discordrat | hxxps://mega[.]nz/file/EFJGmYpa#ZiT1wrmVNhIueqpAbxJCQLmQBLShXkITzz4z6pseBS4

Analysis

max time kernel
38s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/EFJGmYpa#ZiT1wrmVNhIueqpAbxJCQLmQBLShXkITzz4z6pseBS4

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NzYzNzgxNDM1NTU1ODQ1MA.G4sbnk.9ezgMP69gww_7bEKEHc545Loau-pps0Zwbt8Ls
server_id
1247638063216201768

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Executes dropped EXE 2 IoCs

Processes:

Client-built.exeClient-built.exe

pid process

2336 Client-built.exe
4364 Client-built.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

52 discord.com
53 discord.com
56 discord.com
71 discord.com
73 discord.com

pid	process
2336	Client-built.exe
4364	Client-built.exe

flow	ioc
52	discord.com
53	discord.com
56	discord.com
71	discord.com
73	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133622635261638903"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4692 chrome.exe
4692 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4692 chrome.exe
4692 chrome.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

Processes:

chrome.exeAUDIODG.EXEClient-built.exeClient-built.exe

description	pid	process
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: 33	1532	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1532	AUDIODG.EXE
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeDebugPrivilege	2336	Client-built.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeDebugPrivilege	4364	Client-built.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe

pid	process
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4692 wrote to memory of 1116	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1116	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1184	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4360	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4360	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4424	4692	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/EFJGmYpa#ZiT1wrmVNhIueqpAbxJCQLmQBLShXkITzz4z6pseBS4
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0a69ab58,0x7fff0a69ab68,0x7fff0a69ab78
2⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:2
2⤵
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:8
2⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:8
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:1
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:1
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4284 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:8
2⤵
PID:2352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:8
2⤵
PID:872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:8
2⤵
PID:2884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4776 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:8
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5224 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:8
2⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:8
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5472 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:8
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5536 --field-trial-handle=1920,i,2034113835301157712,11811415002850618151,131072 /prefetch:8
2⤵
PID:5088

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2336

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1980

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x458 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1532

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5028

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
4a01dd6f63e505e3a74fc645386500d7

SHA1
9a391daba68afb364a7a1b10a8d008da7bace377

SHA256
f352b3eee077e7955f9a0c64a3fc889428306150de7a237558b2099ae555231e

SHA512
017d8b1b6a9abe7bb8f1ade626ff0361a7cf67ff30218bc024a074bd4b1693ec03950cdad4649ad771ea54d1dafc8d663600e4540e116064868d307e7bcfcef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b72f8eb24eb59751930256a2e2d3a1fb

SHA1
51fc349d304717335a596237fd26b7ff5e5da9c2

SHA256
ddbe6c070c1363e370da893fba833b4b5205000e78e7ef243d0e49af103dd6b8

SHA512
139d7fb7c92a06b0efdf4476abe4c29ede69311e70444feb3a6ffffc09573300443d5e30ca14760e1323948caf7eaa8ea618a76132613c1212895a0a6c566788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2606f1761495a70c9b52aac7ff58bfe4

SHA1
64d56f85270f5842f1b50f8857b7fcf0f7372abe

SHA256
cbdb746cfd202b569e69911e0baf775383f17510911e540181cff37aa95fa5a9

SHA512
9de77cb64c36bff6c1b6619cb972821023b1dd7ba8eda2a4ffb2cc728ecf613c9066b824e4182ef95c8037c6bb058abeaff0763c22f775a3ed0d76ecee4febf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
94fdb7f40495753ae110e2d93a886004

SHA1
5ff55df58973723e1d505db7579405ca28d8410b

SHA256
d329c68dbba60f2901dc429fc981789cd2b070be6c7af99bae5943f5150d70f9

SHA512
97224c0029b3aef40bbbf0325816755d896a3f9450a13595aefa0b1e67872f08d45174d5ecae47f4d9d8e75a6221dbbb5c0d5b288e14e9eb0aff7fde14987c1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c5e518723c9e83ed0e26de75b48d5f44

