 /prefetch:14
  2⤵
  - Modifies registry class
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5772,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4640 /prefetch:14
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6068,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4720,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5596 /prefetch:14
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3600,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4708 /prefetch:14
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5856,i,792945243050747424,2143493100749769665,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3812 /prefetch:14
  2⤵
  PID:4768

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5540

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
4c7740ea9663e9dcb87aae7d46368ce7

SHA1
9ec4b1629d1e6342be792bd80e16521b79434667

SHA256
1c41fc8d859e1830a6b2a1203343b24be08dadfb343cc3402bc74e1054641820

SHA512
7fcb240b02f424267a8f0b70b1cb1be0e3f9bb33215902e5bebfc7756e9a09bc6a63073b93b0a6d4e826a1841568b3ee969c8065d6bfa3c8b830954edfbe3e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
2aaa6b6c5a0a7d9ad09d8e16e9897f18

SHA1
25985097c698d332bea46839e6de4eca8fb01bd5

SHA256
134f4f4416cca53bb2b92c499a17f5291148dcde11651a90aea5274c75f4a14f

SHA512
5e99049cec61d83f29e42afbafbaf4061c0d4b5e0dc81f5932509b16b8423ffeab0589cdc5d3ca37c4ec5a460c71790712dafe16e3762c79154fde4e247924c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
75e8b9c6162018ae2a6d9f72b0772ac6

SHA1
f708df63b340f8dbe7a01d51add9c0f70cab5ba6

SHA256
93779c2c8dd1fb5b1321cd1bf5721dc7f20bf0058dad7f8ec51dc3ce0e815311

SHA512
8c50f7faf25632e74e9f46ca65a4659dbaa41417d445ef390750cc2c2c95d3cb320076aa0dfd5ec359ac48ddb6c2fa1bacc59abd96f5add73ec7ce3a9f0b39c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
102KB

MD5
7842ace44031406a502d891a5317dd65

SHA1
ba7cf27bab483b0e472a06d06b412dd7a51c7169

SHA256
43c8c7e32c0e0b164467e1c440c98e049610bca538225d0de2be6609c785c252

SHA512
27cbd9149a62adfbcb1acd89b520d72c60525fc4a207242205174df591bb69392b3ceca686e20ee56a37464accb3899f00a8d2eba090960844e25758f9a336ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000008.ldb

Filesize
17KB

MD5
2cf34b77ba2bbb844ae9f2297ccf9a39

SHA1
53f06f4f4b65a9070e16f914a77be257ac33309a

SHA256
7d4ee649c1305aa1a46fcd39c6490477a413512086fe47c9c9a90aabfe4d0ec0

SHA512
9b99b80e55c67e11688aedc5e30b33c791cea972c3e57304d25fd9dd9ec4c0297105cc101160d9aca7986061738f1994f0ade87bacd33a8e01fb167d04424716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000009.log

Filesize
29KB

MD5
e47e9f10ceb7dc3f75f094e9916a1ef9

SHA1
37053cfd7589c602a90e0051d01e995a4c986d47

SHA256
0c9bb2f4513128ffdedb6fee2e0bb57971d755ac833d057a045e73200bc2961f

SHA512
9881a49414a30c5170b6ce2f2f822f3d2dbede1dce3d90620bfec5a6bfb01605e4a370b9d5db43c697c76f8dc723fd0a08881f31e86592262c876439041a6e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000011.ldb

Filesize
12KB

MD5
b665b3ffa930413b0ae18fe354980767

SHA1
245ec11a4282de819bce9d3f5bcc6363b1bc1c2d

SHA256
75323da07475a5572ec13d4051aebfa244bd2fd529268364b18e2104ffdb1919

SHA512
a6b49303b3f9c8ad43831b433d63a7918b24e5fd19eec8097c74495757967b1db8f1cbc856178c653283957f83148f039c3959a03c5ea3d5cdfc48667c9b3917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

Filesize
351B

MD5
df755d242afb44e70581cef13a7f9ad5

SHA1
fc738cd538b183d4c891f6f9aaa528e095ac7f0b

SHA256
80ef27759b3c1f36c3079923fca71dcfb287cf4321938ff09b61838e2872e784

SHA512
473306b01fae935c39bca6b119c1f7c2c101965065a07da0533a24877e33040888df353814b661670ce770e122b9bc0bc7c59c2aebfa24789a1f4e6eb8ad4259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

