Analysis Overview
SHA256
f4682ac003ffe913d397b9f2f5d3a4e251feae26e704827e1f495d9240b17e20
Threat Level: Known bad
The file us.txt was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Executes dropped EXE
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Modifies registry class
Opens file in notepad (likely ransom note)
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 20:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 20:34
Reported
2024-06-14 20:52
Platform
win10v2004-20240611-en
Max time kernel
1050s
Max time network
969s
Command Line
Signatures
Discord RAT
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\release\Client-built.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628709019252765" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\us.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b1b0ab58,0x7ff9b1b0ab68,0x7ff9b1b0ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5076 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2924 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2676 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2396 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:1
C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 --field-trial-handle=1992,i,12365945780612356271,6281802491495291473,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| BE | 2.17.107.123:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 123.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.135.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile-co-uk.webpkgcache.com | udp |
| GB | 216.58.212.225:443 | gofile-co-uk.webpkgcache.com | tcp |
| GB | 216.58.212.225:443 | gofile-co-uk.webpkgcache.com | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 162.159.135.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| BG | 172.217.169.163:443 | beacons2.gvt2.com | tcp |
| BG | 172.217.169.163:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 163.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_3764_CVSHIUCCEDNMWBWY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7925dbac638debc76a956db15c8e07e5 |
| SHA1 | 77fb7f001581d42d468f619d40743928ba86d480 |
| SHA256 | bd4471d30f88a018a8d4a5f2bcc32d03d82290eaf3f311e12e9ce52664c70557 |
| SHA512 | 229e07adc581d089de1ad189a39c8986e943adc9da97159a6f70c2ef1af75b357fdcf7d23b58934aac45ad49b287632e33e49bfdebbb171973387673300d52ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 32340166400cc4c93e786713c78afab4 |
| SHA1 | 6fa0e37f8158c648fd10f965d86b642e467df4a5 |
| SHA256 | 0f1c2879a0c305e8a989624baf7d254b09ff26357d06b733d60409bca0ab3470 |
| SHA512 | 572cf5259094dccc01b326d6419b821a15de2f09d098ff2857d83258401d72f9fc11d81b103739c2786cb4fbeb601ff79ac7a71ba61bf3427f27ab340dabbec4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6c86977a145b73c042baa06378669450 |
| SHA1 | 1f531eb2e5529729bd0562c3350898c659a7ba78 |
| SHA256 | ba4f5bd496962ea106bb2e2d5875fb2defe943ea79fe641eb45aee3165f44338 |
| SHA512 | e1e7ef4c063342b827810510f85b87362eeae049b274517e3591c128b46a6777ce267a2263bd52dfaaba3a0631a1e3d97adfb13a666899ae8d208ef4c2eefb9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 59cfe33e8ebea8121237f4db9955ffb7 |
| SHA1 | d3903e81c425b119aa1a1b28b6f8e6206bfdbc25 |
| SHA256 | dc2e837a833d547f3e27735e476fc344f8e9fb6852ccc995aee0ac9c2fabfea6 |
