discordrat | 812863156555149ccbf6760f517ad579767cb63a500d303674249c7f6ed432b2

Resubmissions

29-10-2024 21:02

241029-zvjf5azepm 10

26-10-2024 20:04

241026-ytal6ayble 10

Analysis

max time kernel
77s
max time network
85s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26-10-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cheats menu for fortnite.exe
Size

78KB
MD5

7632b9a1ef8d1a2b90034c1989933a58
SHA1

a4ae9ea3b20ad6a8076098024c16cf09c685617d
SHA256

812863156555149ccbf6760f517ad579767cb63a500d303674249c7f6ed432b2
SHA512

13794fb812009774029a0791205ef7051702f86a91bee93928ec67680024a40919e83af1427e678d4c92a59263afdc6ad679e379b2b5d86f93f876a9be866e17
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+EPIC:5Zv5PDwbjNrmAE+YIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5OTU0MTkzODU1MDA3OTUxOQ.Gvl4gU.7Q7wHcMNYjKHO68jzzoW82f8cEH9pdp_UfcuOE
server_id
1299543473954754560

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

Processes:

flow	ioc
1	discord.com
4	discord.com
6	discord.com
16	discord.com
17	discord.com
39	discord.com

Drops file in Windows directory 4 IoCs

Processes:

chrome.exesetup.exesetup.exe

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133744466989067966"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid	Process
868	chrome.exe
868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Cheats menu for fortnite.exechrome.exeAUDIODG.EXE

description	pid	Process
Token: SeDebugPrivilege	2976	Cheats menu for fortnite.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: 33	412	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	412	AUDIODG.EXE
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 868 wrote to memory of 4284	868	chrome.exe	89
PID 868 wrote to memory of 4284	868	chrome.exe	89
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2092	868	chrome.exe	90
PID 868 wrote to memory of 2452	868	chrome.exe	91
PID 868 wrote to memory of 2452	868	chrome.exe	91
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92
PID 868 wrote to memory of 968	868	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\Cheats menu for fortnite.exe
"C:\Users\Admin\AppData\Local\Temp\Cheats menu for fortnite.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81932cc40,0x7ff81932cc4c,0x7ff81932cc58
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1768,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4368,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4632,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3688 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4984,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:1760
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7b7d94698,0x7ff7b7d946a4,0x7ff7b7d946b0
    3⤵
    - Drops file in Windows directory
    PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4856,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3428,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3728,i,9647843317519110767,16716157641626335393,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:8
  2⤵
  PID:4980

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:948

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
76025b9fb7201faad57e95ac873e37eb

SHA1
25c01eb7d9a63723eac365d764e96e45e953a5c1

SHA256
03bb8cf70d96e562ff19d80ef9a01f8255aaa1a6ffa2005dbc004bb718e05269

SHA512
6f5c8680823f3fc01c4668585518a1a535959ec456bca88f81eebe0484dc6cf6bbc40044db4ac7d18798529a20feca039bd986f243db817f27df220a7917a28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0d07df3f3c4ce8f62b84fa73de58e696

SHA1
9fa41c467fd6d1f9ee64809b35024de2bb8a81b8

SHA256
e86189ed1e3eb2b5d86895baf5b2035c7e955ff38a914eb8b29b4f43aedee8f6

SHA512
37c0dd86c5bb1fbb389e02232ff99a983b407b3ae6bcfed736f7adf74396267d54388d8f55938c6165a78d106cd87c4c2af04561e1a9d444c05ff6101bd36263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
e888cb9aa82a24af472923788f5c393b

SHA1
4a9c174a91d8a1d79c239af6c1d25e3bb42f80f4

SHA256
09a5ba23a3619b1ee8a73f73c794de42776f884212c6de4fcfd573da383beadc

SHA512
f29ad76a2399267c2dbdbbc90b72593229d9015546f4d198806ddc789097e074eccf166548191151f4fe3597ab6efc070078abece47510a7bacf9bb0593ab9a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
062bc7ddf3a3f28e3d9a2d6e7002fc67

SHA1
4d79dec84344e06ce33a5bf9d55cf85fa7069354

SHA256
d9d5675b9cc6597534d6638048bb5889583fdf947925f313a0d94f2b01ba6059

SHA512
11cb550ce0bc39726712bbf03b4c7b6f3d68b4faed35b9fbb87495b4e372ca22f3baefc7c60ae822a77a468268b2481b10728366ca0c992f28ce8e4e6d1830b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b9c91686c3bc14203b2b66149964a3f1

SHA1
e44df2671df24bb165b2a6537e793d3c82b2a29b

SHA256
51b54e4832d474a39670fd5fcd30178f6fb04eb0fb1158071df03a4eda09e392

SHA512
f01159814459b882f5f8cee7bb97fbd1c4d78028e27afc79c3779e07413118c87b9a311106f437422daa69b255c98e47b9bbfd5f7956c2d78284a4ebf4cacbe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
855790ef33cb25d6a7228db78dfc767b

SHA1
74b1ffc2fdca76df3dd3b08e3293c8acda954fe7

SHA256
5ddc4c0cfbe500b6c516caeef63dbe2329364b6eca0b30a6bf161796b53b5800

SHA512
c04372e81bff20382642ba8c6c9adbc7f8f67bc013a5f3433d8642ac51932f52742594623b34d67762cf9d86a7a9dbff94af8a73cd8d7bd3dc53283c8b6cd321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
755adc4d1e2ac90bfafd301149f53427

SHA1
86a7642a803eb1c554123397c2f826d190134495

SHA256
69c0c3fb336eb65903e337cd636a87d68c608c178a6a4bf41445fbd6a6fc5039

SHA512
835477a659c26b7a250e46556ba2cd943ddbc34ec3fe60008c4c9899a5879952a902fd625ac930c6e6bfa840db4982b37bd2ba4dd21432b2310cbb304fc3df3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
326755e45c82f6af77ef8a879fd6af53

