discordrat | 5c475ea11d2e7f1228427c41d4c26c454ef0ec72d8be04241cf3b74776b8e771

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
26-04-2024 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

free vbucks.exe
Size

78KB
MD5

34731e2230d5b4c412f4866fd4127c59
SHA1

b02f3ff4abe698d16d52b9352239a3375dff5dcf
SHA256

5c475ea11d2e7f1228427c41d4c26c454ef0ec72d8be04241cf3b74776b8e771
SHA512

c674ec29878397b9fd7fc094718355f40d9723a936526db2d7e7653ae820157efd0c6ba5026d7e4cb0e5aff04bdfc26a54bfa2376d3bede379931da1422b8b37
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzMzM4MjU1NTk2NTcyMjcwNg.G0ldks.-j8wlPkDfzGSq7CmTGPKF5gq6Db3VU6VnqazoA
server_id
1233381650038132796

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586056273366682"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4236	free vbucks.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 2784	3624	chrome.exe	86
PID 3624 wrote to memory of 2784	3624	chrome.exe	86
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 2800	3624	chrome.exe	87
PID 3624 wrote to memory of 3260	3624	chrome.exe	88
PID 3624 wrote to memory of 3260	3624	chrome.exe	88
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89
PID 3624 wrote to memory of 4140	3624	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\free vbucks.exe
"C:\Users\Admin\AppData\Local\Temp\free vbucks.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff931d9cc40,0x7ff931d9cc4c,0x7ff931d9cc58
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1632 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3080,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4388,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4788,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3628,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5052,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4320,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3292,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5344,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3464,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3348,i,9856500137070849239,13818910955733148426,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4352

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4772

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\646fadc3-fc03-4c7d-aea1-ae646aff8d9f.tmp

Filesize
9KB

MD5
8df6caa97f802872bc50e09d693253ed

SHA1
b8fea72a6f36a017bd6a3e1f240f43ce0c3dcd44

SHA256
3a3dab2f98949e2bdd746cfc0ddc092809c058ae6ba950ca38478bc68d4c974e

SHA512
42db7dae0a180634605ca6ead861ddcd703e1da370476838bce8d4c602d78e047aaeecc7716e222fdf0b5f3885415ed451e79691e57177fb57ffd7ea487b7338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7c714146a2356de49078d491dd3bb88d

SHA1
d6bc0b375bc7d6f794740a648019b784d84f8f19

SHA256
f69cb82c6baba6a4563a3a4d03817cb586970334e84469d922fd5e354c0796f3

SHA512
99d8d7756b376a94778398abd89956a489ba110c9bf7e7074df5bcc11721f725823daefe3b6850fb102d0387d60beb2a198f19fb826ede5a6ae685e05e18bb51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b5b03a4a30480f204f23e3f639b5312

SHA1
c97a165e8a2b688e54321a0db5ddf891006d71e4

SHA256
d0a5d1b20a57e73ab9cecadbc05cef40bbb234969826e85cbd783475ecb71f44

SHA512
a422a193b9b3fc89c026c32274b969c2d662693c482aa82da22d12bb47997378150b9df9299f396f585d394c50c1cb61f9b95bae2c2265254a954a41b5cf7c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9328a8a761b12d5eb5f6cc6372f33ef

SHA1
dd0a647592cfbb717c48b06e2a05e79be355ea7b

SHA256
e4d94a3d774ad9caa5eb215209f39526e9332f4052a9fc90d5c18667f5f65f38

SHA512
d04cb3ed3239c537d2d411c970ab8ae8a3d7765cacda45e07b2fd8eccad6d4f60f0e9eed9978d4e773189cddd0ae39c161f46a9fb7131f7d869035d4f883e278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4605356b3b5326242f27eee638893241

SHA1
138e1bc87046060a7c72967c4985e5b7bdaf6700

SHA256
9b427c12491f711de56d3bcd9cb2287a03c4fbb626cf447a190adefad73ae278

SHA512
2e954d7af86261fa1420bb483d20cc479f61835f1f86ad8bf310d28ef0417f10b3b2ee18b6c508d7dc44a4c1b7b2ada72960726ee815c813258f1049de52100c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b3691857bd6773449be83724b5d7637

SHA1
956894b6671732bd3adf8fe1820c466806b7db97

SHA256
56c29ab1dc579dbf84aba9552f3fe3187a9cae6b332e35af1d9120d5aa146745

SHA512
8bd7614e90ede53682f5dfca2e735bafc24946cf56e863eba4e45ae7fc51590e6008a6f253b6de64d00210061fe36d91cc5e931a51d0b0d5457ea352524d4cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
11aaeffcd7cc7d46eaa746546dc6f59c

SHA1
1c282c4a6ce252da808137601a6987a6a894c8d0

SHA256
380d3660db53e505c5128c68960623369a32c6873e18b0a1f33d1022464df194

SHA512
c7286b75b21b8f9667cc701a4890e79f8b0935b2aade62a942cef6cb35d040b3646ebd0215b6d1a54dc799584072b76c013a3c36121be1b61a088b8f9f7a22f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5a3e75ec791bbda22ee0c77a723e5d4

SHA1
4da1cda1ac4b3f2acad9b493fdee68bfa762f140

SHA256
0c2f43a4b6b69ca27756092cb14c151a23517f1dc3eff51d2f0e62eb817795ec

SHA512
191c254b551c2a8e67ebe893d23ab3962668140457256f3cdc968b96a0bc066c6119fe3affa38f32d8495f975f91fa0f2c4c9cffa76204ceb5189eeaf704f01e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
4c7b3c7b22d895893cd5df7ba702ca37

SHA1
cf18dc0648f9ba67017b1d170ce0fc5a066d8200

SHA256
366ee8962a1dfa795a219ea4455f9d2d4a6f44ef562a36a138ee10ce62fdba2f

SHA512
804aba29d37ce980a0f664a85c3b1511d13b6eded657c01f127a887b580d2a684421c913eeeb4ebacb5e09232ec4ddfebc79eef195d1ccfa6cc02540f8d39995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
e7d1dc7f67ffade82cefe16f819fdb2a

SHA1
6b79e74315958b19dd830b5fc84fe64e0501ce57

SHA256
3f98060a175e967da609168ddbfcff7de159f49b3dd9bbe31fae70421f8cd426

SHA512
e75c95d62a8d979b83f5444f052b64693864a83194ee99e92b9bf7d79d6110f6553f090c27758d12c78522897a366ebbc1bd6bb9cb9d20b78f87b9dedeb2c367

Download Submit
memory/4236-0-0x000002548BFA0000-0x000002548BFB8000-memory.dmp

Filesize
96KB

Download
memory/4236-4-0x00007FF9312F0000-0x00007FF931DB2000-memory.dmp

Filesize
10.8MB

Download
memory/4236-2-0x00007FF9312F0000-0x00007FF931DB2000-memory.dmp

Filesize
10.8MB

Download
memory/4236-3-0x00000254A65D0000-0x00000254A65E0000-memory.dmp

Filesize
64KB

Download
memory/4236-1-0x00000254A6610000-0x00000254A67D2000-memory.dmp

Filesize
1.8MB

Download