Filesize
3KB

MD5
ae926c1252ddf397573d4323dd9ed918

SHA1
c54afb0d54215a728f9e4859feee81c1fe8e707c

SHA256
5037b4ecbcf3e2eccff1fa12d523e5d90981ec1e0a93374bfe48028a6dba42ca

SHA512
663feaf8603111a776b932e1a9e8600fc852627231ea55a8a46ba1cab61b665e5c48cefdef30160ffb597ff116c5371c3f29427e1ebb90b594d7077fdb69180b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
600B

MD5
f81098dc5acddea590f9d07dc73c920d

SHA1
839a610929a93528746f68c9b569b6a7ea5e856b

SHA256
bead7e2bdfcfd47a57768779f73c701db527e547a6b70cfb0fd2f6bfdf60d893

SHA512
3e90937a08e19c71c6c42302e5e789f01d2d8089e39b071e8efe011f04d3267afb93793c74ae1a405c56c9a1472f2b7b6db83a266d7d7cd06fc969227af68662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c4d5342194da434637b600dceca3e498

SHA1
df65a92dd3bfdc6a30eae8c8c5e2e3374bc0efc8

SHA256
c4c7689b7f4eab2dbce8788ccffbe2ee5da98023adecaf12091e1db7b9dce1a5

SHA512
bee3b3cfa802f69b9e33355970a11fc2ab7c26d85600e09b1bd55f0a3e46bc080b8c996becd116635780f671800bd5e69ed438e466732fcfee9b3bf6c1b7b89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
db7555903a38b35f905526bd0d6026a5

SHA1
59d2df3a9739a63a03879254060eeb672f5e447d

SHA256
5f542395d799e30462d8174026a01a41c2458a4ec56e2f709689dff2ded0e8c0

SHA512
09acb6c39b3b4fdd3908dcd6f61c6127bc62a37605fc3c4187434bab5f326a010711ba9487089b2377fb584711c4a7e07ec174eb41736829c177117a15368a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fea6642a0f1705fca041b4475ed8c785

SHA1
c83c452bf0cf2b9d9e94743b71d6bd765dfd6e00

SHA256
9fb303feb4aadeecead62f4a92483478fedeb14daab87b6e5cc96355e72063ea

SHA512
1403c74a595bb1704f70217d18aa8019ba80ac4de0689c64eccfe0678448a764c7fe62c9acda30a864425a04a1e1d986d4594b235898162acc22c90131132c05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5002b7db835c85a5c80b1b13da333bf8

SHA1
6569b319703d7957e1c94eef10a540fd44ec4ad6

SHA256
504d89d0e67d742f7100b9fd8e43f56508160df1ce2ca4416f1a83762f6f9c71

SHA512
d785388496dfc77bc589d932e19b0bb1a252a3c838b9182a3d4f3e0836daa6b19bdb1f1cbf89ae15f1cb907d582874cf86c6c67dcfee4a2cd6a0484060cca5dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ddb01e63658284ba86750d2ffd6df13

SHA1
e67e6afec02f97abbd4eed71a8981993d543adc0

SHA256
a6d571f96f775149d78d1daac7e1deb1cd8fe5b8245af06fdd63c31ba264097c

SHA512
047b7b0a7e0a59f6d07a076c0acc32f67a588ab76178a613ca86562a9b394649fe60e8dbe9a7d469bb43d25713ae349e34e23d8b034d50cc0170edc1e49f11be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2e35d5bfd33f212747230a60deb7864f

SHA1
763d2bba5047aaf5d3902d9fee5dfd6888d6401a

SHA256
cb2e01fd2e1f231d7bf86329307e869214de78a87f97c19609c1e920e98a19b1

SHA512
e0911b7bc11276cba42eb81fa7049dd366741f27c03cd270fa1e1ed886ccfa75c04d0a0c2452dbb8fd31d22b2e1f85ec3bc8fd0aa7a2c41472111ce6973dff2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0cdbd8cb-7262-48ba-9f61-675ab88dc93d\f8cca0d38eeb38e3_0

