discordrat | ddbdfe227d8394d50c28c4b02c39033c4d5d1962fbd1342a5ca5f236e9671619

Analysis

max time kernel
117s
max time network
116s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
15-08-2024 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

7d921a8a96e652d5264847bf6645f61c
SHA1

0ef41f617e00919d102098a7c82750f6e90d9b80
SHA256

ddbdfe227d8394d50c28c4b02c39033c4d5d1962fbd1342a5ca5f236e9671619
SHA512

ac86edaf87b61f0f5b6bf3dc2a70150b43a3e5a758ee4e45162c27491b0ba02f01203446af87666d7c2346169e5445e88027cffd8fcfa64543730078d8c7aed0
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+FPIC:5Zv5PDwbjNrmAE+VIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI3MzA1MTEwNzEyMzI2OTczNQ.G7UQQo.CWRWd5HJJ8bVumSGiyWc2pDdjavw4VinikkJMg
server_id
1273454211354464348

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
4	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681600471980367"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1264	Client-built.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 1432	236	chrome.exe	85
PID 236 wrote to memory of 1432	236	chrome.exe	85
PID 988 wrote to memory of 2068	988	chrome.exe	87
PID 988 wrote to memory of 2068	988	chrome.exe	87
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 4120	236	chrome.exe	88
PID 236 wrote to memory of 1948	236	chrome.exe	89
PID 236 wrote to memory of 1948	236	chrome.exe	89
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90
PID 236 wrote to memory of 4200	236	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2990cc40,0x7ffb2990cc4c,0x7ffb2990cc58
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,210963940316270117,18296818684237128470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1696,i,210963940316270117,18296818684237128470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,210963940316270117,18296818684237128470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,210963940316270117,18296818684237128470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,210963940316270117,18296818684237128470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3084,i,210963940316270117,18296818684237128470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,210963940316270117,18296818684237128470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4468,i,210963940316270117,18296818684237128470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,210963940316270117,18296818684237128470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5028,i,210963940316270117,18296818684237128470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4988,i,210963940316270117,18296818684237128470,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:1112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2990cc40,0x7ffb2990cc4c,0x7ffb2990cc58
  2⤵
  PID:2068

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7bcf62155ff790174eb7d0bd933c377a

SHA1
f08f3142332cccbb197645a06a2be53556583b45

SHA256
3e4edede42ac4bbac1276ba6d12ce318ce1c583e6de3f30049f1110fa1d98779

SHA512
5205f8b027d8ab8bbfcf3d0c6b162c5c52d8e073d27e2a0765c82d31f849d43c5bffb00a5631eca30d63e92f481b8dfc18699151fd9977dcaf85b542143069c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3425a0e63757a6f0843324b7351b328e

SHA1
646bad53c6f9cc8ad1a5c535b18b81dfca176b66

SHA256
ec53c9fbe8db5e0386e39e3ce66f8db6c8fc32f75c995d0b682bf4c56b639c4c

SHA512
c2b8cd66e5dd6ed5e3dfc737879d8653f5f2923b766d0267bf05ceb79ead1bda695eec00a1cf4eef4ef71ba221a13b7e77dcfe0cf425b0c83e76188baba1909e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
db0c8fb5609c83af4e8ddefab7a5ddd2

SHA1
6de28cd825b95c8c731f108b3834275c4b3509ed

SHA256
b8ab73e7407e9788ae9b0d0db619302f0a39897b52c1aa828725e013416d1efc

SHA512
6cac4f32965b75c571c1c5cbe63eb3d0a4ce09014c305f9a8440b32176f6876fe5f242379c2b4a57dd2cdc6c6bb6d7cdf4333b9cdc1bcf13341e192a5053fb61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3ba49ed6730ff1d72c6c376c96241acf

SHA1
67b8c665f156eb43d1462633e23fcad9a9710378

SHA256
cdf0fdcd6f1d12227d87a5ae7777fbc3eab2261c7faf315c60e0221774e5b7ce

SHA512
1db7465d61615c2ed0456c0607b00703f8466b603db0edd3227548bc77273464eebfed49fcf15cfc765c2d3a48d5f8cbe93a5800f7f68603798589ceed70272d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
c0a25f038ef44735b9b020698d8f1d33

SHA1
b78007e4f7f533eaff96effeb1987bd0913d67c2

SHA256
3de7f4655760c50c5e4dcc47af096b0757c4cb30aa31d8423c16fe7f29e2b669

SHA512
8d2807cb567561d4d70f86a91e0f9b9e0449ed36658699455ba15797973a604bbacd585a0a44309e912532ccc940a92da47aa21bd36698a123578f5b4f90902e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
42cc97ab3a3ef857ce8e041ee6a77a5d

SHA1
b6c1fd85f81813a7062a2439fdebc4ecdcb58a92

SHA256
0187b253ea87fb17116a59fe5fbdf4f9dff79e90da132cc6a0fc345430950173

SHA512
a45dfa3d9e27135132bdf0e064a467ebbaf4d590b4fbdba5a4193bed51072ec16aea77c5d66babbd849ce08502ff037d1c2b83d3a4d5c0d16fdc48a408f3728a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc1c9ac096c0156a100067f371df64cb

