discordrat | c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

Analysis

max time kernel
188s
max time network
202s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
30-11-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release/Discord rat.exe
Size

79KB
MD5

d13905e018eb965ded2e28ba0ab257b5
SHA1

6d7fe69566fddc69b33d698591c9a2c70d834858
SHA256

2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
SHA512

b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb
SSDEEP

1536:YCH0jBD2BKkwbPNrfxCXhRoKV6+V+y9viwp:VUjBD2BPwbPNrmAE+MqU

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133774706463370671"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe
2344	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4068	Discord rat.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2908	2884	chrome.exe	83
PID 2884 wrote to memory of 2908	2884	chrome.exe	83
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4540	2884	chrome.exe	84
PID 2884 wrote to memory of 4624	2884	chrome.exe	85
PID 2884 wrote to memory of 4624	2884	chrome.exe	85
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86
PID 2884 wrote to memory of 2956	2884	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf6accc40,0x7ffdf6accc4c,0x7ffdf6accc58
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1748,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1892 /prefetch:3
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2336 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3784,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4552,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3508,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3472,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5048,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3320,i,18047176279520854242,1659318427408799273,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4584

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4024

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9f9c86f8-8f30-4d9e-ab0c-be6ca3eeabd8.tmp

Filesize
15KB

MD5
ac0a04936391ec07fe558c8e8f2c01bd

SHA1
f277c8cce944b48bec0d5a0afd1fd58f57efbd02

SHA256
398348a9d429963efd5796474e120570500fd9e0761313cd5722239669327586

SHA512
d7a467013e117ee194c1ce32c721323dae2c2473797acdbadcd491d623a613fad7c92df22529a0ed687385610e08f590ba37522db4acc29a021207f70dce0095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2a3ecbc7e43c1d58fcef472b2dd90aa1

SHA1
29fff9a2a48fefa5c09305406ae4c6c4ecf99c56

SHA256
b2dbca809fe79fdabe31b73f394ca8d1919d715c6fec1099ed6fbce205ff1bcd

SHA512
e24ad24e9907550dd1919f92405e6bc33411795d552cf0d5335114757b7b2f064f8e3a059cc65874d3b2f3d622f57334b558615c07dbae99b5e861f443ab132e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
aa28e876f44877e80ff6d4bc92b4aefe

SHA1
f40c58bd3bc7117e639a2de660cbdf60c972f97b

SHA256
e1520b198c81846c65a0995398ed3b53c656d3b726cdaf8181f5f407ed1696df

SHA512
065856bfa8023162e4e391677fa59cac5f91e33ea91162f59509691f08e3e6f54909b321b7eecb4285a7216b490788c9af50515f83f4ea7ce106ec9df8f3cba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
2f4a443628ceed79068730f8e59c32d5

SHA1
b561c4750274df05935ce239d5400a655756d327

SHA256
63a1bf7678b67be4a86fb75f7d5ca1a69e2896b5013fa6a25ba864c47c69fdf0

SHA512
914438c55ae78e59d390370527e9aecd992450c741fd8a55cd6830f03b5d759e8e666915174738dc398d4c48121e6429454e747f5a6983f28c1cf34c32abb7f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
52b5bd037c2014de2c4f31d2946c559a

SHA1
f6b8d8282e24e56086f9120eca5a00b18caa4a0e

SHA256
bb349aa6712858391cfdb3a7bb18c3f80fe1a4a0ba55e59c21ea28bf63763d81

SHA512
92fa7489f040573ae16e2a383864a7cf6b5cc7fb24b1820abf53f072024313c37db66f8cdb66bf0dde9ca2288ff34222a624b9cdeebeeae30538f220d2b388f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c8c731d2efaf09d1831d8675a03ac3fa

SHA1
5dd09b154d264b0be427bccb0a0faccf2eac1ab0

SHA256
b275c543a8fb33b69885d8fd08ec647de0f12330db7e8404cacc9390dabdd80b

SHA512
443e645bc17511e6cb474a7a63fea910b2c0796ee4106bfd5b56d47b25603bb53e7a717e7b648642a52a9be705858cf15c95641240c78980d13a4af9aaecc931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f7021da6ac331ac6e3efc0efd1059aec