Filesize
2KB

MD5
013a9ede43c9ee0b05eb39ea2882f226

SHA1
fec741907f4e9615cece870c751a13d1d30e9180

SHA256
f2a3b606a6fd3609b3aafeff21456611f0d0e296bcacce33c064ffd4e9c67fa3

SHA512
fc1d5f100994f2ef37a2bfcf27a626420131958458c369ae717e93ee1a69c953d05b1095b31edbc803b726d5616812f300735a4dd52155c2d536f2445e1f1a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0cdbd8cb-7262-48ba-9f61-675ab88dc93d\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0cdbd8cb-7262-48ba-9f61-675ab88dc93d\index-dir\the-real-index

Filesize
576B

MD5
e8a81ef14ddad68350796c83c7451f81

SHA1
793f49f60b8fab81b1d8993d6d0e830786759fad

SHA256
6122bd55ef9a9bd88cb6c8bd7715cf615ba77c78f9d8680dc733d9581d9d29b2

SHA512
9f9e2d04af253dd6ba3afbcac8ebe03ac88f98bfe12b3feb0326de241a3346b0093a19eb81fddebdcd2bc04b75d46e376f73c24c94bf1f264a30077f1c7a3a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0cdbd8cb-7262-48ba-9f61-675ab88dc93d\index-dir\the-real-index~RFe589bfd.TMP

Filesize
48B

MD5
dce406a73c7b7d4c580f741cbddb90fa

SHA1
b3563d5488a832e6290f45f05ce7f07ef9c4fc04

SHA256
f201dc6e0f01d0472ed492c5aa186d965739de199f59f76615d26a878ecc370d

SHA512
4e8c69cd1aa677e3d4cd076ae07fb6446c10ebcb233d07426aaf4f2fc2eb1b95de440697037a2340d9db35e3fbdca4dd99fafb3507dc26cb7081f4c4680dc655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2bf92032-b9e6-4911-80f4-90ab1b3a5289\index-dir\the-real-index

Filesize
2KB

MD5
c7c670282be8e55face9cf553aca520e

SHA1
a5c075671fd0e32dbba7081d4546ff8e0f1b4e77

SHA256
e0cafe1a79d352ff14b208bf68f8cbb67edd2b96f0375aa61681f62b99c80b50

SHA512
e7d1d69a65d22c4b85f0f28b074b148020f1cf98c2041b142fd8444dbb8dcd1806bb9ef3975f8b29697da4f483248799b3a2dfb8257e42e3a5bba62045018e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2bf92032-b9e6-4911-80f4-90ab1b3a5289\index-dir\the-real-index

Filesize
2KB

MD5
f3eab0ac4dff557dbc643b020fb6b2f1

SHA1
bc6310c6c9d13845a7615a3e55bb9398d4b23ab8

SHA256
b4f3d1ed6d28cfd3f8d61d7d8f2e54d46a480d4b942aef5906635c1dc734fb9e

SHA512
1c86f39a5ee4736d6a34e2fcd4c1829ae590279ff7f7365c44e8ec375e3ddf4e94620caaa7a522dff367a5cd3e10996da9c5de9195b26f2619676cd9a0890093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2bf92032-b9e6-4911-80f4-90ab1b3a5289\index-dir\the-real-index~RFe584d40.TMP

Filesize
48B

MD5
d0d72793ff7bb2763c59336ee49fa5b0

SHA1
8a66a5fa829a5f726d95b28153d67c9320ba925b

SHA256
97f6131857d6b79926a5769a7e5cfab523d1e86b6fdd8a2c5c82cd5bb38fafee

SHA512
20f34781e20c187f332dd0a5eeb56495c8c590f8e58d4a56780ccdcc7e8884df16e926bd7bf6893ca1ae761d6f4c04b39a43c7ac92dbcc33ff72af518af49ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
8edef8ed5255d5a05e88d208f14ccfd6

