discordrat | 16cef3c03efe6d11b261709e330058536b7bd186fad81e932f2a9db1cef78610

Analysis

max time kernel
106s
max time network
133s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08-06-2024 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

newgame.exe
Size

86KB
MD5

da73d03e7e63df84355ca62baaefae8a
SHA1

4a24296ce0275ab6d5439a155a17d8de80d549d5
SHA256

16cef3c03efe6d11b261709e330058536b7bd186fad81e932f2a9db1cef78610
SHA512

7d8c28fa0ee62228104af1bd25aefe3f18fea9e9983d1cbcfa2f18f9f2832c5471fe4f545e775f6ed775802b3d687d81c1a14292af3406f6ef613c39e0c617e7
SSDEEP

1536:t2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+UPIoC1:tZv5PDwbjNrmAE+IIoe

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NzYwNjA2ODE3NTk2MjEzMw.G3Bv2h.Oi-mmhg6ZK_uTFZKjQiDOwr-wcEm-Hq0xizKtQ
server_id
1247606720864321577

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
48	raw.githubusercontent.com
49	raw.githubusercontent.com
51	discord.com
52	discord.com
27	discord.com
31	discord.com
8	discord.com
3	discord.com
4	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623608586783046"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1128	chrome.exe
1128	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3564	newgame.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 2600	1128	chrome.exe	76
PID 1128 wrote to memory of 2600	1128	chrome.exe	76
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4456	1128	chrome.exe	79
PID 1128 wrote to memory of 4688	1128	chrome.exe	80
PID 1128 wrote to memory of 4688	1128	chrome.exe	80
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81
PID 1128 wrote to memory of 4672	1128	chrome.exe	81

C:\Users\Admin\AppData\Local\Temp\newgame.exe
"C:\Users\Admin\AppData\Local\Temp\newgame.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe58559758,0x7ffe58559768,0x7ffe58559778
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1788,i,1609723158569247435,4388884420479060986,131072 /prefetch:2
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1788,i,1609723158569247435,4388884420479060986,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1788,i,1609723158569247435,4388884420479060986,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1788,i,1609723158569247435,4388884420479060986,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1788,i,1609723158569247435,4388884420479060986,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1788,i,1609723158569247435,4388884420479060986,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1788,i,1609723158569247435,4388884420479060986,131072 /prefetch:8
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1788,i,1609723158569247435,4388884420479060986,131072 /prefetch:8
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1788,i,1609723158569247435,4388884420479060986,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1788,i,1609723158569247435,4388884420479060986,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5036 --field-trial-handle=1788,i,1609723158569247435,4388884420479060986,131072 /prefetch:1
  2⤵
  PID:4668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c0b288e138efeecb88907d7ba7836a51

SHA1
039e687205a88b96458e096fbf21f6d25ce6386a

SHA256
9f1dda7d9a937f6c1672da8c283b7f97ae88b2f2aff5e4f5fed9353f59433fc9

SHA512
0f5b7c697eab9d3bf4a0a36d99d0c625888f2fe973253401191f1edd97cf1ab0c98fd5e4acb3280e10c9a70ed59473c8c4b67a68cc715e39850df83642257a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e1cc7a8a5b5c7510306a989396a7cca1

SHA1
afe44bb15c6e8a4d8eb598b5269bd9de621e8072

SHA256
b01cab614e54c53d6841d445fd847f5d5bbc1574681c25eb4d6d91d9a94bb55b

SHA512
759046ae077e403504c60a5c3161f3bf9a1eb4169af4e6363a49e6c4a00bf967482231bc9fce207be571d881042e8d44d854445556fa7366b485b6131aefce23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
131dd5f279bfc76bfeb92724af10bdcb

SHA1
e5dc025073df906ea5646e558b763540a012876a

SHA256
35cb92fc88b7ae25c763099da59313070201f98b7ffb482186781a56eb77dde4

SHA512
5d328305ff9de0c7a13cbc0f03c66dfc8f89acefe417fa5b02c6d193331fc9bf3e41f5dad9c90ac05bfa094c6b9aaf600274593e2c1ced93438949bc2106eaf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e7472bc889d667b05ce116c7c7fb3430

SHA1
85843da29b503096fb6b44d357c8e63bdc23797e

SHA256
aa91c97323618d4e482a3b8eb32322636802dc63ffc2d36dc7e1fbd2d0de4c78

SHA512
407c9541069218dcc58570d899ab65757a5de7a1755072bdd8643fc8d4219b4d9063bf5f9538bf0d043ced0a0d73fddc638f376b2bcfac56c2f51728f4a5777c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f7fc25f5fd1dce3b3c60ef6c45030c1f

SHA1
779bbdf3ef0c32ed5799132942cc877a25fa2954

SHA256
8e17db4eecdc8b71ff50caf8e6200c9d724e8b9b1ad909865a973293cc0c8c99

SHA512
b3dc92f87f5acf62ff8e3ea51abff949ce58ca85c9ab07bdcc50c5ae8fbfa9a6cde794413ee3b400f0db9611ccd9f06cea5c4bea094c301a91cea88a9271478b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ed7124c74f13a1878ad10950ce064f26

SHA1
6b720f49f3026c01cfe73e3086cb762627188c7c

SHA256
d1b9e5afbab11509c6c554a44578997c025e157f7a10faba90ac2e75f043d88c

SHA512
b3c956666db56ce566166e86213f2fc6d79a2ae8c580cb48368c9d0d74a1245ac3cc11c3caa32c34ee6c413ad6b6c854293f136262595afe615cae4f13fa2770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
280KB

MD5
96c7b7f612883ea1ea4055428738db79

SHA1
f828b74f2ec36f4f16296c025b6d1261ac245bd4

SHA256
87a463761bb54f28478b4364b6279bdbdf074b658037e53d0d3aafcaed36a7a2

SHA512
561a4254783f0aef91aede25d27704b79d9596de26d38e6c83296b165924cfcaf505aa7b34951a8169b1dbd6530aeff7d2774f5873bce4cd55590052360f220e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3564-0-0x00007FFE5C983000-0x00007FFE5C984000-memory.dmp

Filesize
4KB

Download
memory/3564-26-0x00007FFE5C980000-0x00007FFE5D36C000-memory.dmp

Filesize
9.9MB

Download
memory/3564-4-0x0000016A5E270000-0x0000016A5E796000-memory.dmp

Filesize
5.1MB

Download
memory/3564-3-0x00007FFE5C980000-0x00007FFE5D36C000-memory.dmp

Filesize
9.9MB

Download
memory/3564-89-0x0000016A5DD40000-0x0000016A5E00A000-memory.dmp

Filesize
2.8MB

Download
memory/3564-2-0x0000016A5DA70000-0x0000016A5DC32000-memory.dmp

Filesize
1.8MB

Download
memory/3564-1-0x0000016A434A0000-0x0000016A434BA000-memory.dmp

Filesize
104KB

Download