Malware Analysis Report

2024-11-16 13:07

Sample ID 240324-ygg6gaff62
Target Client-built.exe
SHA256 a938ff9ba13e88cd2989b4e7c4ec27805242a5da86d23d6ff7fbe0a1a868ba4f
Tags
discordrat persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a938ff9ba13e88cd2989b4e7c4ec27805242a5da86d23d6ff7fbe0a1a868ba4f

Threat Level: Known bad

The file Client-built.exe was found to be: Known bad.

Malicious Activity Summary

discordrat persistence rat rootkit stealer

Discordrat family

Discord RAT

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-03-24 19:45

Signatures

Discordrat family

discordrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-24 19:45

Reported

2024-03-24 19:47

Platform

win7-20240221-en

Max time kernel

119s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1916 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\Client-built.exe C:\Windows\system32\WerFault.exe
PID 1916 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\Client-built.exe C:\Windows\system32\WerFault.exe
PID 1916 wrote to memory of 2092 N/A C:\Users\Admin\AppData\Local\Temp\Client-built.exe C:\Windows\system32\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Client-built.exe

"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1916 -s 600

Network

N/A

Files

memory/1916-0-0x000000013F100000-0x000000013F118000-memory.dmp

memory/1916-1-0x000007FEF6170000-0x000007FEF6B5C000-memory.dmp

memory/1916-2-0x000000001B960000-0x000000001B9E0000-memory.dmp

memory/1916-3-0x000007FEF6170000-0x000007FEF6B5C000-memory.dmp

memory/1916-4-0x000000001B960000-0x000000001B9E0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-24 19:45

Reported

2024-03-24 19:48

Platform

win10v2004-20240319-en

Max time kernel

157s

Max time network

171s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client-built.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Client-built.exe

"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffd13cd9758,0x7ffd13cd9768,0x7ffd13cd9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2312 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4652 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6410d7688,0x7ff6410d7698,0x7ff6410d76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=5168 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3456 --field-trial-handle=3536,i,10914981530159316853,12381340356750224673,262144 --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=956 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=1804 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=5744 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=6084 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5948 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3164 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4012 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5748 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=1916 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4636 --field-trial-handle=1844,i,16427402130899792819,1679038878845868490,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.135.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.46:443 clients2.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 142.250.200.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.187.195:443 id.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.14:443 apis.google.com tcp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.178.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 35.179.17.96.in-addr.arpa udp
GB 142.250.187.195:443 id.google.com udp
US 8.8.8.8:53 workupload.com udp
DE 5.9.116.176:443 workupload.com tcp
DE 5.9.116.176:443 workupload.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 t.workupload.com udp
US 8.8.8.8:53 176.116.9.5.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
DE 5.9.116.176:443 workupload.com tcp
DE 5.9.116.176:443 workupload.com tcp
DE 49.13.126.162:443 t.workupload.com tcp
DE 5.9.116.176:443 workupload.com tcp
DE 5.9.116.176:443 workupload.com tcp
US 8.8.8.8:53 162.126.13.49.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 polyfill.archive.org udp
US 207.241.239.242:443 polyfill.archive.org tcp
US 8.8.8.8:53 2.224.241.207.in-addr.arpa udp
US 8.8.8.8:53 analytics.archive.org udp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 242.239.241.207.in-addr.arpa udp
US 8.8.8.8:53 195.225.241.207.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp

Files

memory/3620-0-0x000001A6CB420000-0x000001A6CB438000-memory.dmp

memory/3620-1-0x000001A6E5AD0000-0x000001A6E5C92000-memory.dmp

memory/3620-2-0x00007FFD12BD0000-0x00007FFD13691000-memory.dmp

memory/3620-3-0x000001A6E5AB0000-0x000001A6E5AC0000-memory.dmp

memory/3620-4-0x000001A6E6D50000-0x000001A6E7278000-memory.dmp

\??\pipe\crashpad_3376_ISXGCOYIUEXQDQLI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 5e28e72b443ded036a4cf369d0dda3bf
SHA1 0500de4480a54243b12d096745c6ba04c9479e66
SHA256 15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e
SHA512 7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d28b3368b7d2ebb555403bbb31fb3b46
SHA1 915216b851ade2119a7991fc363b0da414991166
SHA256 0170413e0b64bad329c7fb25db7df9632655cf61e787d489f7e6dd99dfe0f054
SHA512 2494daf5269ab53185a79ce296dd0e10e190a95f8be15a891ff31106b37dff93d77303ff02ab6913d4ab943d874c0899154e3d8960c9cf1e7f283db0dfed8828