SHA1
f50555e969398f31a940034b9ee74abd38a6207b

SHA256
219d7e87e5ec3ca0e991564e57db241e8ad708a501ef6c2a0fdabf96699e1e21

SHA512
8b0fd0e6fbef42385dd2a8bd76b897a2898346f3fb6399d045cede0daad905edef59ef07accc21fbb8f7dc9ebf076d5cec4662165a13f950bde1e8b836212f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
f0e1b089f76580873a666aa2352ba1cb

SHA1
bf57981593d625cf6056a50851ba6e1633a958db

SHA256
92f1a6dc292256d8d81f42208e16dc42bb544e907dc486fa1a2cf879ace43716

SHA512
879866142cdf6087fa91723d91573c63687102c97be47166e9f573239d8ac7496aed1171f7338802e83c95fe891f78e3c2f4b607efb2b806f496f3b11ed97e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
9b5112f4f23ca8d422ec75438b3dab5d

SHA1
f3f3a78972f25ed04df205cd1ed45824cc8ca14d

SHA256
d7c60dc9f7854ef8e42606d3a439d85ea93a0962f613d884a7098209b8c742b7

SHA512
1fcb616b12deacb7cf0346869bb9f893f5cdc1a49017f38bc35eccffc57ec40dedd9a51be7c216a28b8ac1e1e5e2587c063690e762de7a5ddaa398687a1a8c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
d29bcfacc573591a290ba9391fa2cbf2

SHA1
019e453c5ecc9f07d5886d4900ffcc588d4dd994

SHA256
b17d66054de3955c29905f5df15ff3e26ea1d18d45eb2cd464747ee43b5160cc

SHA512
3ada7e3e0f0ec216fd8d3d4b6dea5ae3d3a2df52bc988570fe9f20650140ce383c6c74ed04ffa5d6ef724c7a7d0623cdd2c98eb53023bc03e7a0ba0cb12f974d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
262B

MD5
8b4fd41d10510d4c42f48f0e8ab30ff6

SHA1
3d66e5baaf953a24e48c6f455d0db9c79f49555b

SHA256
f9b3693b8cefca8ad06ade9c24ac056845de7385d0dc696fa3c7a117a57f52e7

SHA512
622376df741d3409c95ce4a77f4baaf2e12be2224ec03dec564c6355d814bcd6fe7b33360b6a0973d28fde63d17211e5655fdc5d15741098546c5ba2bd8050ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
590cdc9397c97e70dbd63f452a0b46b4

SHA1
ed77ea8fd47346c04829ff79600ffb9cdedd0383

SHA256
bd21184c056d808411327f326e05e0e7b98b64d010724ac6d09b7eaf361041b8

SHA512
1f1e85a04b86e920d2368d35021a712cd48e2959c1f3132128dd6e559c6351ce2065663c47abeee28955317cf707b73dbe55f70bfcc45fddeaf70a00734e3188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
269B

MD5
1c61dbd3283999a5bed045b0f1fabb57

SHA1
839a3fd0fbb0147590839beb724bd8c76d285dbc

SHA256
bf1f9e36e886ae4add1f45f0974373e030a29f75da72a4f8e9df4c5440ced8b4

SHA512
2ca57876ea22aa545fb266953d38f571ca720150b365104b682b92c22c628e8e8af7fdac24487688d998f4e359bcab54569b67d74c5c6b0e33dd5ca81da66248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5837e4.TMP

Filesize
119B

MD5
f8f9cc4e899f79243546be5738cfb040

SHA1
2fd7a396da68c207968170f0af72069e5cbb6e5b

SHA256
119cbd04d260146a6c3c3d70e01e981eb8227a65ac53f6811c41f7609b8e4bf9

SHA512
79c4528b06b796ee648db0318144d85b76f096630fb6df7fb949293d470e49313fb73e2fc156615d2271fc3002da652c081d779cedd08d63a4c789157aff9c76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
593fe45d49d9cfd534ed5fdb66609a97

SHA1
59ccf93fb3a19dd55b723f59d8d5b12efd933c62

SHA256
2a9a110461cbd7bd04a843ca6895ca92d5711e3619e71765bd88dc1e57770663

SHA512
7fd4c79b9c9e6fe1c4b8e3a66ab1e235b11e18684041e13081ee58b6b931db7551973978545b0951af6f224170eb4d797fd5eb75755835c70d6d9b857251bc93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589bfd.TMP

