discordrat | 1d184c635a032625f10639ec3458a6f8d0a36a6a82078a11b820924f39056080

Resubmissions

12-12-2024 19:55

241212-ym8klsxnfp 10

12-12-2024 19:20

12-12-2024 19:16

12-12-2024 19:16

12-12-2024 18:49

12-12-2024 18:46

12-12-2024 18:39

12-12-2024 18:27

Analysis

max time kernel
119s
max time network
131s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12-12-2024 19:16

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

mta.exe
Size

98KB
MD5

778dce14368e8b1105544c43ce09d2f1
SHA1

81c7cc17d48b8c5e6e5b9cc1efc8bbae1646dcb0
SHA256

1d184c635a032625f10639ec3458a6f8d0a36a6a82078a11b820924f39056080
SHA512

31a517a024726bef90c60c05173852de117e27960e981ec92456e6a3e4c0b6ac50437b8bfd2ced7afbad2a81c3e00a4c9bd5622af2236f3ae37856d6fd9d4aab
SSDEEP

1536:Vic45PApy/vpjAnT9ZqzY4r5VVZDAcE3VCQfwbJ6Pr5+NzxCxoKV6+UyNV:AxApgR8T9EE4r5n8rwbJ6Pr5+zNyj

Score

10^/10

discordrat discovery persistence phishing rat rootkit stealer

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral2/memory/396-1-0x00000184BD8B0000-0x00000184BD8CC000-memory.dmp	disable_win_def

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
55	discord.com
63	discord.com
1	discord.com
3	discord.com
5	discord.com
53	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133785046411290075"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	396	mta.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: 33	4060	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4060	AUDIODG.EXE
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 2884	4716	chrome.exe	81
PID 4716 wrote to memory of 2884	4716	chrome.exe	81
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 2476	4716	chrome.exe	82
PID 4716 wrote to memory of 4176	4716	chrome.exe	83
PID 4716 wrote to memory of 4176	4716	chrome.exe	83
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84
PID 4716 wrote to memory of 4460	4716	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\mta.exe
"C:\Users\Admin\AppData\Local\Temp\mta.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9de6cc40,0x7ffd9de6cc4c,0x7ffd9de6cc58
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,17859797602053692415,12284960115238910021,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,17859797602053692415,12284960115238910021,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,17859797602053692415,12284960115238910021,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,17859797602053692415,12284960115238910021,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,17859797602053692415,12284960115238910021,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3572,i,17859797602053692415,12284960115238910021,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,17859797602053692415,12284960115238910021,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,17859797602053692415,12284960115238910021,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4352,i,17859797602053692415,12284960115238910021,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4764,i,17859797602053692415,12284960115238910021,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3196,i,17859797602053692415,12284960115238910021,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:4024

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1400

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004AC 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
982d303b118b2eaf6f64b8bed71caca1

SHA1
ce0513e15cd3a8c89f8aebf28310f0781fcb8990

SHA256
83daa5b43fea4f03949f07d358f476d6ff173f7963afd57c8a561864468a71c0

SHA512
cadc5e6e5876aecfd0e678bf52195f719cf1913d84f31bb0a440d7ac59db099e262b4d3cd8c1723b3830c006088ce049b48303c6e0668e7775ddd65914c03e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
27KB

MD5
9b569868d62623c6c25d4c1fb594f6a0

SHA1
6889a237ce01d10479b7167d9e054dce066e39c1

SHA256
01dd219fb78f05342e9740285eaeb994e1b94c5309023da491fb06eeca2a8623

SHA512
80234be1971d3ca89762cd6075b072b5c3944d87dfe555acb1d362d4a548d5892975b7753b31d1dc8f1a4eea32d167cb2b81b1518619e61986e6cbaf768d034a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
65KB

MD5
29e55b0efa8b4c218743da0fc2f00695

SHA1
5e8e406413480c0564edc76e9dd323de45279504

SHA256
ebcb9f270df2204de5be215cc37598a16652ea832c5d242fec07a759ff53cfca

SHA512
3bfed76f38c2be7250339f8c3e5a41a9814f77c91d1ce3b81b5ab39677f2eaeaaf98d7e7d49ec95fb7b5ae42dc600e822cc2cd246f9357f1cc3d6b0041ff4cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
86KB

MD5
791c0f049d6e590d1a6881ff6adf6ee1

SHA1
45cffa1515863d8057485f8448217857017b817a

SHA256
99e041f67fa745f6cccbcc19c726895b9820642259d7bdda68357eac23aa4b35

SHA512
05f554b7ddd424a5e1ceab6d66b86a558e8fb8ba642df39523ea06cb8a190311bd720fe12c0388ab87ba25b851889d4c7ce7b5ca229d1ec7e39b34051dfd7152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
105KB

