discordrat | 1daf9f6c2cb45a50a0589972c4e3016689b27ef83590621501596b1c92147c57

Analysis

max time kernel
1799s
max time network
1704s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
26-04-2024 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

68bf7623de23b9e6f681e12a67638272
SHA1

e9bc5c4db1f6e6381170d1424d4d16d45154b5f1
SHA256

1daf9f6c2cb45a50a0589972c4e3016689b27ef83590621501596b1c92147c57
SHA512

c6c8cde39b2c31f38323d21874023787922ee5f89b158ed59961a2ba8b7344cb424084a0d2cfbc85c48d41448863539995d56aae0aefab4fb361c0ffe17ca0cc
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+HPIC:5Zv5PDwbjNrmAE+vIC

Score

10^/10

discordrat persistence ransomware rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMzEwMzAxOTI0ODU5MDg4MQ.GpKOLN.9X6ekyHjGRhrzCn0egzIYFCZ2LNbEjPZk-QX6Q
server_id
1052631250457866370

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
79	discord.com
4	discord.com
5	discord.com
8	discord.com
65	discord.com
67	discord.com
77	raw.githubusercontent.com
78	discord.com
66	discord.com
68	discord.com
71	discord.com
76	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp95E2.tmp.png"	Client-built.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586058788767704"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
692	chrome.exe
692	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2316	Client-built.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
2316	Client-built.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 168	5072	chrome.exe	75
PID 5072 wrote to memory of 168	5072	chrome.exe	75
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1264	5072	chrome.exe	77
PID 5072 wrote to memory of 1648	5072	chrome.exe	78
PID 5072 wrote to memory of 1648	5072	chrome.exe	78
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79
PID 5072 wrote to memory of 2272	5072	chrome.exe	79

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Sets desktop wallpaper using registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9a9209758,0x7ff9a9209768,0x7ff9a9209778
  2⤵
  PID:168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:2
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2816 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2836 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:1
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4576 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3712 --field-trial-handle=1748,i,4391289128724208757,6383861280058334022,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:692

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
2b501b30e39e89f34856427c7049cf5e

SHA1
8be169fd7d5b6c195ec2444e23e5b42deb7d4347

SHA256
99828a07fcbb4befe22728b16d7ecdddf674d224d4834fc5e5a7c55414cf80be

SHA512
2b65231c79b464e0be39db42192ba6ea24373652309b599b1a573e6b63523d6b4cf62d5ae2c54358a1f05961e1b36b927531fe142d399e4e0ee79b1cd00b8c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4f0607dabb336a5993351f5d0dc4e7a3

SHA1
043a8e1013b5070e512cdbf54e5aa8a83f0ad005

SHA256
353107d360f9a0cc03d0aea2d52b711a48fa63a4ba0c097c09dd29e144ef9c16

SHA512
18a94658265db3e7091617f881990836588e14a8ac8d63ec75177a6859534b462944d91a75791e3706b7f150b385d223069b32e4ccc04d070eb536e676605764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ced50ef248761ac3323b24bb96365486

SHA1
aa6cb3ddef3163f8695736cccef4724181c0150f

SHA256
c0bf7488bd2b8fa7c92f2ba0e152164b317dfd5e5161d7e75f5cf48253f197d1

SHA512
2216136ef855f8bed5df1f0fc4e27e4a5b758ab17ac2eb65613832371b13d73793ebfb94802803707957ca269afa9fa1b778142820afe7ba49c4e0720bc7fbe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1ad3d6d17a41cd7401d7200f8f48a2d2

SHA1
0aac305e812ae5f8c63f4d0cae23eb28d548e071

SHA256
221a1857459b880ce4c6de464fbc94b64eaadf23ebd2a8b7ab20c436b3c81499

SHA512
444ee2c2a545aa79607aa7878bc4ea61072f407795ef8e2e0c288be3d984f3aadc3402634a1bb4ef59665ba21d7b06935d0bb252e8fa976772f40dfc289f5350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
4960eaaef3f6aefa68ea6c8164254f19

SHA1
d2ab1636bac02a93e5d106493881153cc48aeade

SHA256
75a3f0cf1a78cc9162fdf230ea1cfe0be5de84fe9baf3008576767331241c2a6

SHA512
4f6e072af058325f9236c1fb07d6e9aedb17f99c601fd614dfd8bfccc27604b87167dfe481b167337d9ef375b44d4c0e15752572d56779c28ce637a0a1c83a50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
8314be330c64688b1493933fd825b077