SHA1
e545505f279f71f31f6eb1492802ae6bad614594

SHA256
b75b6fdc14e9932a31457abdc0f97211d7a7855539b61ece85b4964778e44e25

SHA512
52e3df295a4885da8e2f01ce4122b3bc6a16271255e014a087c6e3075bebc7f5f908280d4ac77a77ff1bf315313059148a791361c145704ecd2feaed0a5a020b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a4bdfe2edc00c741651763bbb90a7a58

SHA1
8f20f20de9842718708009b4b81d99c6b8209a55

SHA256
b556f56311edb87f124c6db13717c02e7fd6b4b8d940075f8cb258dff4209419

SHA512
8cb1c1b8e25997b941891fea3f12c93d230d1aedfbacfe93fd2a6eade286d4149d5f4912199fe26ee588205d0891c66a91560a5ff21a61a4ec7abc3f5b64b4f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1d474aad4886c5f64ba82794c31405c6

SHA1
2f4c63c492d3f92d4e70b281f9ba5232a6d1b21e

SHA256
465dd0cd3a277c92204cb315e07782eedfe04ba9cea5a291a30003f33567a7dd

SHA512
3ef5b670208f1f67365a206dcd9cc70841a7e31002c8f8e252265cd84ffaaae635615822f90e91814c44396382e7c42d9476bbd19b4d0971a088d518fe98a063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a0b4.TMP

Filesize
48B

MD5
58401e56f02044400b0e4d4f01632bf2

SHA1
ecbec404e359cc8615ea2882489507de20c5f1f7

SHA256
64eab155a11d34cb4f89f86c5337eb8530ccf2ff9fbc04ec46cd58dfc7e29bab

SHA512
27955c56c2b2591a42000442f7eab713637fc89c052ebfae71c17ecebc3dd65eebfe8500461f6700019657429c07fce974ee73885e8a33b9df94d2217c408111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
1afc8cb3e4f9d18d99e7b0ffe8957cb5

SHA1
d2e9b95fa8ce09a49e6ca2065eca337ddd5f8072

SHA256
2a82933f18da2d2afa36df064c7779ec9799dd05ad9c1419692c7dab9489e3b6

SHA512
0c65e07ab7b5177f17b0c9c2885e7a158f84259c405d6dedbfb85256c0c87e12487b9def815362198a49f0a978f0b0311995e5bfd0be55eea1f4ce070ea4b0cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
63a75225aa76424dde9f06a50d60f8ca

SHA1
ca75f2a3ef357834bd365b09cde9255b6321ccc9

SHA256
c306a0be95684ea617016f1b21239b5a9aa745dfd783acda4562ccde08bc9913

SHA512
b2860b8ba78f0bf976ec9b2534cdf13240dea81ecd63cc6bb1dff6286ddcbb1a8574c8f466795cf6d940211e21221d93c3d71a26f6fe7a03e6766f8115a6111c

Download Submit
C:\Users\Admin\Downloads\Client-built.exe

Filesize
78KB

MD5
9aa4d6d002b7c2901c822139a9447385

SHA1
66071b5ec704ab156ffff8c6a28d0c0510e573f8

SHA256
5e0642b3b81119b04dcb9ac51a1277520696a59d656493de8346ea64fd71e9d2

SHA512
bc4668855e4c29187594591355b65fe36ef8bde2e2a3e8c98fb74cca4be3321c4209aa1430677baf32ee605d968eaa6e2e2ea2fdd9997a452a4b73ae22d03075

Download Submit
\??\pipe\crashpad_4692_WLGVVTTFXXMDMRVK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2336-217-0x00007FFEF7870000-0x00007FFEF8331000-memory.dmp

Filesize
10.8MB

Download
memory/2336-218-0x000002D3D8000000-0x000002D3D8528000-memory.dmp

Filesize
5.2MB

Download
memory/2336-216-0x000002D3D7800000-0x000002D3D79C2000-memory.dmp

Filesize
1.8MB

Download
memory/2336-214-0x00007FFEF7873000-0x00007FFEF7875000-memory.dmp

Filesize
8KB

Download
memory/2336-215-0x000002D3BD290000-0x000002D3BD2A8000-memory.dmp

Filesize
96KB

Download
memory/2336-346-0x00007FFEF7873000-0x00007FFEF7875000-memory.dmp

Filesize
8KB

Download
memory/2336-348-0x00007FFEF7870000-0x00007FFEF8331000-memory.dmp

Filesize
10.8MB

Download