| SHA512 | b517ee727f04465e08bcf8f55b329a504cfc334d3b8eeb45b214ef7d101db8886eed8db77c4b34d69b067cfd6f0db5e03f2f7e4cb1ed21e82a725eb4c18e7631 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 36f752f8a5aa2f36a715f7e497e7c9c0 |
| SHA1 | 241087440214541d1065c9cab6dac8825a1386de |
| SHA256 | 2ceae48c1967d65fc67c0ab5b8037b3d766bb0e9ceb845bc39f0df658486552f |
| SHA512 | c6e8ff33fd98b6342456aa74b5bd6c503cd76fe69c3ada86bca713ef47d22868ef809a2e535b27e3fa36740150b11e632a9615cb16a8781c2484a763999004e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 68f5085709eb8ab0235f1f564a5fa8e9 |
| SHA1 | ab08de19c8125ca26e9141e581d56cc8d8ab75a0 |
| SHA256 | da7ea337f28ac1240144a68ce528a2701223951b5343571fb50ba29f40c53609 |
| SHA512 | f0d6a750e421f9b6e459c1f7ec82d0ee9a30f1bdfc805c529521eae218cf258ccff1d9aef4ecbfa5d1a0b63352089bfea414d1807dbdbea1b17b08ac16237258 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7ffc2bef13a7204da25033bb1a4e78a5 |
| SHA1 | 7a34a83b62fa003f6ae93a3528e4731e9c68867b |
| SHA256 | f24d37a9c23d13cb4ea85d93a2a3acbbb7ff5f99419ff403673662666ef23174 |
| SHA512 | 6ac8e9cfd499995ba2f548a0560eaad9179095adcf71d728406e0c247e56e8ffb61747e242594322748b2ea546c33515435050aeba7484a41011c8e0b33a52d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1265d427769f5b8a1a9908d9429b96bd |
| SHA1 | e4b5e73a93660f433ae69152d11c2a887de74d2f |
| SHA256 | 0a51aebfd4dda4d8a1037ecc8170bfa501398e8058c69d7205e2aa820c5fd429 |
| SHA512 | 2044076eadd834c6d4d3758cc7b57bebc9eccf3ff7fe84528422c41798eac561a209d0971cb68eb09a7ebba2add20b0210a313ac9b31a75ef4f1459388810a47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e251.TMP
| MD5 | d94134785b2bf1b87d29e6516f57d4d0 |
| SHA1 | 4c685763bed1b8ebe18265e7d9f69fb183ad9e5e |
| SHA256 | 92f1604cfe841d7e9d96c60f4fb01f3c8b9be5870703327799ca1229225ee785 |
| SHA512 | 78c0854f89d614825f029ffb9272d4e613fff9b9c02406a7a135fe3709bd1d6cdb1e841fbf4bde0d5150d2dfb9d9e9574629eeb06d03796db815d9530b3e8b61 |
memory/2760-220-0x000000007449E000-0x000000007449F000-memory.dmp
memory/2760-221-0x00000000004D0000-0x00000000004D8000-memory.dmp
memory/2760-222-0x0000000005450000-0x00000000059F4000-memory.dmp
memory/2760-223-0x0000000004DB0000-0x0000000004E42000-memory.dmp
memory/2760-224-0x0000000004DA0000-0x0000000004DAA000-memory.dmp
memory/2760-234-0x0000000008290000-0x00000000083B2000-memory.dmp
memory/2760-236-0x000000007449E000-0x000000007449F000-memory.dmp
memory/4896-238-0x000001BB20B00000-0x000001BB20B18000-memory.dmp
memory/4896-239-0x000001BB3B0C0000-0x000001BB3B282000-memory.dmp
memory/4896-240-0x000001BB3C540000-0x000001BB3CA68000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9ee4336b939f9e83d346fd5d5f8817f1 |
| SHA1 | be380d2d0743b1c95eccca5cd712aee2cc516ac9 |
| SHA256 | 70f72d7f6550c82c018e73d2e1752c7165311f789962d4143fb366e6894e888c |
| SHA512 | b803585cdeb24052389df829d2d560b5e9e8e4300c8e0edbdb779ca3e50818b031102c3b50858e13dc40fedefd411f692d0d093e73d38eeef0c9a2defe5e6caf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c15451cde323d476c49b9994398345e |
| SHA1 | bd51912720118329ad0d1d942fc17f7d4b71a4ca |
| SHA256 | 4360aee736bbf39e1e833cfc1fc0eb5e5fef5d2206dad81bfefbc14ff7e1b580 |
| SHA512 | 32be1cd35b402304d2ccf92e7860b12264582193be83330c3576358de97517c488e8012c90644ee1674b3cf10656e1a6d00b0dbf6dc7f17628a16eae99cf7005 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2590ea4916c2eb79c32c169740d41251 |