SHA1
65e84454bece6f033197ee051a662138a74b8103

SHA256
56f27522f0652b59f65e60a6ab88b1f2ba5181077986215e64475170402a754d

SHA512
15f4b994b0639dc3aafb0714a718ff27fb652014844fe588b94001b2f1d5921088ae9b493f2af57d8080e4c447a2fb2b09951b9efb1b6e3b69471813bb48ea15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d7469f38c4632184ca940158ce6c2a6a

SHA1
ced3170d39e5d6748880d19bd2a9be644f667eaf

SHA256
97b20bcf59a411977211d7e3b4272c4e27d650503a8dcaac96edbfc0b3c228c0

SHA512
8b9e6be44c4156f9506e2d337e8189982a003815bee120f7136e4c2d57e3df985e08cbaad241470915decca199b93510a224b81e7f234a0c93369b7b4e7aa207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e1dd81061629815a05cc028cd1774628

SHA1
5fe77de902dcf543f6ea216a91bbd226306c7b1b

SHA256
bdee85ebefa5489273ecdd59eac62c8c81f2d07c00e4cfaaf3ac88783c9bfbfd

SHA512
5a9ac73e7586d841a685abae7f7713a10b18ac6cf082e781f6e7f01b42533596411c1993aa446768821ed5f7fff67110588cf8648a1eae291a77af68c81b4266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ece4710bcfa70b8d3377e22c10c06da4

SHA1
d0a1dac3b898c8114670054210c52a0796031141

SHA256
bc64a3cc30dc9203f0c89552347c17b59809d55f1acd49443b75f47669a3cc05

SHA512
03b094c1b20406fe3c639f0fcf476b48838cbb04899862f6e26a30c60534a44b18c007e7ca8bea7dba16ea7d4a190da10d901d9d6eac7f38e6b5c6bc36191823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f349f9dded823897a3f9bc312b7e05ed

SHA1
1b7e5bd7297df66d93826136b32cc8f9cdfac2d3

SHA256
cecb62503e6d079a3dbd6ca859151540388941849e434a235f149e6b40ba7612

SHA512
5cc2ea92d76e48afd279c024afb18221c77ad3d4eb739131707eea6d598706a7086b77c13e67c842a75ad2ef0d372a57510d2f5c7b09bc618a02b80d3a781fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c168c4174c2fd963fbbe216c63f64009

SHA1
934db3e4bc2f689754c561e341bc587730f3bbaf

SHA256
2393919beb3a73ca697ff4e9cae90475baecfcaac76998f63f32ce0b51f67050

SHA512
030ec90011727bb9ab6cb458370877dc50f1349aae4a4ed156ff3198550a4033a7ea18f085aa659ee967af08ae6e04188b61da8d216afaa8ece66f68918d8a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
95d60a55f22804e2f82da84da8ee5500

SHA1
2f7e271c9ac91415fc8e3ea68643ddacbb7d203d

SHA256
3ee855e2c519bee68b88da18e6e114f30a661b94ed0aa21da70c752aa2f34e29

SHA512
5592e7db5bdf7c0dedd2c00f345c4c75a7ebc523f4dfc3d512f8b306cfa7bea05765f848935c1ffbca5340793ccf196aa60bc91ee7c1d931729e4a41901d3f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
298f94a5d9efad322d075740e76f7e56

SHA1
74711f9ce4fa016dc1cf5e4b68577dcd8a2810e1

SHA256
6d943788ee3065b0d5aac3a001fc3f62c945ac458e002d7a29ab2341ea6d5d7b

SHA512
38beb03cc84c9e0d28a5bdbac1c0fe94dc1ce2b34da0e087f0e2c3a16cdc0ecf37370757d523324689032c75055ed4a772eca18520ae677d5c781e9a680eb8ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d027aa28d9f3d9cd659575645ec44124

SHA1
542c1b1239cad7d5538726f170816fd62b19554a

SHA256
c15c46b17b5d09820947ea3a41ea50039a6659b80aae214f741bdabee2eb3b16

SHA512
13dddea5f5f2362c9b9aa1b8dbbac53bb6e94ea9115b5f79495d2b6f88d65d811b84876c7f60b1ca98c03fd97c0bc8e48aa9f6c51259996a08686fb959750b30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69119aff82e135bf8875117b782d2b08