MD5
afa50a309274025c987ee8b2598574c4

SHA1
3fa8849541b4f3cf56a4bf2c2de71ac646a9f592

SHA256
9d8ee05f8e2cbd029c80c202042bd2b57049a293842e87df654ff527bd402aed

SHA512
4b440cb4e61dfb3c920de1636f8b5004ad4fa3baba77e13fe0de463fe056525bfc562045954e83120bb2fa5c7a8526c807b3cf39b28289d6a68fe8de886705cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aa7ae08848abc5dd9d70e42ae5bf1f22

SHA1
3e766772db06e049b07d7ec5c8ed6e933b51cb58

SHA256
bc4303e5998aee7afade1aaa7b6828346e3224fa8c8c4c0a49fb73a8efda1f80

SHA512
2344b6ab3b6db6bea1eb01d6d5b08cd88fd1ccc7ac23c708521ee628950c5240e28002b94f7e387aa139a1d7643976dc732d6bb8d57d8edab85b559fd2826c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b4e9c50519c4db6df0a7e206d37bf99d

SHA1
02bfcd7db15bed1d656dd4ab80302b88d00cb1af

SHA256
eb7089eb9cea0994761eb4fe685b277081a2b8bfd4c475196dc17b2ff58052d1

SHA512
0e386b6721ab3d13e9fd8bc7e7b4ddc2c7ae86c447917d1087e54ead21c3a9b9d4fdfd4c287c1936487973be30cd1b17dd7f6fde4a61d9f23fb69f92fc8eb5ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
36a84fb15ea2235ffe0d8544e0254d72

SHA1
6c3057216d41d8d7a79d31a2d76959d1f60f08b2

SHA256
e829948d8923ab7de031218a58d8372bb1281f095f55916b7c5a300d1eb532a6

SHA512
44d152ce0b1fce042d5db0df00f2c97d167b4fe4c432d484667965667106350680e5bc0358dd829a40d0cd8c573cf8ccfe7a2c5032f80c62f66baa1a78a0a300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7642dd0b43c2c45cee0fb98ef17a5337

SHA1
560d1c35a9496e6aece8d48570c1a7c606365434

SHA256
5a3124a63593cde13a7a84516c2e3bc8df5b2478efb4386f2ec4019432531f29

SHA512
bd8e65b472c9a0664b1b89011900750a2087c9f3822a2ae26d02dbe1e8611ad19374e04303a7ef4a0ff8c2f6ce4e8c5cf837b1c2c43d2189a58bffe7bc2b38b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
4600f99dee64baa22f528cf2cacf34e8

SHA1
d18ea07bddf9e81b2aa269dc534362442d7b6eb4

SHA256
bafcb7e192ce0fc25d30539464648d0f35959b474e1b33fefe574ce4cb7cc77f

SHA512
32b73dcc8a0411a02bac52d1d0e10c2d00fcf502410571098aca37ff875273a4fa75036a4bf1ab26be9782ded6837e6d896ac99bfda2c1c0db98bc8842635b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
91e134e4348b41430051ec288474753a

SHA1
867c455b292a54a492927382c1710e4a3c17b251

SHA256
4e13c21282154e8c5be283b576d76be6f675b933ff6453176dbd466301304152

SHA512
f68af616ae457208f5a5865643b7825c05f46695a7a98bbe44284036bc8913a82fc63f61ef893c3d7024af725291cf10c1382f5603e46e9113cf2ebafa27162a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0abf4b4886eaae5c9c616ba6f15312a

SHA1
cbe8129303b53d227ac41c9cea38b9c209ea1d8b

SHA256
2ca7bd0b4326d3cb66c119ed5f8950944822bbcb483755488b2704a60ed2b831

SHA512
0b8d1a0fd2e7aee29d58efa46ff9111d48880f3cff09bc5f1a98b31cf6457ddd6679372d95dfdaf09e41dc047ff4e4079706bcf833e17b01ddffeb4226e510bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f88a82f88c6888383f7708d190ba4cbb

SHA1
aa80ee515da57cd8f847c9e47a15328ca6602f18

SHA256
6a02595f29a9cad6192c65eb3f66ba289f98b2c898ea90aadfa781241539ee7c

SHA512
a37a3c82260ba04df0f9d9953224462de70ae5bf370e4a772a9eff4852d477c0f6dbc80a0d3b4fbec1c4524aa2ae3f85845ff33101a3bab8667f52147a8f2e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1bd55b5e4f3de1e5786bcfbea277c783