| SHA1 | 6cf451c683603312c9562874cf1e4e16ea4260c2 |
| SHA256 | 894deb8a8b296277092ff2964416ab219c4da7148d5fd2268b52464ba6f43081 |
| SHA512 | 539cc502e6a299c9734b40b3f16dd75a620a2cf8e2fa08ac22b67538382529b306535ab7c07786f0ee0823d167706b24634559dcc36576845af7439ee72f484c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 96b05bbb3fb51272373ac10f01b3af39 |
| SHA1 | 868202e35754db673c7e565c2c4717af356164d8 |
| SHA256 | 479b5522d22a6a76f0346c166b18d91a3c576128c9671164b4f37d01e32e3e00 |
| SHA512 | 304e4447e0edfceba1a7ff748ab14e36e003de46e107aab85327ac9e0ff4e2299cb8ad73f157f72a766b86706cbd85c316a2b20de8c972edb849e9afd29acdc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b97130b6176327ec94dd7009afe910c2 |
| SHA1 | 1262a1e2c6d4b3ec6c080b3b2e039b0415282737 |
| SHA256 | 3b8293f214a3f8009b95481bb8008f85982744ffa11ce2f01084a4a89f2cef2e |
| SHA512 | 8068f486fcd1c5d65184fa1916e9db8d0832dfc75080521e74a8795dd5e8fb8799e88a5a3af4cfe1432b503dbf22065e0cb4d9fc04739cbecfc1ecf5fbd0ff57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c7b2440bbc151c104fe3f0f285c714df |
| SHA1 | d91cece0625524e414ef01cf3b1b9322faa41d45 |
| SHA256 | eee303d3b8757cafc744aefe6071efc9c0d8b2fa90e018009a7b715c16672de0 |
| SHA512 | 8960b201bdb645a8eece388de4ebfe46f3621797ff74ff58c073b5f7b12734de56dd55e35989f582cc100c605b49ccd104827d1aa9718f8590f166e59e1459e6 |
C:\Users\Admin\Downloads\release\Client-built.exe
| MD5 | 0c71acb6f3b39536e293e74932de76d1 |
| SHA1 | ffe809c0ba351e0cccd67955fb7320af0ad35436 |
| SHA256 | a0cbc0fcfa908d7876d43148d2ae45e420c016cd09426d7ac72b412789818cfe |
| SHA512 | 7eaf0f316fd53fcf9187c70bfe5b6707b627322585d2ec5e30da4bc4dc2437a1f1170c8f47fc7f7548cc82407d72a1583a911495f9981a333eb7cb3668fa3a50 |
memory/3236-366-0x00000173E3E70000-0x00000173E3E88000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c880e5e76814b2850f168ee3841b21f2 |
| SHA1 | ab2c5a111c4c09b77e2810268dc52962d00515f5 |
| SHA256 | f7124a77baa7eb34a481cd8a29a687fe907099a9865c613f0dac20d3107b34c5 |
| SHA512 | cfcb2ac1bd8c695816f1712ebe0bce2a9f08c3db8e2f0a8655c807b04d3cc6efd3e492b269c8382f1fcc4ea54ef43898f965c7fb1d5018c6da266964aaf557f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 359496bb74a1d0a5d0dcb577331bb2cd |
| SHA1 | 7d632f65d777913247695a237d294535b1c03f12 |
| SHA256 | 21a61ae9216f08fc6c5daa7a70a2500ee0f7f5e25ae2fb16d64de260c028272a |
| SHA512 | 8d040562ab51c6e0706b730963f461f5039e6d4761b43eb584da2565db5795a7dfd11f790fba7dd2d85bc80ddd5f19dc30e43426b76a61cd799a39ea33076eb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d27dab1abef1df03f3c7939c2795a099 |
| SHA1 | b26fb5c6f2cd06dc6af62cedb9659f34234ed225 |
| SHA256 | c3779fe20fe10a0b1cd76022fe0d660eab4d63e72aee618d90fe23824648d4aa |
| SHA512 | 37b669a888e892b9d1196081e15a48b66d4d7abfcc84be57552c3f1e108a580d015cb5742490d7698ff1accc2795fc90ca01997be9e8f55e1a4af9cba7afb014 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0ea70e1bfada7fed83f2983271cd18ff |
| SHA1 | 9a7945876e4a607313ba505fa612243f2777e14c |
| SHA256 | 2892f16b95a42c13d4faa4b2d9c9a6eb396418f2cde392479442b8b8d33e0e93 |
| SHA512 | c287a389b5cc145c13416309bae71450080b86abdcb131a38879ee133d0b37e86ee69c9c6f0f6fd3e0184d199ecc9c2e3e84428567da01ac45f810bedfcc9dc3 |