discordrat | 273f3bd076c77fd96edde8691efdc30c02f386bbb5af79591e36beb2f322406e

Resubmissions

28-07-2024 16:31

240728-t1e31awfkb 3

19-07-2024 19:50

240719-ykmv5azhke 10

Analysis

max time kernel
63s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-05-08 192748.png
Size

56KB
MD5

65f0ea529c224a822cc1c489a63889fe
SHA1

189d077c12f1249641831312e33521c4da609c9a
SHA256

273f3bd076c77fd96edde8691efdc30c02f386bbb5af79591e36beb2f322406e
SHA512

f9a27c9505d9164cc4d05337162ed4e62c9f26d6bdc309a6ebd6f9c390604b678cb80a2da7ecac1571285836ba86cd4d0b38498a0a567c12f697593561509faf
SSDEEP

1536:B45UZNKnQjm7J2QuP5s4WUPbR+rXIAUOhaq+3cceehi8:B4SNK7O5E29+XsBq2Aehi8

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2Mjc3ODU4MTgxNDIxNDc3Ng.GoRPys._68wmafo5T8UikhKXH678wKMr5nwbtLkTb_XXI
server_id
1262984138315530440

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
92	discord.com
94	discord.com
96	discord.com
83	discord.com
84	discord.com
88	discord.com
91	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133658922730261798"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe
Token: SeShutdownPrivilege	3756	chrome.exe
Token: SeCreatePagefilePrivilege	3756	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3756 wrote to memory of 2308	3756	chrome.exe	95
PID 3756 wrote to memory of 2308	3756	chrome.exe	95
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 3956	3756	chrome.exe	96
PID 3756 wrote to memory of 2336	3756	chrome.exe	97
PID 3756 wrote to memory of 2336	3756	chrome.exe	97
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98
PID 3756 wrote to memory of 3428	3756	chrome.exe	98

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-05-08 192748.png"
1⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbe226cc40,0x7ffbe226cc4c,0x7ffbe226cc58
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2212,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3440,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3764,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5224,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4756,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5132,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5316,i,14686045780445774997,1858226660169809412,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  PID:3648

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Temp1_FeatherB.zip\FeatherB\FeatherBootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_FeatherB.zip\FeatherB\FeatherBootstrapper.exe"
1⤵
PID:2836

C:\Users\Admin\Downloads\FeatherB\FeatherB\FeatherBootstrapper.exe
"C:\Users\Admin\Downloads\FeatherB\FeatherB\FeatherBootstrapper.exe"
1⤵
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ba336e5540777131eddb248551133d7e

SHA1
e325b6a588b7a13e98ee3e115ad06cfae7c0bd1c

SHA256
1983dc4e1aebfe4c78c61e3fcdd951ce7b4861cc277ba6ad75003f15d97354ed

SHA512
8fa4ab2c969f247ecfa570f44d01064990253228908b67334c116f08283770c635fda8351ddaf4b9d7476d299bb0fcd61c444a06b2db5818d7ade156702c2aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
3d0d4b865459978dd77e8c48c753405e

SHA1
0706118fc4c6f6e96966c8d418367e45faa00a0f

SHA256
e3b35047e6bad8e82ba990a1e60df79e531d9f84d65abbd73e102cedfd5ee2c3

SHA512
e67aa59e85ff180fddcd1ea0efef2869289f079cec86c40ec2d13e398580b2e8cbdaeb852a0d4f83de50d621805180b7d69576ffc2dc834987f3c094e43dafdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
fbbfebc65d417268429ac5e669c8875c

SHA1
e3adf931dcec850794a3daa11d7b21d80eb3b983

SHA256
b98adf18d3272f149d3de641a355a29923662368520e7609bf6d8341defa6f9f

SHA512
d1ab898aa475285037a5771439b09d4a8350eb0bec978fc4292af8a9249083f2c11c64b4a432fa20500a23500fb23e9d4555b455682eba4bf6707784a54b9df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
de48f9e442eaeaf7ae8f24b4c4f38f62

SHA1
a68de42b9d9941684fae02c58030d84db62c9a6f

SHA256
eeac074eeafc585d66229026e24f1245faf0933846a1ee6235f74b846d0b381e

SHA512
b95509f7a91db3312b6362256f7371895b2a9912858f165e3785be37ed9cb407bd6fa9398c81e90f827288218f1e96902f3fa78869ead43241e7c1b473f58733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a4a73a24184881a40818f07f06e8895