Filesize
48B

MD5
b46f1521a8e38c3540e76cc37466478a

SHA1
af3852e1ef4cfee2d73109b9c505c3dc462ecbb3

SHA256
d41006a2abf3030dc91e3c0478806f6ef0f06241be7c4833bed20befb589d280

SHA512
fe7ed2f85fe245d25d8f868c3c18eb150372d8f79a236d42315dd51bf11f3af1ee63f28eede71cdda0a1075c913700f2f30c0df17b2d76ee10103e4a506d8859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
890328ab5323bbf440d2219d96657402

SHA1
23e7e98c1f6dfaf594a3724f8a62e0e7f4149f9c

SHA256
2735c2b461ed301b5468b6b5e4e4d98d962affa9c1e2e6c7f0848a846c5f8203

SHA512
faef8e90a39b99abf046fe813adf96a63bf9ca4e1516b6f5ee746fee7e1beefa69fa7e5d3e49c1f66ec9ae22cd50bb8404b4abf35b577ef2984f2c8ef23999ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
234b47de602e153bacc5126a9e04d5f1

SHA1
f3638673510b1f9f2100da253b7b8ca0ffc25b9a

SHA256
eb1eb5f6216b8181bfaeb963131fe9e26d08fba1bd91b7b487b51fb1b6d0402a

SHA512
6e01321ec0bec28861caf4804a77ed373552baba4e365109f4f0afb71053a470cdd6c51cbcb5b1cf86e2ce417c04feff53b7e0542c12a306d7b73e35a6d26cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
f56c216371d4fc36f44093add3967e41

SHA1
1ecef99ff46ce2c7bd585036227fb01258b1a8f0

SHA256
09bfe07f8380d830c0f858ac8bf9ca8a73b8530ca6e9ae91f7f97b7777f40451

SHA512
8dce1e958abf98cc355a85793f5ce92b423dae4daccf093a5439059743794092dffc01f200499b0f0a8cce39bd4a36ef0c3a91e6ecf21d8569b5993162297285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
6de7a694fc0740cf2a6ce27f4024c62b

SHA1
3a087cb8b45066e56832f04e96fc5f06ede61275

SHA256
6efc38db6ca25e50a668518685b787efefe7e8abdb81de408f237c810214b34e

SHA512
229ee48c773ca990fab6ff4b4f2efb717b1a9fa917e8377969afe2a14930b1abf6ee8bb478d8684e0299cf220cd4b658b4cb8cce1eb96312236c58022de508eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\ad072c3b-59b1-42ae-94e4-78a7c36fd335.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\totallysafe.exe

Filesize
78KB

MD5
88d8db58a849f0097eb3285a7378b36a

SHA1
ca77580d74105d3b7f7b8d3c1aa1b404d2c10908

SHA256
685f01f68c7d471f91a8bc0f00425523dd47e990fdf4995b50bb68b375e4ffc2

SHA512
def5475d7c5f3953eca4120528151f699317103bb42e6d4f49dac2c38117cb3f83cf736b5f1cd694df6eb93cf1a20e8b021d71cef39d844b7488692bb33a378b

Download Submit
memory/1796-19-0x00007FFC31233000-0x00007FFC31235000-memory.dmp

Filesize
8KB

Download
memory/1796-18-0x000002C8FAD40000-0x000002C8FB268000-memory.dmp

Filesize
5.2MB

Download
memory/1796-17-0x00007FFC31230000-0x00007FFC31CF2000-memory.dmp

Filesize
10.8MB

Download
memory/1796-16-0x000002C8F9BC0000-0x000002C8F9D82000-memory.dmp

Filesize
1.8MB

Download
memory/1796-20-0x00007FFC31230000-0x00007FFC31CF2000-memory.dmp

Filesize
10.8MB

Download
memory/1796-15-0x000002C8F7320000-0x000002C8F7338000-memory.dmp

Filesize
96KB

Download
memory/1796-14-0x00007FFC31233000-0x00007FFC31235000-memory.dmp

Filesize
8KB

Download