discordrat | c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

Analysis

max time kernel
149s
max time network
146s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29-06-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release/Discord rat.exe
Size

79KB
MD5

d13905e018eb965ded2e28ba0ab257b5
SHA1

6d7fe69566fddc69b33d698591c9a2c70d834858
SHA256

2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
SHA512

b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb
SSDEEP

1536:YCH0jBD2BKkwbPNrfxCXhRoKV6+V+y9viwp:VUjBD2BPwbPNrmAE+MqU

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641773957741840"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4736	chrome.exe
4736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	796	Discord rat.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 2036	4736	chrome.exe	75
PID 4736 wrote to memory of 2036	4736	chrome.exe	75
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 3980	4736	chrome.exe	77
PID 4736 wrote to memory of 588	4736	chrome.exe	78
PID 4736 wrote to memory of 588	4736	chrome.exe	78
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79
PID 4736 wrote to memory of 4592	4736	chrome.exe	79

C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd111a9758,0x7ffd111a9768,0x7ffd111a9778
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:8
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2476 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5092 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5152 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4476 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1784,i,17960248097572496255,216446644977259135,131072 /prefetch:8
  2⤵
  PID:3732

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
461995f08b9c56d26dd732768950ed7c

SHA1
5378a6d7841755f942d32491b8199ca67744ed38

SHA256
1b121813652df00b86a4869fd573a5bc855be451cddda14fbf95ead6bf11430e

SHA512
61713b3ef154a770788ffef16d4815d8397fef6dc29210602a67b4d972a92632a038add2758b5fb894b93e82318ba0f8c827cdeb20c73be7be0effa61262556c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c6910b4826a792ddbd7880bf0cff630b

SHA1
43ca1d34ecd7e8985d083ea0277942e65e13747f

SHA256
f93d8fd5a297f04d9cb2e97dc663702d51a35ddf447e327428ab23f098dcd216

SHA512
1f6bcfbfbdf2600aaf74ed651cede48bd724d779e2bfaeedd2b3d8c3418d9cba24d0e63b36ab81d79cce37a417ae89cf83c0787b9ff958d79c11e9897611feae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
2c81978ebe1af680d7b200465ac09f08

SHA1
3a347fe642e810bed24d8072b8fa8da80f6b9c45

SHA256
5e24ebb92c629a3811405bf0e715b735c9cab91f4c87840c3990368b2b02a2af

SHA512
3541e33c76c8ea41f6ae462ca97ff3fb9bf36938d3f7fb7b190ac4b83023229911eebb66df41fa090c2995a6d7b84810dfa8fb462bf41ff4e4f0042e0a07cb8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
63fc66235bebebe27dce9714c979a1c9

SHA1
55905120f0a4644dcb6c47e277b9a4ce01395955

SHA256
130b3fc4a4025108bd699d51ae9948f5698fe30688c7958b965dbf1158adce8f

SHA512
a6f274b09f1a4b3ce30517b8685bcf98dd8b1ff7f06a9b125206f3a2119f6dcff61a0a3309d43a3f2c7ea6fd4a69fb59ed242477d2611f6d3a5536a5515cd3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47ad4818676f38111ff6435af7d59208

SHA1
0233b4b8be23816bde645b14442f33525944a5e0

SHA256
c073c8ab6611146b7f031cc042878798c77e0c43331d8fdecc9d731b627a35d4

SHA512
c04a3216dec1b9dff9a989b03808c4c480452d3860955836d39fd0efec55cf3ed0e6911f0705c0d11b13974841d1ed68aa16532db1eb048cd8bbfe52f439e8a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9d200caf8f5e0d9281d73a7f761d3cc5

SHA1
9f293f0641373380147e87d239342e692a4e44c9

SHA256
25fbac70ab615aca087e036e0a40557db04b6f2138cb10d7497c29517e45643f

SHA512
3948336867990bfb3c7d74326acb62d6647c73490b3d1cc088ac886b60e075b38b4237d6f280c29d828ae0fea22123f1626668a0e39f8346427a46e4722d5972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f33547cf8e8b90a457b0607a444fe6ab