SHA1
163f5bab7e201cb930e6c0efe9a0acab058ac271

SHA256
018e8a72ada10df61c4d2e1222330ea9bbd7fd49ec85186dbbc7cbb77726310b

SHA512
5f9f100d72739b0cba13c3f23b148a04cc892e2289a4e4cebdbdfde192fbfbe759cda64266343ac04383fa042c0e82bd5e8342b86c4eb7e5bddf0566da7c6367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9c30b7b217528998a0c99d5a69c89122

SHA1
94c51ff1c9dcd19b9ce768db04ee87e1c6bcf78d

SHA256
ba9e9dbb5482bed331ef2aabb285514333352ca3cfbefa0ca1cf6a950d9ee62b

SHA512
7a33b1b1f01f3a735c69e8b4d24e149f25cab05bccc8f65fc4a34ce30568b4ad9e96183bc0ccf509e9c679f340dba8d702884d577ac0f892defa9a8c3a70090c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d91542b87041a96bc8520036465cb6a9

SHA1
70b8fd6784d10ba46b4921ac9ca5b183847e4541

SHA256
f0a14cd16d796c3cd0c5e8447b34afbcc80b7f736038f5c3dbbfe73468115742

SHA512
5afbd77c678d80e73c9c161cfd824c1cf17e4e0f11f9bef7ecc51f77fc92165fc25b8abf22af28f750bb5bd6beff6105a5251a575385babd4297ce8b2d9481a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b05e2a0dddeacefdf8bbfe83a99e93e

SHA1
6cb35565aeb603e3faf8bfaef77842c6f7e546e4

SHA256
65871eb9abbdc4ba12b028ac1459fd6ed874880a4715f409422f5d89cc73f05e

SHA512
a00c74e3eac00e0d9fb360b96bd16dbb9a1aeb874e9f243a56afc746095393722dd5c40fadb695e1522f5d33899bbcfafca1631505ed102b066fbd3b2d216d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
892c534eaf0b5b6a43ca37f3613e096a

SHA1
bff73003b3ec48377cd266466a21e9c62696666a

SHA256
87be74efcc0de03cb475b8efd23a1c777615f2517dd8bc006920ad5f9dd68c54

SHA512
a24e8fadad8a535c5efdd4c00aec087c836be3b4263c64982dd0cab716e63a2dab52ec3a915ac2a40891ee8177b4d1ceeec06361188407ed2a1c03318f13e60e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
019f2e82b4bf12473999f722c16f7592

SHA1
5b755c225fe5e692f5813d88135ab967ca27483a

SHA256
11c7e0a99e57de4970ccb1ac1191b0f1b78f754cc7159dd57b9aa7c88df88cbb

SHA512
aefb332ab24f3616b74e933efa21adedc2a8e7668551404c1c33c31c812802be755498c324a8663fc78addb98f68d6d43095bc21cfc1d6b741c5a8cdfae8d575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
454eaa5daa5325f715c66106c28d3b13

SHA1
e8b915f1c937bafd7da40ce69a279c3182581d71

SHA256
95b548ab3d5d7f4d75c6fae3b1f22fcb0763336c0f5650c4078f3c0ac71b5003

SHA512
82b3ec83bff82e3e5d83ff75118095870412923d3ab20fa45cc5db61c9f6259b99344bb5d69f3718a71ed5174a7205d93d0a25883dced5a7a87aac48ecc7ccfc

Download Submit
C:\Users\Admin\Downloads\FeatherB.zip.crdownload

Filesize
28KB

MD5
809e87f2d2472def3836f3e31a26701f

SHA1
fc1ff2bff3e0c2aacfa2be0cc17ba4bd20f40126

SHA256
1ad5599d212ff553f0751bb096c25e3cdb89b5e938e963851c7ca6dd4135476c

SHA512
29c216e8f58e93eaecb80415f5f43407094839702b8f1c907ce67d3bb0e00572409007ab0a4b694187e47edb927ccc6262cfea15010f1ab151e190da9c66a3d2

Download Submit
memory/2836-115-0x00000213C2020000-0x00000213C2548000-memory.dmp

Filesize
5.2MB

Download
memory/2836-105-0x00000213C1820000-0x00000213C19E2000-memory.dmp

Filesize
1.8MB

Download
memory/2836-104-0x00000213A71F0000-0x00000213A7208000-memory.dmp

Filesize
96KB

Download