discordrat | 0c1bd9fc8cd5b9abc4254840036358b738da606f66c512fce16c4be1d08310f0

Resubmissions

11-05-2024 09:48

240511-ls824sbf2y 10

11-05-2024 09:44

240511-lqgvvaec22 10

Analysis

max time kernel
234s
max time network
221s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
11-05-2024 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Text Document.txt
Size

171B
MD5

648a7270802be4e27a19089353599ac5
SHA1

b00d206d5036440763e25987ec3ccdca65a05390
SHA256

0c1bd9fc8cd5b9abc4254840036358b738da606f66c512fce16c4be1d08310f0
SHA512

1dc29ecef5d5fa1dd265a7dc965a37d7566160cbbcca7d4eb9fc7992937fa1910c039a18521779c2a3372344a57ce4f2e4ba580897029b46dd48faa1d61744be

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE4MjcwMjEwOTQ5MDE1NTY2MQ.G9uf38.jAdjK2JiZrgGeF8vDbB6im4SlKHkjnuz5uJodQ
server_id
1238786939990315019

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 1 IoCs

pid	Process
2604	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
21	discord.com
22	discord.com
26	discord.com
30	discord.com
32	discord.com
29	discord.com
31	discord.com
2	discord.com
19	discord.com
24	discord.com
27	discord.com
28	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598942781585855"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1240	chrome.exe
1240	chrome.exe
1160	chrome.exe
1160	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe
Token: SeShutdownPrivilege	1240	chrome.exe
Token: SeCreatePagefilePrivilege	1240	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe
1240	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 4048	2152	cmd.exe	80
PID 2152 wrote to memory of 4048	2152	cmd.exe	80
PID 1240 wrote to memory of 4668	1240	chrome.exe	85
PID 1240 wrote to memory of 4668	1240	chrome.exe	85
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 4892	1240	chrome.exe	86
PID 1240 wrote to memory of 3164	1240	chrome.exe	87
PID 1240 wrote to memory of 3164	1240	chrome.exe	87
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88
PID 1240 wrote to memory of 2744	1240	chrome.exe	88

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\New Text Document.txt
  2⤵
  PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe8,0x114,0x7ffcf8f7ab58,0x7ffcf8f7ab68,0x7ffcf8f7ab78
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:2
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4396 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3872 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5148 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1452 --field-trial-handle=1828,i,6191729032510454974,7732678670777151243,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2340

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
PID:3884

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
PID:2604

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x0000000000000470
1⤵
PID:1100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
83c08a6752628a50c49de0e3dbcd9641

SHA1
5bcd7a4f5c8e33f74aca86b11bcfd7eccd68666f

SHA256
f3c9197f60a04e19125beee9e5c951410b3e775afb5d2f77677449c7198122b8

SHA512
c85a5e672008f5e61dc05587c3c455f5b16311fd3d072900a81430593fac23c75b84e65a465e49b2d6bfc9956d1448501a1417cff9e12aa83276b4cd25cedcd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
8c7162360306b74f33c42b4c00cb5508

SHA1
6a50c8d289e18f9ce6ce12fe2348458174ce23fc

SHA256
32f58baf8ab261071cb6fe810bd6ed0f0c5ba10e7c727a2a31b597ca1c320f26

SHA512
7a8e1a1fd43bea44308f8b5e84d68f9bd577e9719dd6c1f323068a6168418fc9279e33bbe1cb69de6b163fd018e2dec6cf5a824ebfc35d18034b6c3aededb97c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1f770d568f8f2ead1e7e4535b9ca79b7

SHA1
f964c8b0a0b38440b668aba8dc525483f756c28f

SHA256
cfd7383d15d9406b45283b6a171db201fb0c884bc9c15362b0c3af12be5c1a13

SHA512
f35846d833daa8ad162852f101b44e85cb1934777a2eae182ce18a708f14fb8233e4c511927a7e2f2b12aa3f65b87a38504c5525452cd484108f4841cc2b07e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
260c2c8782ab069e68b848f140d2d722

SHA1
465fbbfa598eae09e3027a93cbfd0273a129c4b4

SHA256
dd5a5620f6990874e776325d9b7bb484f5c7bf2861af429d9f21bb6f2287fc45

SHA512
324fa4f57ab9cbdbfc0a1ec52e71d2a9956c69303b0fd40a84a1302c3058a7d306a6c0797e3937e97eb6b6bbcb169035efcf34cd34a5dc759ae4a2ea73d6ae8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
d2259ad179f1106a64d672ffcd062767

SHA1
65fcb4d32bcbaef50f0dc1ca10b2bc1f24a56b66

SHA256
72ea62debbd610e71dbe7cc3dccdac0c8b81be87cc7064862e4ed1a583e1db91

SHA512
d2fea25afe398d6e4a1e938c20a67e29d77ed35762e5a7bb31ae5a985684d4c2f046ce2f8ac0cf13d0de38c49ee9c9905f9483aa305d065fc95cf3be3a56368f

Download Submit
C:\Users\Admin\Downloads\release.zip:Zone.Identifier

Filesize
580B

MD5
9d564f9160ed50e74bbcab92580e9a31

SHA1
0e0cd9e7f69c8e5ef5eaa4af51fb7c290135035b

SHA256
36131c137c3cc9c3c0224359b402db6ae8aeef62a7b7516f37578a2877b01572

SHA512
47351fb4b6691bdc5ec58dbc42fda95ea008a148438a7860cc4fdfaf199b046b03268933c79823aa3f6a874878ea390e20326974a9ecc9ebbdc234aa3bbdde67

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
4c7ef42c252f3313bb4a5060ff6f441e

SHA1
d9bd2cea7a6759bad1eddb8f2d41990a1d3e7ff8

SHA256
dbffc9bb1b584304d2064efd6f956a3c69f4a19a2977ca0ee293df2610df9189

SHA512
de423d0d1639036bda74e7bec9430bf7f4399a35748ea5f74854a7963e15c56a994dd5ebcde8131ad63f5667a2a0f85ee7916a1970faf21ed652469b7748ed62

Download Submit
memory/3884-72-0x0000000000440000-0x0000000000448000-memory.dmp

Filesize
32KB

Download
memory/3884-73-0x0000000005580000-0x0000000005B26000-memory.dmp

Filesize
5.6MB

Download
memory/3884-74-0x0000000004EF0000-0x0000000004F82000-memory.dmp

Filesize
584KB

Download
memory/3884-75-0x0000000004F90000-0x0000000004F9A000-memory.dmp

Filesize
40KB

Download
memory/3884-78-0x0000000007A30000-0x0000000007B52000-memory.dmp

Filesize
1.1MB

Download