discordrat | 2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec

Resubmissions

24-10-2024 14:09

241024-rga9lavajl 10

Analysis

max time kernel
237s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-10-2024 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord rat.exe
Size

79KB
MD5

d13905e018eb965ded2e28ba0ab257b5
SHA1

6d7fe69566fddc69b33d698591c9a2c70d834858
SHA256

2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
SHA512

b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb
SSDEEP

1536:YCH0jBD2BKkwbPNrfxCXhRoKV6+V+y9viwp:VUjBD2BPwbPNrmAE+MqU

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133742525997379499"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
2740	chrome.exe
2740	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Discord rat.exechrome.exe

description	pid	Process
Token: SeDebugPrivilege	2852	Discord rat.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe
Token: SeCreatePagefilePrivilege	2740	chrome.exe
Token: SeShutdownPrivilege	2740	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe
2740	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 2740 wrote to memory of 3396	2740	chrome.exe	98
PID 2740 wrote to memory of 3396	2740	chrome.exe	98
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 3356	2740	chrome.exe	99
PID 2740 wrote to memory of 5020	2740	chrome.exe	100
PID 2740 wrote to memory of 5020	2740	chrome.exe	100
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101
PID 2740 wrote to memory of 2708	2740	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbecf7cc40,0x7ffbecf7cc4c,0x7ffbecf7cc58
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1752,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4504,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5100,i,1373295119643274353,4167235000171794765,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3044

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"
1⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"
1⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Discord rat.exe"
1⤵
PID:3956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5788931f4bd5556cb72d8e8060c7e00a

SHA1
12ad52c136f5e63c35408f4e3bb5d18ce98db462

SHA256
6cdda288cd28bdd3bcb8cd106752252e6a0099d5520bdbad7cc48e93873b1cb6

SHA512
fd2b0d366e184b82ff957e9df34fb926709e2003d3e241d4bf16875624ad94e8d13c9888875b63ecd901982e81d7192d4408fd93eb4216d755e159cf1fb2b971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c079ede23262a030426281f34fd4bc6c

SHA1
b24fd7ab5f14ccbd1bb0d0e6e0c4a0f1d700e764

SHA256
0c67d55924d77012e37d8f90ec36181fe783eb9e9cbd4ab2a91df274c3dedaf4

SHA512
80309ee778c6495a81a0aa076c33c24925b6fd1085c5f49af2e66b90ba8e4b6dcbe43a172f1a0e7ad0114fb902faae5434ad0c0fb618a638f1a74c18e435237c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3e0768cc7653e1801277432e9c052756

SHA1
793f7363538e8f5dd7240deadecb6201dcdd59bf

SHA256
42b6fd9d3b98e36a5e0849cfc374da87a6f14e591613f0666f3a6b304b1717d5

SHA512
1e5e8bfd3c9f56cdcb75676b28856f23c89b48d8010995e8614208e35009475c2239ca4ec2d816c4e59a389904d4bdf6e62787665c27a338654bd80cf278c3cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
763d56bca1f23e2d380dac90d4bda203

SHA1
cd6f83a1ce344be929f7c9923a521d2463947bbb

SHA256
8cdd5a37b58d66c2e27e450737171377d21b40223613bbc201b72485c9170399

SHA512
8987b29e3156488c9a022790fc2717e3f9f334d82c6159d08256fe5d83f160e5362ccccd45402bf24d6f6553c179de74a533cb0fe121e166bffbb7d3c8b498b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bffcb694862d6ad38abe05e883c504cc

SHA1
bc750a264f976ff62d4e2476cc8d80a84acb27d8

SHA256
cf575f116903dd10580ea2776704bdea834350c04a0bd8c55b17c72fafb33342

SHA512
0289228aee18c92982fe10ed8b3413c6e3b8d88b6378108fd285b1698a936124e6861ea33cf28aab80d4cdc452005924bb5e51bf84b867830d23ecf2785d7e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d191b4eda414fb8e88bedc650004b24

