discordrat | hxxps://gofile[.]io/d/q53ONj

Analysis

max time kernel
150s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
24/02/2024, 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/q53ONj

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMDgzNjc5NDA3ODEzODQyOA.GgKT2b.J-maPVNYEEacNu5b8gdDhofFIg1tLnnX2sBi5M
server_id
1210837246392139777

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 1 IoCs

pid	Process
2456	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
21	discord.com
6	discord.com
17	discord.com
19	discord.com
20	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
856	ipconfig.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532314954310831"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
3580	chrome.exe
3580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeDebugPrivilege	2456	Client-built.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe
Token: SeCreatePagefilePrivilege	1756	chrome.exe
Token: SeShutdownPrivilege	1756	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe
1756	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 324	1756	chrome.exe	78
PID 1756 wrote to memory of 324	1756	chrome.exe	78
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 4436	1756	chrome.exe	81
PID 1756 wrote to memory of 2792	1756	chrome.exe	80
PID 1756 wrote to memory of 2792	1756	chrome.exe	80
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82
PID 1756 wrote to memory of 3464	1756	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/q53ONj
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb98929758,0x7ffb98929768,0x7ffb98929778
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:2
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3676 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5248 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5476 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2456
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe" /C ipconfig
    3⤵
    PID:3716
  - - C:\Windows\system32\ipconfig.exe
      ipconfig
      4⤵
      Gathers network information
      PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3640 --field-trial-handle=1836,i,16991758951813778129,75073487665726429,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
cc24ae4c844096d76d7742377a81a292

SHA1
5c14cfe3ef6aea257b0e8a6ba2614703f1fb48f7

SHA256
0d1987ca898e02b0d1c9183dc23f32de6d8f61bc72c4b7f8c2863604d9cdf1a7

SHA512
e4a8696918b97e31d266ec9723cb99cc62048ac3bb0f9f5b982ccded71ac9fa16640bcf5b62a97f6df131d27d8559f337867fbf93991d1830e6c6b23d540dbd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f9fb7d37584c3590f6a1318dfedcdd2b

SHA1
2fc903c345725b6611a06b1c45a6d7b80129fa2f

SHA256
2349b9bc8687fc1529b185acd3c5a3e4184c8671db3a424e96eb90d85a134b29

SHA512
e431be815b5fc24c4f2c8e74edfce1c6adcb78268bcd38485217b730b490ae9f7f0c3178c780b05b0d3ff570d0f1b0ae334b3c6a93f15b6c254ca8df4adef0be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
ed0c7346b13859d685008e3e0447432a

SHA1
1343203a54956dd5486588f9d5c0e598dd22a8ef

SHA256
7308eb3c979be732bf13c0cc6efcc19febd98f0d4d829767e96bd875ce2de9c1

SHA512
f90f9475cfd5631b3c8c05b47c5496889565330658edd7f58699046bca385e52465a1d184f40b785c4f0cc8642d93ec82b840695acfe9596d9977f88d04bb9e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
25c1f68a4d9a11437b646b78356a90a8

SHA1
bb2cc5b1284f570e511bf0abbe9f78729903f229

SHA256
a065213e38252628de640ad90c2dd20be74145d57754462de3cd37268f086f78

SHA512
82654c30e670739d630213f2d358447f6f0b6758c813d4515b7bd1eadc2e09af07332f3583db1d6e511434a86180fa7e747cdc21c641cd11c06fb1eec0e66588

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
0862ca749b61fa9cb80397ed22646bf0

SHA1
6b48c0c71c781094acf6864254b436c0531336c9

SHA256
d4cfea2fe3210a05c75eb9c64d24c930df43ec5511a8c07d666a8271426206cf

SHA512
94f2b3f2658ffd4a7158a1e466c0082dbb26ffd3e7611ec0eaf38cd0e8c13f79c3c7aad3afc24085be38a6fea0ddd074b1c15b54238d370a4b2fb0f6d84f5bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
38d585eb4930ea63b3fbafaba02c50fa

SHA1
467fa56234b97006af793eb5a49d9e61942837f9

SHA256
2b5da8ad6374e829063dcb3042ad8720b5110fac173c8f4c815eaadee5c68fe0

SHA512
9870a3fe2fda40c8dbc9bcc1f3531dc28679efa1568bdf55f46db74163720ca684b271bfc0824a27b4e7bebde3725c16bfaaa13c24074cd02a17cf94416c0661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
3266b717c69c2b2a87075083decc8d1b

SHA1
e0c927f1543c6239e072c94338156b13ee55cc3b

SHA256
01a35ade096386abcb5f73aeb9e5394bb022e3b3176ab53804880488a83fd216

SHA512
c9212bbc269379854d89f2e9b9bb4ae22c5d6439caa3152fb570259b552a96227acf58273d6fa32cd635993f507bfc57102654f439ee095b4023d66dbc1ee1f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
053ce06c7200a131f67530eff91d9c97

SHA1
12b081d405d97204efcba41620c297542d1a6712

SHA256
6301a8a12047f77c1da304aefbff061b6514abf82c477ad0cc25b51fe9adc25f

SHA512
b8ba059e9060a30528530035e0052e34246e0f3af9428fd9da01c151c637a78405d50f8c86d73c4396c0e8925f24b254f1965dba30c17149d3e6a19eb21e4452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 905612.crdownload

Filesize
78KB

MD5
1cefa98b5bf75be1e1d34c4f1a68e14b

SHA1
11886135577f793e0a10047fba487d3f0b5e57d3

SHA256
43bf9cd6249c42085e128aaf8040a5760c97e548a6ab57a6aec87980a665b4e0

SHA512
3401006a689288a2443589e439edf0752ac6a884c78cd2549badeab81888ac3681c95a491e78421600a0875a2dce827dcbee830f27a81482747a7fd666f4e981

Download Submit
memory/2456-90-0x0000018A40A60000-0x0000018A40A70000-memory.dmp

Filesize
64KB

Download
memory/2456-101-0x0000018A5AE50000-0x0000018A5AEF8000-memory.dmp

Filesize
672KB

Download
memory/2456-96-0x0000018A5B380000-0x0000018A5B8A8000-memory.dmp

Filesize
5.2MB

Download
memory/2456-112-0x00007FFB84010000-0x00007FFB84AD2000-memory.dmp

Filesize
10.8MB

Download
memory/2456-113-0x0000018A40A60000-0x0000018A40A70000-memory.dmp

Filesize
64KB

Download
memory/2456-89-0x00007FFB84010000-0x00007FFB84AD2000-memory.dmp

Filesize
10.8MB

Download
memory/2456-88-0x0000018A5AC80000-0x0000018A5AE42000-memory.dmp

Filesize
1.8MB

Download
memory/2456-87-0x0000018A40510000-0x0000018A40528000-memory.dmp

Filesize
96KB

Download