SHA1
58d120f11cd3c05e8fd9309aa125672afce9396b

SHA256
e3f33e4fd3b6aba67717a74a72c042bcd35591a41ec7b3437580c33f6e4060e9

SHA512
ae703e6a5bc4d88beb8899b6ac7485eed540887ad539fd075daffef300296613ae8484a701adea37dc258fd44c31d147c074c9be6a350bdc874757fc8cc8ea5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0d1c973c0f9907c8807f0c2728831e3d

SHA1
5bce7f457fb24f93d33f50053af11b499024ff20

SHA256
2dd1547d17946369c69149d8281b3740807159e290aa6974bff8db99f856292d

SHA512
cc9e9a420b1b82de9122c1ffbdcc1c410b454592cb0af7d9063e87dc1cb140940e5b85db50bd06f257e5440fc9a3fc7343fd295fc4f3190891faf2f86a5cfdd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
cb2ab2e9ecf21c68ef5d572893099b32

SHA1
c4958b98f9cbbcd71cb0a500b204d55e80d6eb27

SHA256
b3f3b1ec0e479088d3863fca90ba66960cbd96ccbd9e2740ab29859a11148641

SHA512
3b509f9ecec2e3c343c4b22e7ad50fdcede8f78a5027ac04a152a841cc8f25c255226c05686c11b8377ac5ec05d1f6bbe8af384fecde92368230cafa06e03381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
289KB

MD5
d3634277c52d39e087161d6f6c611b3b

SHA1
4ae9407949e8e0caa24b596a629264c6f7c38b73

SHA256
760d5de39044190f109c68d8f59b3956ca6054cda653303c78de6633cb188690

SHA512
7f131218154632936c083c3996c3635e2bce55f3f18ab45e46c4810f8ed0c99756bd98858f844cb23f14098137422e90b4fd71d3cfb5e3c469564ba0906b13b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
cde4a8ebe3b6e502b226f35f5125b782

SHA1
a68431eebd0e5494455c27be1ed25ed3817f0fe9

SHA256
9d4a96a28b76b22795a359f747a2bc2f9cf2c988450a4ae3ab2c4b631e37b5c1

SHA512
335ab9ffaad754b5a8289c8452210feaf258acd249b6cb93c9aa3d86e0252f17597e4e58b3c49b385cb26c7eb0a3d8aae2f42b027be70a980a0f391d6b32a525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590e10.TMP

Filesize
92KB

MD5
b491a6f0316bde79586707b1a47eb83b

SHA1
66e7676ad22fa7293d2877d07557ca3c5077e58f

SHA256
548c5e24f4422cdcac1168155f544e9f2b61eee349a0b93dbf89ec58de023e6f

SHA512
3f394e5de452e8d29cbe9aa620d1dcca03c1df2f4bfe327bc55d041632dacde740a64f5ed2d42d5ae7e488901e9c3df2033b94c0acdc9576cb4781148ea8a69d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/796-5-0x00007FFD0B760000-0x00007FFD0C14C000-memory.dmp

Filesize
9.9MB

Download
memory/796-4-0x0000013C6E560000-0x0000013C6EA86000-memory.dmp

Filesize
5.1MB

Download
memory/796-0-0x0000013C536E0000-0x0000013C536F8000-memory.dmp

Filesize
96KB

Download
memory/796-3-0x00007FFD0B760000-0x00007FFD0C14C000-memory.dmp

Filesize
9.9MB

Download
memory/796-2-0x0000013C6DC70000-0x0000013C6DE32000-memory.dmp

Filesize
1.8MB

Download
memory/796-1-0x00007FFD0B763000-0x00007FFD0B764000-memory.dmp

Filesize
4KB

Download