SHA1
d561de92505c94a3aed1d34549d3ca7c9029f086

SHA256
ef12d07a4bc6ea36a518af87e3b7eff95a7adda49f72709e21cb21842b948ff9

SHA512
9d644701a67dcc6b765e53123ba92b05dbd26f93374ea2c016fb3a04ea728707996383ca052653712729ad06f6067b604fac5fb9be461df8f88e03a05ab41a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0f33a2982f229778daca06634552afd

SHA1
bc8ccb7525a0dc3ad03efe123c2c7eafa88eca94

SHA256
e235d3d6c30b92a06b1059525378acf0d85ffdc77571cede6d24fc314c3e621d

SHA512
cd393ae219ed8774ff08cd5b9d5c94f367f9f45d52c79328443d036ef74a66155236b77eba69eb76c7831ab74b557af543b47b78e820f283adddb40ee1c1e9b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d06c5a70c3a3e9a596939ed08c7bafbb

SHA1
ed7f90b9b388e8a70f46abecce6c8fb01c0cdb2d

SHA256
7a16d36cf15b34ba99bd885e5f7b325545a9dc8357aa21111e48c760d17979e7

SHA512
005af67519e1a0918ff9eeef96fbf5a06527265788230a9af47b560c4137d6fe2e60b675bdc32f48c9fc0c87074f4573c93688554e200d6a081a006af76b5d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
033ad34fe5491d5bf089af56ed6bebfa

SHA1
0f23352c2ee662570acab01836d3f1760c6f19b1

SHA256
f363fccf5ee43fec83e07764ce785ccca509d4f0b835010b5e2b5d56dd5d585f

SHA512
749ee1c5597a169db20b0c641f68193bb285a9f90301ef368daf5397ee032bb330316dcb7f34363b4d97c6a7eb7ec60aa4a921f19312d80d602c720e8fe6aca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51401efe2a1f3c07e0fa2e5ca85d9741

SHA1
803e3b0475b32d9685bd7c6599e1da6f7980d588

SHA256
67bdbc4099fcb7c68a31d76f2308bf347256a3dc4892264fe4d7ee34ef2750b5

SHA512
eb135085f66f0499285fec49320cd53743f30ad446e968799160d8c2b5f50709997cb513cf40e3cda016a7ff7110fbff7e591c0665e5c5dd3565ff36c57f1b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
92b7d96290d37b120261dcf36c006e0d

SHA1
e1f842965b97b7ccba13f44f8d279a24ab615989

SHA256
55dacb18a417a9d3912ccc69f38468b15f0f848ba50346ffa35e446fe64234d9

SHA512
805d43bf74cb7f4a89d0210a7d5b41f78da363308277dc6c8b201ec6a0a70639a2ea1e5b7e5abe13973db44fc90a4c9d7644aa6803c249b67d65c67fb18a94d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e19c79a754773f27d2d99a769b4ac89

SHA1
a17616a01fcab5222667b0ecf6f7687c39ac2418

SHA256
c3284366c321f07b814127b5beb4db305a3ab3999fe7e5bec28daaf6eaed5fb7

SHA512
91bd1c065ff7b355a586932b870e73dacc1abb51e3ebbc188b4d4286b83da4612c233869887e30d6ce1fce9717b85b086232b27d6c64d41bd1f84b5546e2cade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4352bceded8a52fd95c28d7a441f06ec

SHA1
f3234001fd51608e1db899f7f62e67b395d422eb

SHA256
241ce49dbdb6af3f26a9db11dd79d369d2fa06e18ea58b59beae83e25caa2c4f

SHA512
ec35e7893dc188eab1d2533b44051e033aaf8e613aadee9050825f64f8dbeb903311314368cda6acbeece1d26b516dde3157396d6844e7b3369644a4ef874421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f67ddd8b418ea1c32126878e9c6e7799

SHA1
bac1693045d437daaad2fc96d3c32b81907b51f2

SHA256
5d9126326356e259e3e8c6bb1e3c9f21026411700b4fddb01c6c82a9fa0351b3

SHA512
33a6ee69b4f1c076c2865f17d7356c10857e60efe84df6eaf0289ab1042b7c4b9d52b726fa89f0d1d8327e449a685e4367739eaf0adb30a9951b4ed27ab83b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8c03fc6825dfede7868b8b932eca17b

