discordrat | 4899596e68dd4b160a42a14c72f6be0d9a04a714023b0f54d770f8431ff925e8

Analysis

max time kernel
149s
max time network
149s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08-05-2024 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xeroExecutor.exe
Size

78KB
MD5

4ec487d0538495c269e0039d081d42fa
SHA1

ecd574e1bbfda1119a778307609e85e6e696325b
SHA256

4899596e68dd4b160a42a14c72f6be0d9a04a714023b0f54d770f8431ff925e8
SHA512

4e778fe02eec094dc56ba55c4a4ebb7c395171acb333c755a9acc6a08e5ae3917b3c5a97c835399f64b2561de1f578aa5952b9376b901ed082617b2287aaeb6e
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+PKPIC:5Zv5PDwbjNrmAE+PWIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzNzcwMzYwNDc3MzcxNTk5OA.GpnuZW.icMd9S8Xo3T9RHsU9bXhiKpUJaK62FUGK13WN4
server_id
1237709600602722354

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
4	discord.com
34	discord.com
35	discord.com
36	discord.com
95	discord.com
96	discord.com
5	discord.com
9	discord.com
94	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596410636648715"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1104	xeroExecutor.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 2696	4408	chrome.exe	75
PID 4408 wrote to memory of 2696	4408	chrome.exe	75
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 3388	4408	chrome.exe	77
PID 4408 wrote to memory of 4308	4408	chrome.exe	78
PID 4408 wrote to memory of 4308	4408	chrome.exe	78
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79
PID 4408 wrote to memory of 4032	4408	chrome.exe	79

C:\Users\Admin\AppData\Local\Temp\xeroExecutor.exe
"C:\Users\Admin\AppData\Local\Temp\xeroExecutor.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffe3d6e9758,0x7ffe3d6e9768,0x7ffe3d6e9778
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3616 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:508
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff7bd0d7688,0x7ff7bd0d7698,0x7ff7bd0d76a8
    3⤵
    PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5232 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5944 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 --field-trial-handle=1868,i,12363759493240461786,4851958073662341963,131072 /prefetch:8
  2⤵
  PID:1836

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2616

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x104
1⤵
PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
18de7f0cc39b4c7b1fb57829bd3dfcea

SHA1
fbf9d8fbf70c742b4637db02b8a9c9f54024c4e2

SHA256
e342d9387ce9d7db0e0d39e4f90f2c8cb392be0c92629513b94ba39b516dba80

SHA512
616ad2916f492e5fd9f6b0eab9ab791d80fa3e21efb0d5b8544cd0e93296358c39cf86be090651687b507f414cc96927744fc5296c8e61a1636e00d205804a02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
22e3e5c433451198e95d4f5e93aa9d92

SHA1
7d567ba2712cf5ca06de9e4d8305fde60942e1ad

SHA256
6b17b737afd7a4d49642d5bb71ab05e15cb9fe7637f1112c1dd078e00c5f5fdc

SHA512
6f5fb43abfe05de7195624f7ac06e72cdb884b8a9570906085219678c4f558133806d9d7e76e1392059bc0e54ddcf286604a69e5452346e567e3fdfcf25ad7e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0893e52b28dcc364ba53ad2366987576

SHA1
bd3c1a61f2c4195f3b536f082894b56dd08cd0e3

SHA256
501416a04fcd75ad2ecdb4881ead10b84166aca48a62cb7ba9ff9e4ab23076dd

SHA512
6041ad0b5db3f86d069b8b74919b85bdee3293aa0f030a103b3583bbaf5cfcea2fa45564e703198afb9b4169dda1c57342a7d1d384e93df86a9a7d801970aa97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
b1f63dd07f90b5374acd633ce4088b91

SHA1
0b27c75bd950e9a714fe742f33e0b3d0b2eaebe7

SHA256
1031ec8567cacc5d7950177bc752ae2e1395e948dc2114a38228159f323bfb08

SHA512
ce9991b890f97438cf98f0978ed232a0f5f4eb78fbc69c108182f7faf5682af547ade5f5e9545d242b575857f7d1913cf32dd03966b3600bbb69dbc60c3f6ad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1565d655ffe77e00be279c63db3b61e

SHA1
739c49e864ebdc0073e5adfe4a6759b740d2eba4

SHA256
bfd817dc4ce124c8fe91bf8bfbabc0935a4665e1edcf1715106d831b48465f4f

SHA512
127ad92060a060c542dda0ac00a6af2d5cfedbce3c5d1c3c8f1986f6cb3af01a577e6e0a113dfc033b634a188ead2160e9a9960c730c69fe258b506e5cefb8cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e7c6eff26c6fcc24551aba2377220df8