memory/3620-29-0x00007FFD12BD0000-0x00007FFD13691000-memory.dmp

memory/3620-30-0x000001A6E5AB0000-0x000001A6E5AC0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 63eaa5d935a56bf0d05a622b82146ad6
SHA1 229fec8a96b67b4c955ef72b48327699b4aae28e
SHA256 6dce70eed590c8ca32b58c9a2508d4a23102fb480f12fc52a03fcc9fd6b462a0
SHA512 f419cbf52b420041585983d714d0591d491fe76cd5735babeca187dcf8050c070bb136108e9878060812fcfcf3a3efd676a45ae6f0ac8a55463b8c8f536f7400

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7ffe92cda82fd1b6b41e26f151dc056c
SHA1 24f89abb15ea09e60a3811e618fac55c3e85963b
SHA256 db30c24fe98633d64964e0ccbbb27aa124d1bc4676a90c766eea92668d711d5b
SHA512 8696505138f877df69d21fb1928e39134a9a7904b6bab5b8c8fd3565db7a0bff51efa91e9cc782fff4943a9bef43e333ed2d4b340dac1cebffdfa09db36e56e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 642b4236ea55617e7f100bd0dbb25955
SHA1 534f7e1f88cf00c1ccee37ad528228b2988670a0
SHA256 d8a86f8b3d7413b05498d033b7f65e896966ba56bc46fc6fa00899f607e5e4e0
SHA512 49b6f2c8d2c63aeb0c6d7200e266fa148e01e61dc2b2b4095c0d3dab4f87f9c214aaff660c8c8a492f1ec341fd25972934c1c29377b77cb0ca8d4958d1b0b4ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 6bd71ff3cd333e273bdd5ec29ea3f085
SHA1 82de09bfc264940c8d337442cb00a18c7169fcd7
SHA256 262f0b54dbf6a1c99fe6f49f6d4b8bd1d33e5939dd96389e3bcfe754e044d146
SHA512 ee286269a66bffb743c8e938dc5aea0285b721e8b280ece23290da89f1d17b93825476ef85ed703f35f0879a032e44a19fad694e75959712df6c19bbcf7ec676

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 76482ac3875ee9d975aba36b849aea00
SHA1 af5904a237d84fc0e647a3737f54a07e977e08e8
SHA256 59a4f004d6c66bbed8379150e427518de1b56ba21c2f2edd34d237187247de2d
SHA512 a7422e70822542a803adc4437ec676459761c65aadf1152925066955278d734337c4698c564ad47dafb591470a8158fae7ee42ab5258cb52935f5b239a2ebbf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 a99e549251ac714127a20ad8b24ea0fc
SHA1 228e3e9c534e49f4086aef9e6421d4ea168dca5e
SHA256 3d800949d00c2042c9aaaa173b8e29dbb30dfc409d0199f5fc5630d03cc0dc71
SHA512 0a0d8427c6583382695d97550dac46864e2d6976cf071b8b9f2d8f9d8abdee8f853de6e7caa10a861fb0be5959ce580b39119e659daa3ed1e12ed5d62f0ae4d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 d6deb1dc37ab1ee36cf0740cd6b6a7df
SHA1 cb5db70615edd71285a2f3057d60795c3a6eaa5b
SHA256 38e3d1ead1992c6cf537c86553543bcf1ded8527c25332ef4f789cf1fe4ca521
SHA512 dca6edc2024193e0c2ae5abd0db1e780f5fc63993446bad274e6188a7aa7612777addaf1c286d8529d116cc9ed5e0d90acd56fac2dc0a0e2eb5dedfb619820c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 2ee7861095a9a7dfe75c61db066b24b6
SHA1 09564a80c47faa61da2290d0ff1824b1a771854f
SHA256 2a72a7af6bc09c7dc2ebdac83dbd08229917e2e4a5a915fa71f1218666aca82d
SHA512 897d01f9e12c5c2b927d50888c58dd71f346ae521615686568aab35c5a1727ceaf3b3eb63a4558a18410926789b8f373436aac2bf3ea579e2e1f61225778be6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 6bb3ce0aba7285eb61657169b8b52bfe
SHA1 d05094a9121846f85852882824ef89966a7022f3
SHA256 2b7cccbb06d0497e97e00646fd2e078f9d130137035000956fe535e9acefde54
SHA512 0c79801e0e46319490493c73b15d8331dbfcb0a6ec4d47720077ee99ed389b675b48e8447cd73bc878d44674a5e4fc5f344f058c396348303dce7296b339bf6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 c96bb38ca6650c5dd7b91707aa800641
SHA1 f4239097cf6f56b5bb0b314265e958ef03caa8ed
SHA256 d7fe4e9179e39587edb7aefeeeb7f8ffa6c1bf1ae262907183b3f4b4cdabf31a
SHA512 f71460d2bd5c88a9904b4d36ec1da8e1132f10e1cde914402d53ecc3f1667c8f7cc97b47ae31c59425be986c7ffe560a9abf4005be5a32f62c5da7c308d0d553