SHA1
049862ed7100e92e49bd7aa0b9f6150ccc9c1250

SHA256
dc4562ae4fbcfbb9bc661d18c3389b82f831b2a6dfb7701434c971a8d6943f67

SHA512
294e3a7b132c2ded23fc932e6afe38252f44c47899820a99ff97aea474275f6204a5c20b9f3b50d7b0784af1febaba92b00462ac78d21cf63cbe1889d64541b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8451f08503f7769c93f21c281edc5365

SHA1
fdc7cae6ddc2833e011a5c020b03067721102bc1

SHA256
11ac910dda05c96ba9ebc24e44c924961024019620c1a8fe9ee9e7bd5781b826

SHA512
a6ade7bc07098d963ccb75cb27cf0aec71a94b4525b16c743417a04b75438f3be5bc74cf5ce7b077043f1adb35df079b3a69df7188f7581d4ebfdcd82c9f01b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
612bef7bfd2e3e0a26ba41344ee89aef

SHA1
10097fb929bdba23f0f97b45b86ee64624c3debe

SHA256
d9249890e0eaa71c8c2d414b91a1e33819567cc31b72c536662d98d599c33f28

SHA512
29da6601f4394539287498d57936986f5994b09a85651d52114c70afec0df4a4d37e56aee6bf22659bb590f41a4286ae1f3b3f35d9143cabf01aa44b7cb4d608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f49dd1a3f0d0ea22de41b92a0150422d

SHA1
4005c11303594d84b0d4632b2ece8de37d57a26f

SHA256
ef7fced01a8b31ce74dcfe316969d0b3f3f50fa434978829fdee5e4751f7676d

SHA512
a1b10c8709823f82bc312e202d9ca2d041492f4b99af95758bfa0a252e4fc0784a95efc167e141dd8920c9d30d5fdd064e8378a65d954625c9139310473bacce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4756aaa8950eacb6a2da7ddeae80275e

SHA1
84ebb6eb10e2665de0561cc2385be37e52374817

SHA256
898a5b5aa74daaa5f910d6c3670c7651bce3f627ef5d7cf1c92e6d46d001c845

SHA512
efe4274bbce7b08bbc4c3bf84182c673d9604df5cf0285c30580e8a164e8f3ea5d027fb511c9e394083e448cff6998711a0dfdfbdc23cbddf919ab8c8759e040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c1a671f9-5e0a-4ca0-8ec7-251e6625ebd3.tmp

Filesize
15KB

MD5
3dd03f0c8d9d6c3f206679713290eed2

SHA1
3f7f1c79fa1d20fc9e08fe31af069d89dce64e3d

SHA256
114c201ab1e0200e1f00762e200c8437f3baa0ae860723a8c5dea9f9c66d1d3d

SHA512
660653aa195498a72ffac188ffb686a4023395cdd785f7042606e5766ffefe9f1a61b0caa6d34d8060cdef4416bf70bca1cb97111dc362e34fd03f675c8c8277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
d1ff46c08d52876ade5f60a915aa77d4

SHA1
539e3888a496318ca5d1c5f83687ce2ba9de9c8f

SHA256
074b6974f2775e3cd04eced87b53df2513f8585018666323a1a7d6a144d45286

SHA512
d9b7e61ab9cae088a78193f4ed6a04c49ac324bf47592433997c3a4d33ef01c5e364ce4354f7e3e8b110a2e4fbba975b3e1df8a13066e986dffd96d6acad079a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
a5c4aaa200ecb92e420f90b9c1eb9bfa

SHA1
2d1e8ccb1b9b3266dcc9b6287ec90af6a168ac1f

SHA256
1a8bf312471a884cb676d757d128acfee140a098ceb349634ea1baf9ef252f47

SHA512
0d7aeddc5330e11af5ee17156a2751b413b4f17749a5ef36925db6e95c3fc5ea359277ece1644a9f2d233d5314267a9e68808217fb64701fa32d34a11c48a89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
f8f9e06fd239731b8d7b0cb41c4a4046

SHA1
cd373ce84522a9111f432ec2f3e8ebf1146b21df

SHA256
0041ea2948cf4a33a4ca54e176511f5afe668a69f42d405d9c3b3a0a6a84542d

SHA512
6b38c15538c660000c99ccca96587510c6754e32664870be1109aabe590506d1043e8310267372ad9657feddec52cba7ecf5ed9ff1de1af2265679e5aa58ff82

Download Submit
\??\pipe\crashpad_868_HCRORJNQSPWJMYCF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2976-5-0x00007FF81D9B3000-0x00007FF81D9B5000-memory.dmp

Filesize
8KB

Download
memory/2976-4-0x0000029D1A6C0000-0x0000029D1ABE8000-memory.dmp

Filesize
5.2MB

Download
memory/2976-3-0x00007FF81D9B0000-0x00007FF81E472000-memory.dmp

Filesize
10.8MB

Download
memory/2976-2-0x0000029D7F640000-0x0000029D7F802000-memory.dmp

Filesize
1.8MB

Download
memory/2976-52-0x0000029D7F470000-0x0000029D7F51A000-memory.dmp

Filesize
680KB

Download
memory/2976-6-0x00007FF81D9B0000-0x00007FF81E472000-memory.dmp

Filesize
10.8MB

Download
memory/2976-0-0x00007FF81D9B3000-0x00007FF81D9B5000-memory.dmp

Filesize
8KB

Download
memory/2976-1-0x0000029D7E380000-0x0000029D7E398000-memory.dmp

Filesize
96KB

Download