SHA1
58faddd7737f852aa06ecd609c7b012f39402985

SHA256
43ec2fd0bbc3e35bb3c44bae4c34cd2bc6d56b381cc7c4b0728f84515dc45d89

SHA512
6d159579d38482f57fa4dc690373782083afed80d7b8cf200fadb4dce7e11dbc3cf05d3144fff7f732fd82c0541cc5029275c6d2b7bdecd33336632c8213983a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2f4633d796239ac9e3792d3c228da28c

SHA1
b619bfeeb7639de392e0a4a31971d9e6a93015f9

SHA256
e0269a156156c8b6a6aad6336b68ce31510df3f289c5e16cfbc3829c78b7ec4a

SHA512
530db0cbf1f30a49aceb5c1378c8f7c3b3513c8e95f40d96a236e7925042d5c646b858fced40dd31e74a502c1a91bf4a43fd30f951450b24894684e7b82d2a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cdad68438100bd3707a0d2951f44bcfb

SHA1
450106d895fa2460f2d44f57a01798e071845f39

SHA256
dbdd63220ecd894f1682fef2aa051e5f5e19f7d809315b83f503bdf1b8623708

SHA512
9d30a49a6804c3dd08ea35a98d575d9fa47b9534d866a47b20e90aa3622da3e9b7fae0857a98dc368064b48dde3815a67989bb14dd24745011c61a6c8d963600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
62dd516f108f0052a7e1540099e077b8

SHA1
9499fa76e3a84ab0e5c56125d3dd8de76737d28b

SHA256
c00ff0c5fc3693d31adccfa2cfc1e758b90826c82930a20c9c4dc3f1f5a53eca

SHA512
eb37ba58b5717b22470e9c166a88a8e5aa34dea84aee8bc21e5f8016f931803c23e856579527aa662a0ca70f13e9a960bf74c71e7afadb7942e98efffdc21a06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fb6d7093655f182f59c52098a234d0f1

SHA1
ad7b862de353ea8dfa8d75d4a8bcf2c68128b42d

SHA256
2e2d6e086163f201be6ff931eb731cb27b10473694beda1844f40743c08f87da

SHA512
e497e03513bba72f1837f5010a5d03eae9d9b4baca927d0a8748390f869149f44d1e5660736092674190dc72a24b3c595f381fb15a17a6e1015e4451927e215e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
6cabb8bba537172c775aa65e2416830e

SHA1
9a8fae7bbb1a71a2153ff117ff6f6b8ff61a3a75

SHA256
59b6d5d45409e86f7cc332b3fb0858c84a4b82dd014dd2bf68d92b31b901857e

SHA512
e584b7d3faf60d7576a789904a2203a0147791b9e9321d5241c87d6503e4da893590223178ce8a35c6c656eeff8919be0fb2e583032c06429e381504cbb185e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
fafc6a5dda07b57d8c30e024baada9e1

SHA1
84a30e2e03a8d284e25fc760dc7c0e4236e89f6a

SHA256
5e14182e336848c2a0dd6672e8340d07f604d72889a6293f3e13e2acbffc5013

SHA512
78d88c6b7515694f47763b7a5bd10f5a9fdc6b8c72600b21acf99ae08d91b25810e546ed78212d89784c2051f39a9f43b8743bd788583e5546c61c611b6a8d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/2316-6-0x00007FF99A1F0000-0x00007FF99ABDC000-memory.dmp

Filesize
9.9MB

Download
memory/2316-25-0x000001BA4DE50000-0x000001BA4DE60000-memory.dmp

Filesize
64KB

Download
memory/2316-4-0x000001BA4E7C0000-0x000001BA4ECE6000-memory.dmp

Filesize
5.1MB

Download
memory/2316-0-0x000001BA33A20000-0x000001BA33A38000-memory.dmp

Filesize
96KB

Download
memory/2316-2-0x00007FF99A1F0000-0x00007FF99ABDC000-memory.dmp

Filesize
9.9MB

Download
memory/2316-218-0x000001BA4DFB0000-0x000001BA4DFBE000-memory.dmp

Filesize
56KB

Download
memory/2316-3-0x000001BA4DE50000-0x000001BA4DE60000-memory.dmp

Filesize
64KB

Download
memory/2316-1-0x000001BA4DFC0000-0x000001BA4E182000-memory.dmp

Filesize
1.8MB

Download