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 ed0732edaa5f4bfd8e055f4c5b521e56
SHA1 119e745f20e7bc49b7b94ad66cb76cffdffa9d81
SHA256 5ee3a3ccbf63e813c66c92280a78e68900bc4e231c30bc5fbfe29d844cc6d208
SHA512 5c64b7cc92b149cc3c7e7d65982702d2bb0c8d6c79199fd2b30d2dae893c4cf173565c58ba68d25ebf640fa4a20023245f337f6ac774424061ea8d3ff6ca6688

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 08d230ba31b9bde4b200ee6dd5fdf867
SHA1 f5300ecc13d854e4c33d6fff4659cf97d95da0f5
SHA256 9d92d28c916accd78a44a9bdfb49a4e506d42de0ada1150286c5de25a762550c
SHA512 e9949a1569b2c05d12e25b906a1afe24d3dd8785fa91a4c792f32e6ec6681c1ac238417010548945b652a8d7bf9d8e5aa806cc1baedb17a506de3f66c9ab5434

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 340c1f458cead9bcff7e11e3791d48ea
SHA1 412347d6bb1ee30842125b781fcae96c349becad
SHA256 90dbd0a96b332c7448163e27a7073c321053a46b16647460da4dc39ac7f70880
SHA512 d310dd886d25178d38d3cf4d09139e1ddd3014286628cfa4945e41e74c50c904fef75e0922556f71c415c9fbcb87e1dc6d3145269cd8661531578c3195f711cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 3183c12b91a557c775b63826d4591f64
SHA1 8cff0c4c0eb2312775d5eb772eeb8060eb21a062
SHA256 136e36a3d02eb14712c6c13e469fb064453ed737f1c4164e512929f0e1f8bd6b
SHA512 baefc8c5d7eb59b188ada02d946f88d4f3b59be1de5a8811a45e8309da6031e514ed952b56136dd05fcecff42a32c096d485210503aa97f6c874ee13fb15111c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 121098ea21a63694468918018d2b0c9f
SHA1 c81c37fb5ce7589e66aa00a389e936bad8f920de
SHA256 fd010ebd794e8495c92637e765f0cfd8781aa7c0947c2025624d2ddf4f282008
SHA512 8e17339b6a942d2a9d45db8a6dca6802b207a1139fe6ab426371646425854671c2de5cb5fd0bc01517d6c672d21accd8b30d34c09d1471bb2e2a019868b792b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 ad423ec6d79640148e29af1c496da5f1
SHA1 88403831fa182b5770ea501b4ef95bd699185846
SHA256 e41b60c6763e5d0a70dd3b031359b0b31f82e03c08390e854bc87c48bc7b8546
SHA512 74969e0b562e1466059b80220992f9c3f2efd3834373c6d31a2c02467196a5da8c1e415a5d93053e4b1b3b87cb59a6a16cf8e382579396fc41ca0f5d3ef318f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 ce044f273566a41ebd13f4194e00d5ed
SHA1 03113d7c0c6907f786f89aec3fa147ab3fc3feb9
SHA256 d5c9440c4a62c72dd0f54ceb4411e674e9c8f158fcce381ed3145e9b70067198
SHA512 ae766ab169e5bbf2085c56f4a98d4f24627b7291dcac2de4cc18ad5681e038f6602e5cd5b5ff19492550bc3b1d028985c112b9671a57b39e0cfe8141b30dd95a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 995c0023711d2031a467963960f29e2a