SHA1
54c0bb628da461575496145dc85fe7997f8debe4

SHA256
2c12f821479da93899def9dd252f446d2000d42c10805bb92293548bd59ccebe

SHA512
a3368f8551bdfcac430f4276c244612ee86375dd77cdbfbbbbaf9c2dcb5a83ee0e7370858ca1137a3127db2b8abe8e02b1037fc05e72fa55396a06215b2acfeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
681f2e57c2ae88531717c9ddc6e86690

SHA1
1f63bb1eb7a2f7533ae05180768df55bd93e0c83

SHA256
ab7913983d34659e4a0fa9604c796545bc89f762361137ab36c68ec018afefb4

SHA512
fbcb03ff4d1ba47b2e8693ce8aa8d703dc5c3e953d9c9e4ffc8d19c98c7573d963aa55534b28c25d3868b414a17b1df2488eee882a4d14c869348870d58b5e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
431bf82e2ed02e282aea4bc8e98746d1

SHA1
4987938fc09a92a5b969fdd85b46f0f1c3675036

SHA256
4e1684c06fd45f6d7db4a33acf36db9f1bfbd38c0459e2104eac229fe9cbb175

SHA512
3116e4c7573beda90a2b72efe137686d04f8d48b9a25183a46ac57a04114500572e7822d33a6751ff230cd2fc17bb0e5cf0932834484971cbd597d16869ab32f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
60bc4c65aae7fc98de059e3ecaeb8786

SHA1
0bb504a77bbb63d849db573725b658262f1fd5fb

SHA256
8a050b6df12aaed36fe69a13d6caadf3b014930d1c24e94c347c9983312b1d4f

SHA512
dd02f15bac6b7071d88b00aa3e2e8a3b5f59619dd6e3a8673ff44c4f586d9d32fa9b9e5852676a18ef47ce8534482889f07d5de181c14f67c418fefda3915a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
88b366558c6546a636540ca299f94f3f

SHA1
c1963d4b293b13ab2972450ca684722333bb4543

SHA256
769598732abc41810fc9c63dd4b4e68cf065adbd1afb01ecf824348469d1db1d

SHA512
d1259b081f7ad93d4259e6ef4393996939583531ab2b37266e25a4a364097010d21face44957554e0a841a641ba3e0285f81aa3867abcd8e1edd37ccd020ae74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
944b4e8e1e0118668cab4e09e70a137c

SHA1
9855aaa46ff64e5e339f4457e5f5b1b9511583f3

SHA256
ad3962bf9e341c3446f371c655d5c9ffd9918e2c0053110ea981cd03e2715e4d

SHA512
5a9128073c678bf6e567048d6d444a5c158b4e5c84f208fd0d37a9cdc966859e5d8cb3876dc9b814a290165329598017b534f21d3e670449859bf9ffa0f86fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584c46.TMP

Filesize
93KB

MD5
bac5c478a649b5ac216992f01c5ecdf6

SHA1
5ed6eeccb76577aa41bb62639fe6083730cc0c55

SHA256
fbf602e7a63e62a9def1b1081e8cd02df378dca2d48322166d7b6eb6815eec09

SHA512
f80022709484f9990ccd73d90ce50f2e15bcf16c4a277bf68cd513f121ebb32ab48936642dcc5ccf08aba253f5807c0979eac90ec92d2fdaa3c8dbdf86eaa2ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1104-6-0x00007FFE2ED90000-0x00007FFE2F77C000-memory.dmp

Filesize
9.9MB

Download
memory/1104-5-0x00007FFE2ED93000-0x00007FFE2ED94000-memory.dmp

Filesize
4KB

Download
memory/1104-0-0x00000205257E0000-0x00000205257F8000-memory.dmp

Filesize
96KB

Download
memory/1104-4-0x0000020540690000-0x0000020540BB6000-memory.dmp

Filesize
5.1MB

Download
memory/1104-3-0x00007FFE2ED90000-0x00007FFE2F77C000-memory.dmp

Filesize
9.9MB

Download
memory/1104-2-0x000002053FE90000-0x0000020540052000-memory.dmp

Filesize
1.8MB

Download
memory/1104-1-0x00007FFE2ED93000-0x00007FFE2ED94000-memory.dmp

Filesize
4KB

Download
memory/1104-298-0x0000020540210000-0x00000205402BA000-memory.dmp

Filesize
680KB

Download