SHA1
596d83f452935c65f07e4d0dd8ee58d0e602eced

SHA256
6b84286f9f15df0bac1c07d886287f23b1dfeb476446980b170e8d9b3b547f20

SHA512
5f183b45a7d80b7104e5d82b5f33ac1a9c02e773b84b971179dbf4b25090094192e4e44ec4fdbe4d2bec7662f4b7fe86d3da615f6849ea42858f3eb68fa93063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b410192df3f495d829c99857fc3a9170

SHA1
94ee2b151b62ae33aef7682eb9992c496581d919

SHA256
8507d1c806a70141a0949155ace375f9a9a54cfb1068c7a31fd74ee0471e7ed4

SHA512
f2bddf179f9a6677dad9825087d785ae073208d6cd9d9bca283ec7580b21f124f044c3818d46281b369ce6834206f2d64b2fbd232cb8a8376c9fe007da62836c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56f1248b18a2c8685a0dbf8e904abf6e

SHA1
203394a16a6bc28cd93e846acd35a2094fef3c89

SHA256
5e9ed514e865c470305cffbda4ca33b610b2ccaa6b6ca27eba31f24a659bafc1

SHA512
11bdd3e3b79cbebbd1e4b9a5aeacd5cf45ef563efc39ada6fb918e300baee7088e0e50c6ab9bdbdf0f6e9f6992fd873c6652b8c055a8a1c401006499768b4326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e98fcd8423386456e2d8632a73041ca

SHA1
c526712a83f71e6aad9e60477433d69d8e535a0d

SHA256
a0d312352bf20cc022c5c67c9013bb423b4a26955ff6c8548d61d01b87749f2d

SHA512
bc2746b8b5ad285204ae1bbef7f98cabf35637fbe6f2514f97beb4f0fff850500f3384c28a9985a0f59979aa6962cbb79da97353223acd53563682296bc7e0ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
270833171554a0c3d91d53b3c1497480

SHA1
31dbd5a256c5f4770d425313df633b603b82bcb3

SHA256
23105fcc7382029d192d0236a267b92fc58b85288f28ded8f7544a160f1936ed

SHA512
29eae4a5412d4b6118f3874c3b34359e717dc330a849e414e12297b5093f0bf3bbe1960a029d8d8978206becdb193ede06e011ced5e7190614b783dfa3b0db98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
d6744b45480ac01123fd712d2956537b

SHA1
ce88cab117b2918289e28b2bef12122d41fa94d2

SHA256
af853d12cb1c2c54d7547c30de4ef233ff0599389aa44c1aa17b37c30d172f37

SHA512
cde9166d04e0050b11ba77969a22b6be7dfd4da04cea16bca75f4a992204fdd6f87ddc506ac0351af41807cfaffb30d4bc77b1b507a947417690dda01f353ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
6eb0314867b530394f69888905600418

SHA1
da9a0d4300fbd2927eb27ed791fd9c81b38552f3

SHA256
bb5e2bb635a7105f4e3ce563de0d3fb30fc149744feb5ff3b9c7a95341b27181

SHA512
df945b242a59dee68c0902abd8cfafa38f2745e3fdd1d588a962db63c7c4da01b6626edef7f024d8c21eb62d38e91c3e2b1aaba8b4637d0d1fb5169763148b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
375ebb597a27a6091c29226192a9d783

SHA1
0072c6db5b6db5cb98db21e76872f9e8afe4ca58

SHA256
27cce589c84e3452e627e64071b6bc260f1c31ce4b8dd55eb960bd6d2ba3d79f

SHA512
d0c9efe2ac5c14ee9952bb7fabd02193d4ba2bb74d5eae6a8e27fe3193b37485118a9ecdc148f13a0d792311a18c916cd768b2bc69f867fcd4330c239c652462

Download Submit
memory/396-0-0x00007FFDA2873000-0x00007FFDA2875000-memory.dmp

Filesize
8KB

Download
memory/396-4-0x00000184D9430000-0x00000184D9958000-memory.dmp

Filesize
5.2MB

Download
memory/396-3-0x00007FFDA2870000-0x00007FFDA3332000-memory.dmp

Filesize
10.8MB

Download
memory/396-2-0x00000184D8060000-0x00000184D8222000-memory.dmp

Filesize
1.8MB

Download
memory/396-5-0x00007FFDA2873000-0x00007FFDA2875000-memory.dmp

Filesize
8KB

Download
memory/396-1-0x00000184BD8B0000-0x00000184BD8CC000-memory.dmp

Filesize
112KB

Download
memory/396-6-0x00007FFDA2870000-0x00007FFDA3332000-memory.dmp

Filesize
10.8MB

Download