SHA1 41782d25659312dd63dd097cf54e2e119dff51e2
SHA256 a6c2560bdeccd1152a33082053f3ee9ecd4d462536ad91d08f74e3a7b411b7aa
SHA512 c31f2005338e42930d1538386ab9f590d5253a28146e60f0e1e9f8fb8decf884d1b8e77db95b70ef274946c078d5f96b2cd6690ff39d3be2c151c43745490d9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ef686a77f252562bf16c1baf4d122973
SHA1 7c171eef0c20baae6fc1b551c8304380e9971375
SHA256 3fb0f5abc727960915e2cc79192a6ac5618b227603c285123db877c50067c18d
SHA512 67c5a31d0813fc9f70536485c64b9fde5d21138a07eed66e8fa68a551ac13e87bf5dbd1f9fbe64653ce0e2200fff7942e4aec8ab5ba3accf49d7f6099f644c05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 58668896cbcf6459fb4caf3e31dd2b88
SHA1 188865d49d5bde3b91253bc8272c8a5e95bae5d3
SHA256 daaa2ee68d722ead071f9c99a4fbf5a91a0e7deff599c47a7bf4d3930ca6b47c
SHA512 3606e7020c3746e51bf6cd51e9de4433430643a293365df71ce099561fd07ecbc1e7492f225e78617090288c70b3d1183db5ede0b0c4ffa05a6a110ce00f0185

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 1563ce649ed1c90d43bd9ef40757e7b5
SHA1 4a521421d30e3e3e98cd47c457f23516eb933fc4
SHA256 0a74d637800fe84f900de763b2e5b1483cb3fd5331f4a81a06e051e315ef592b
SHA512 d45e465e3ecccd9010dc0e63af0c9ee32d4be3e7da6813d914ce0c8ad57f0a93e1503bdf91def8ea94c51fdff28715bb125051fd8888838cd85711416b8da847

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

MD5 3636fd5f2626f1a2eaecb19ba100172e
SHA1 36461bdd7c26efb14f391da19f3b54e66b656ffd
SHA256 02720abd4a8148f1ebd4878f3d3359db68761a4594dc9676de958eb24b232c08
SHA512 4ac7b64ac2edc0b5a8bb1632fd0ac76fe946aef248162a8d87a2b7765e7e4db58eb363f82c5f7dc76bc23677cf814e589291323c0abf397ba3c4f18a690bbea5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\946858b1-fd6f-49c2-aedd-d15d24dc8eb5.tmp

MD5 bfb9fd2c102fe36cc1e8855022364f4a
SHA1 4790beab6dd2d740b2ed7decc0464d99881c977f
SHA256 89a8ab0d1d767f6aa726d7f2a0448fc9a6858d4c70b6d7506f988da39ad8d8c7
SHA512 37b126ecbacf099d62af8882d3775cdbd34780ec407b2b54f9d905dff9f5526b062818570252cf0bfcb5dd687a56f49a9c76850ab00296a8b1e655afb320e37d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3f39916ebda0fc95e6fa5818fabc5c20
SHA1 a092235d4d4ddf8090f5b68b94d5a4ed7be8da51
SHA256 3fd3c6ac69b4ae284f84ee88318bf8accbf15c324d5948681a107a6cae20d0ad
SHA512 b28a3437cfa320ea6bbfbef887babb4551c86c7ea11ff87ba1a32e01f3c48bd0881a1de671b646936cf2cf46e7de4077b72348d309591e197829e084f1eacb80