SHA1
284b47d8b449c254a986fbbc26323459249d121b

SHA256
c30fc8ff2f8be0989e2c41cd5e1102eacd2749428c2df2e4e514b893847a3c9e

SHA512
fc6d774475579bda92dbbd346eecffc33b58f281caf96b638adb7f2247f8be8d0a5da0399549bbf1667f612f3e6cd4c26319699cf1c348ce4b0c715dcad4b7f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8aa9d95dcd5dd25877e7514586ff33f

SHA1
0baf6c3bfcc88eb70851415e724a99a5382b2bb6

SHA256
5d7d1276e33437668668d38b244e391e76da35c93f3b03bdb3767967cc99a61b

SHA512
eb08a5d19085875a45eb883419cb9f01f9dad98bc4062f977a89927fd7a0e449266b01d149b441c850a188c4365e93914e49bc9a8c0626ccdcf76cad3ae30cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50b15477f7dab0aecf3af2bbd590cbf9

SHA1
f9504dad18d44ea4e025605a2037ea130df4ec5a

SHA256
927a25187135f38ce756bdf2d0a22ffee38f279872bb9c66996afc241612cc0d

SHA512
3df3171633620382b925e2d50554e61f928383dde424ff6fd1af64b546b64576d60ef6a8cc4f35c4045dd747573986d828c09e6e7f72985acefe9a786cdf7510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
37b49d4a6f8c424554a60229076d3e9f

SHA1
0c76cad7221abb018acd7741fd7c4f321f1833b5

SHA256
bdef1d788f66e795e63597c9ff93e9791d181ee6f1f4538d75a4ecd4df6157be

SHA512
d91ad649c11693ca7f2134f09f1433a6ceaae9490d1646973ff88ce4ab7811768401fbb388c0f125eed2bd69d966a83558fe9972be626bb34b3de407ebf31e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
a17b92b6edfb1815134733da3d9fcc86

SHA1
8bab5c9113a0fea9dfa00d00dd79d27459ce771f

SHA256
cdc5cb2a433da0df794463a13b05b8b30e41ec16b75052f734f8d4acb8d095c0

SHA512
f911c96a520adfb8bad959dc0b48ddd6811af24d1295787280927818f960ca32226fd1438c68fc030f2b6a8ca4c13e9b3a116976d9fc32ee7df0c2c06ed6343e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
6f728ef8a6e754d183ba092c19e937c1

SHA1
a924d2039f1c7e0d7d6dcab641db52493410fd5a

SHA256
6b8dcfac7add9cb572293463f5989f8e57db4e5d63ae45b3b1863e9c1d3aabff

SHA512
34bfffa6cf684e5387d0f3ac76e6499a75de2fe578145213aed73c95e41cfc0a0634ea8e30ad28505a5fdb2237c465a3482da901f24a4b5c7b26fc6f599d4eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
6cf08bed5297695206b1a2f2fee99800

SHA1
77f38d6fec050d97b24c92b7679dabf6569286bc

SHA256
bc12da86bbdd374c57c5d826b1f66cc9c4ffeb359c8a2301bb8c96c001f9aa05

SHA512
2fa4a0299109527972bfdf028833493983e102814eb1efeb6ee55a01a9bb927e7304a5976d967f38e475edad28ea82a3ec320b993edba03c1c530d156764e99d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\b538efc2-5837-408c-86a0-c857be3aeeb4.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
memory/4068-6-0x00007FFDFC230000-0x00007FFDFCCF2000-memory.dmp

Filesize
10.8MB

Download
memory/4068-3-0x00007FFDFC230000-0x00007FFDFCCF2000-memory.dmp

Filesize
10.8MB

Download
memory/4068-4-0x000001F120C20000-0x000001F121148000-memory.dmp

Filesize
5.2MB

Download
memory/4068-5-0x00007FFDFC233000-0x00007FFDFC235000-memory.dmp

Filesize
8KB

Download
memory/4068-2-0x000001F11F9A0000-0x000001F11FB62000-memory.dmp

Filesize
1.8MB

Download
memory/4068-1-0x000001F105360000-0x000001F105378000-memory.dmp

Filesize
96KB

Download
memory/4068-0-0x00007FFDFC233000-0x00007FFDFC235000-memory.dmp

Filesize
8KB

Download