SHA1
bd46fa5230c44a69d065f0d4143bb19ea036f591

SHA256
f04304e0872b70161f61c8c709d04e4f34d4cd0d739d157a4d7781074c4dec5b

SHA512
688106dc41871e5baf98de26e369bded91058a152784a5ea4525661ab587787e843359bebd7c906183312d7e4cbcc9523a72fa499842efbfe88a85c09132106b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
825edd6a9d4a83298a3a1d6b1aee629d

SHA1
6385848a039f2ec672bb0e83e1d780e6ed1221e1

SHA256
9cbeb745a6113835e58dc10f2cfafcf2617c6d4f62e4988a4954ce4e49f9ce64

SHA512
631993f0e0097fcb6fd8d4145cf6c9f455eae6d1403ba558a1613dacf5304b87d9c836f895c89edaaa0c23dfba43f65756d914e788e64d764e3ec72416207aad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4fa31ab4932ffeb5bc9366cf06e56dd

SHA1
573120fa37c2cf30ac20015dbe3e8845c844d8e1

SHA256
62e4e41c51f76c1a97c9db0ba709dd2d463e1ce326f75c678d5e4e361c42f883

SHA512
bb0f6b6c4439ca119144cf095ff81a71e802d5024553ba8140185e892be8fe74dd97bd788e16f90b58577155be2ae5d1140a9d30eaec0f452a086a92bbdd6fcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f657236758bc5c61a43b2ed622f5aa7a

SHA1
a0a10420767d6238f3bfeb63cbc37cc777b5a2e5

SHA256
691834d9ef3695c04ee33ba0c74ac07c3d22b1d7062bfb54151f9a4933d7054f

SHA512
8077af3d6526797276438f5dc087408425d051272e162e5e78ce31147a0e4d3428373e487b991bacf044c278e31bf73e12483709ac5c3c3f2a627deef781bdda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
08700a490140e87077c430dc8f7686b6

SHA1
7a080b9881af1e518433c37c0f6c8524442b862a

SHA256
32c45e24edc471da6db1f2a73e2f3702907870aab07193f739f1f957de4884d9

SHA512
672cd1e8ee1c092a4b948d96480798d8117c4ee5cc8e4c0c9def90d7640b6c4206fbc2f858f14d2677d2cc1b56d8a7f734c1c3d13367f0ab206cba17366afe8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
e92ab4076c65a5953326bd3a0ed20696

SHA1
28741458499b6cd1e6055d36aab88b9ffed0d431

SHA256
cba5e86762dda9e80dd6b3fd3763e320af2274630bea66611e077719b3da711f

SHA512
8f8cedfccb5ac7bb1596041d472634f0cd7156656028c34a5a17a6365e68cd0626b5da25086f04916c49b1e51dfccf79dab1e5c33cd7a61c9844bdfe9e47f7d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
34cdcf4cfc83c1bc8573192ce21409ba

SHA1
f25589ba7ebfb82e50ea4b4fb8b29fb7a0c8d8f3

SHA256
c812018a613f1000c41f5b1e1dd9646d53f4d39d039fcb6366be4437341cafa6

SHA512
bd6a0c0f7e0008534fedc11a2bc16b9c25831c9531462fa7be13b914f5f326361aa828279da76988aa8e945353359c243186b13775d3d2c58fd6a043d312b5c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
1557d4247d29657b00821e22971a0948

SHA1
99705acd3d53bc5f9a7c3e407b960ac979a58316

SHA256
ee72c11a852166e94607aa7fde7a5ccef94a22e92df7e5daed8f63e2bb1146fd

SHA512
709f665a23b77746c2ceb52090bcc45699e72fa62452d534b57af0c3a44f808ac0f87affa5f5cc8cdc56e6834716ba78ddb088421ceb41e0872d6dbd9e98ef12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
bc1c968a8d2f169862eacaeaf872201d

SHA1
42aa954ec06f99b13534af19f7712fee86f19684

SHA256
70986d8302cd8656bfe3fd4e6f6d9fdf31fe04fade432463613b52a819419ffb

SHA512
65b097bfe0ec4c510cb1fc51895b6c6ab8a2dadc470ed8f647a48eab982151ace62b26f4167350758ce6c331be5bfff382e563af4ccd96076a40e85b7b28da01

Download Submit
memory/1264-0-0x0000018BF9BB0000-0x0000018BF9BC8000-memory.dmp

Filesize
96KB

Download
memory/1264-4-0x0000018BFD550000-0x0000018BFDA78000-memory.dmp

Filesize
5.2MB

Download
memory/1264-38-0x00007FFB2E310000-0x00007FFB2EDD2000-memory.dmp

Filesize
10.8MB

Download
memory/1264-3-0x00007FFB2E310000-0x00007FFB2EDD2000-memory.dmp

Filesize
10.8MB

Download
memory/1264-2-0x0000018BFC1F0000-0x0000018BFC3B2000-memory.dmp

Filesize
1.8MB

Download
memory/1264-1-0x00007FFB2E313000-0x00007FFB2E315000-memory.dmp

Filesize
8KB

Download