discordrat | 1a3072f72b2747d1bbe6f8aec7945d7753c061cd02ab1a1632963d13ba9e61bd

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

eb574fb1d907ffd85ce1854f5585d67a
SHA1

6b72bc26e0f282010c1c1e5589e130d250d28bb5
SHA256

1a3072f72b2747d1bbe6f8aec7945d7753c061cd02ab1a1632963d13ba9e61bd
SHA512

0df1476ff05cc2c34e9c84ac4ba7760c233755f8a9f031ac33241aab71cfc1fbba20344b1403620c7f7695360d30ab124cf3557bff4730bd10f8f8b71a580c6f
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+EPIC:5Zv5PDwbjNrmAE+YIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMTA5OTM2NzcyMTc5NTYzNA.GqkwcX.UOjwiFdGIpv_jY2sOCDo02zExIyfhOxTIiOv6c
server_id
1251241660453752944

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
9	discord.com
11	discord.com
23	discord.com
74	discord.com
141	discord.com
150	discord.com
73	discord.com
144	discord.com
151	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628660773231412"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
700	chrome.exe
700	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1556	Client-built.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe
Token: SeCreatePagefilePrivilege	700	chrome.exe
Token: SeShutdownPrivilege	700	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe
700	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 700 wrote to memory of 1900	700	chrome.exe	91
PID 700 wrote to memory of 1900	700	chrome.exe	91
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3348	700	chrome.exe	92
PID 700 wrote to memory of 3004	700	chrome.exe	93
PID 700 wrote to memory of 3004	700	chrome.exe	93
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94
PID 700 wrote to memory of 412	700	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebbe8ab58,0x7ffebbe8ab68,0x7ffebbe8ab78
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:2
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3604 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4524 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3592 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2928 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1948,i,14608090561217371002,4937324552230099590,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
cb8ba9a865099c7d4ed017ae040bef49

SHA1
80532e81edf05d9fb3e9cceb063204afd0667d39

SHA256
b48656754fba6c85db2bc725a3aeeca9b856f9b5b5f4f5b07929490f33e1c1e5

SHA512
4d12e0d099b5f79196e1aa073850cb64087f5afa512e9f7b95020dcb5472865c731aeb8c066b34494c7dece08c298bbb789ac9e4d17bce990a948a79b184afec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d071bdb852b49622dbedca6cf7f98508

SHA1
dc277af7ecaa3786935514509650608e1d1a22b4

SHA256
8f1c6f51bd1e5bea06f9592e712a1ef0cdd640f5fe95177b8451f4028f31d108

SHA512
fbab73b57e878b0aede01b39a061aaaeb20c73fcba0870ded2f0cae06bb9dbc16e392c2752331a6d96b872d830657439e50fd9d5efa2f19469420720b1f8cb89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
6321dbf13008bae9e39cf1b9733a145f

SHA1
e6cc661e64a1fe98ea3e72f0cf98e0204b6fcbec

SHA256
e75a340f12a9de43198e66b8ca2462b2caf52b9ff91a682eb3b8cfc786c7c874

SHA512
7f4b63e5c1d79a3081711dc15074d2abacbef518e37b43c05333c9677b641a26aaaee672bff24b5aedeac9a822882a299e42090a4013d8f67bd2460fe2746beb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a799556eaad63f383c098408e8eb0fb8

SHA1
26540c30939cb108eddca0209ad6ac8a291ae71d

SHA256
e93639bccacc5a49033626795ec98a7458339ea5aded4df94fb87ca4bb159389

SHA512
f0785f3dc37678477fbebe268e230991b8ad03b63b710288396819fd67970ca67cb3bc970d7954cee7f4f11dbf290eef3dd309984973579d91d8badb91db582e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d90d7405c25713b8ab16540033992933

SHA1
f0e42015d79191e1f6f925109daf34cea8a41bd1

SHA256
e7640ffbb55c66632aab36aeb9a50011e2a38e97b21b27f9254627c8a4253d66

SHA512
2ba8a31fac8eb67e78f3826a7ca330627839147f88847506fad63b654820af33786c81c25b8065a016c8076c8fb6f8679383a1fcc52f11aa7133d655a95d8248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
94d8adcb842992b4ee2448fad5ceaa18

SHA1
b43f1142c768a206179fac188da5ecf6b8d06924

SHA256
b307a59124584596599c94c01d43c2aab71463b997a034bb069a1f79301cfa94

SHA512
a3c1a777318916c9b9d2458e5c36bc4eb4570c848fda1ea058a2a1c0499fa7c6fa90d5124bf9e11702b314369279db573b00cae38cf0e98b70f7425a0e5d64be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
7042b2d0eec2a63f47d00c7fc1c36e58

SHA1
149f4d48ae8add01b5cf6cff4269417542d75adb

SHA256
f06f3685b9f34a0932d27262b58853c7ea41d3cdec6eaee02b47aeca012823c0

SHA512
2b1aa2601b742f2d9227341027f20d056511f911af59d50bcc7b145644e03f8565c74454a979ccab5a70f26be8821a86a461b828be0b3140aaeae6107f493ea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
16d07d8e64ad3772d55f0a708e337222

SHA1
ef6f406c3d7b3e839050d5ab887a62842bca98e9

SHA256
477606b0b52d4e5b8c195dac848002e74ce1617ebbbdd0354264d2ebe0fb5ce2

SHA512
1aee5c577f02d82c2fe9b6c0b248c53ccf6fb6042afff47a8f27f2cd7f3dee854ad6dcff1dc78dabc584c341cee324db3063647f8dcecf914bde7882deb28c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
f632c14914206389e0f2355a4729a369

SHA1
e3e1d47f8a1f3f6b5a1c29bd259416b0833a6c56

SHA256
79e233f4584512f1089d5fc915ddbdfd7df44187f35d83067decc7f8ae54efa2

SHA512
94797e0ad3ef17a73cda16cd3692a86df34c3d9a21baafdc25b0f5eaac5a4a433c1afe3a931e7b21b93d98579c4d256f4294e854fc6d395442bf58da5a4099b4

Download Submit
memory/1556-4-0x0000024647120000-0x0000024647648000-memory.dmp

Filesize
5.2MB

Download
memory/1556-36-0x00007FFEC0D70000-0x00007FFEC1831000-memory.dmp

Filesize
10.8MB

Download
memory/1556-5-0x00007FFEC0D73000-0x00007FFEC0D75000-memory.dmp

Filesize
8KB

Download
memory/1556-0-0x000002462C220000-0x000002462C238000-memory.dmp

Filesize
96KB

Download
memory/1556-3-0x00007FFEC0D70000-0x00007FFEC1831000-memory.dmp

Filesize
10.8MB

Download
memory/1556-2-0x00000246467E0000-0x00000246469A2000-memory.dmp

Filesize
1.8MB

Download
memory/1556-1-0x00007FFEC0D73000-0x00007FFEC0D75000-memory.dmp

Filesize
8KB

Download