SHA1
7a7b16b01e33be0ddeeb4dd2a2589199bb6864fd

SHA256
a2a3cfa097623c694ca50c674093216907bc5958feee3aeeb517b7a8fd59bd26

SHA512
81a7bf57de2e55487d1f8338dd1c73c6ce98305356c685704008cec93de606e4d6fb67001bc47bb65ffca3e3360f3a4b2ab3c1c9128ba8275dd3af0ee8b27443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c384be3ac8a9f26c931a38234733eec

SHA1
3c2e81be92dacf1b73330bfda7432cf27ddcdbdd

SHA256
f00bca3770244847e347597c20651cd90d1d01080de18ce5b81438f043331b88

SHA512
96e09ee767c1d16c7a54c838447c72f572fd8122cb28a280a700a73001def96c1127cbed74b70995e72d55dc168045aeab276c84a6f48cd62abd99201ab3c1d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
05c4acd13513a943c28a78a59970dba9

SHA1
acf42842128b01b5ddaa17307a24c31fa779ca9e

SHA256
e8127acfb937dfed3acb9cdd40864526767355f9f1fd2f56511d502300c55c6d

SHA512
0a3266a0005ba2b494e35ba4fc8b888ac3410a3d0005fd263ded45b3c25f4a016f8d0824ac4c5a3e218eae5845cdbce63cb220f247ad08a33c2d3b8e1506acb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b07cd29c-f4ba-429f-9e84-5377c287fbd7.tmp

Filesize
9KB

MD5
8573f670f7829ceabf1c1480487f3d15

SHA1
614b4d34627824f210cb7a1286934c676e2ee942

SHA256
c5ba6f0e51c1662a2c6a0d33c0508c9bb3f06505270f3d569e1e70ecd6a07f4a

SHA512
334998e8fcff1c1c9986b11d9323f2c33ed2f0591095e78e3855f351f1a826f0524acd413beee5df4b4ff3fedced8730ba2090483b2bf50a12221ae20589716e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
d48435c02497694fbbd12119a39cb18b

SHA1
6bbb36f5c224a6360e2ef501951c5bce1cca9ac4

SHA256
a795b50d716acdda94ad643a38c68d79b762733c5165d2f64044c91545f7894c

SHA512
91d521e334d5d5102ccd969542967ebec0c5e79356be298e64d0b649a51876255166addf898a0bf99b40a25009141467fbd72a93935bccec58ce9a557e0c8a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
7da7d9a86a1583528540e3d965a084fc

SHA1
c6f72baa1715205fdd4c3de087b794fdba66784f

SHA256
68c47350e4d66b19616df9497c26526c77973ed0bc955a2c9e250f5b0a95d450

SHA512
a0af2040ae0cd74e5112a828e6c1a427a830e769e8ab1d99fe7e5db8bf1daa0b6e31fdfc3191ccde6a455964d40d9fca5f71d404c7d8c888b0208f0052e63d2f

Download Submit
\??\pipe\crashpad_2740_EFKRKMQTAYTVBLXE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2852-5-0x00007FFBF2B73000-0x00007FFBF2B75000-memory.dmp

Filesize
8KB

Download
memory/2852-4-0x000002B959FA0000-0x000002B95A4C8000-memory.dmp

Filesize
5.2MB

Download
memory/2852-3-0x00007FFBF2B70000-0x00007FFBF3631000-memory.dmp

Filesize
10.8MB

Download
memory/2852-6-0x00007FFBF2B70000-0x00007FFBF3631000-memory.dmp

Filesize
10.8MB

Download
memory/2852-2-0x000002B9597A0000-0x000002B959962000-memory.dmp

Filesize
1.8MB

Download
memory/2852-1-0x000002B93F080000-0x000002B93F098000-memory.dmp

Filesize
96KB

Download
memory/2852-0-0x00007FFBF2B73000-0x00007FFBF2B75000-memory.dmp

Filesize
8KB

Download