discordrat | 15c9db25ecf6db656246d23fd23cdcd328fbc7d59e4c13ef0aecb774674355ae

Analysis

max time kernel
148s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15-12-2024 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sperex Update v3.exe
Size

78KB
MD5

d7860cd78e5d8d084e3f5d341b4c983a
SHA1

58b029d709dc20b74b4a26b7fd28dc9cbdcc8105
SHA256

15c9db25ecf6db656246d23fd23cdcd328fbc7d59e4c13ef0aecb774674355ae
SHA512

3d9b876f32d63c8ea21fe2c5bf7d71d93b9401bdf39af85d17bbfe49609b2ca8af68dfcc6182ea0cc7691ba906c5d76913874fef156a48fb6d64c19c0637d0f5
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+4PIC:5Zv5PDwbjNrmAE+cIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNzUyOTIxNDUyNTkwMjg4OA.G2AU-9.gp8oui8FZgS9lfAB_I_udCmnKXuah-v_04_U84
server_id
1317529702952337458

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
3	discord.com
5	discord.com
58	discord.com
42	discord.com
59	discord.com
1	discord.com
6	discord.com
7	discord.com
41	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133787382532862225"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of AdjustPrivilegeToken 63 IoCs

description	pid	Process
Token: SeDebugPrivilege	3352	Sperex Update v3.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: 33	4296	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4296	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3352	Sperex Update v3.exe
3352	Sperex Update v3.exe
3352	Sperex Update v3.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 3000	2608	chrome.exe	84
PID 2608 wrote to memory of 3000	2608	chrome.exe	84
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 1212	2608	chrome.exe	85
PID 2608 wrote to memory of 4924	2608	chrome.exe	86
PID 2608 wrote to memory of 4924	2608	chrome.exe	86
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87
PID 2608 wrote to memory of 3124	2608	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\Sperex Update v3.exe
"C:\Users\Admin\AppData\Local\Temp\Sperex Update v3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3352

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ec59cc40,0x7ff9ec59cc4c,0x7ff9ec59cc58
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5096,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3460,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3252,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4356,i,10327706588740953216,15204890734768490943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:4324

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2496

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4bf5f7e6-aaf2-4278-af26-6358e1e48f99.tmp

Filesize
9KB

MD5
395028d549a8f729d4173441c52b67bc

SHA1
fed6abd0980b268174413461051780f9177d9741

SHA256
42bb0dad64dfc1bdbe918ac95473cab54dd8af8f424faa5dca27d393d621ae86

SHA512
89fdfb81c68ff541747628df570aa754a630382447426a8a8831b61b554f0beec7220c26b92b53bfa23bd4c7f74d261e64935f623407852dd87526b60f0c5e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ccea970bafc52acb7369f276b8645f93

SHA1
a0ea91f45245bbd94b62a8871347f90c6db2c376

SHA256
ddcf48dcd11a4b4add66cdaf042b09b93c64af6b53b2f004925a24a26da541ec

SHA512
0a3da097913a543568f37df78fb68ed301b3b150447fcb4f7997a2f026874bf4e0cbef470c43bacd359a21df1db562be277145d31738d7a203f33d9e5e7ff4be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
886f47cd367525714fdf4f45b608aafd

SHA1
d684b4a28f88ec1c2918e9baa8623a66fd25781b

SHA256
fdfe02103bbf10f221025b7f36615e3528a33b378f671d492dac242632956362

SHA512
87eb0887a3fb17ea83298ed9939e9ce69b274b3efa9b3258a2833a7678018c5571ab434ee152800eea0f292f50e3fc1ff07d12c4428ee1c6f6ca645ffae8ac37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d5509ae63b05479a443a4ed45702e3e6

SHA1
6639140f0a02b776c389295d7de893a9a229d181

SHA256
97ad94cb9996e9cfc5b5922fb03f1eeab960c9edda31056eac5b0d2726e0af2a

SHA512
187322a7430cf64f288acefeffbf2a994b77da3490764eab7e6c8c820a7e974211fb07521690d736ff441d75ae77dcb2b6aba6cbe6970f5616a781237b2fad83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e0cbc4d587239948c751eeb249cd4016

SHA1
128a5cfa582f2f0df37c773363906a8062a1fbdb

SHA256
b2e672d25a2388b1a4801422f5eb87e3e77ea5f099b8bc52bfeb2cd8ff115cd3

SHA512
d88ae378313bce0da7a4ebdd7404000f6a6eaec586ae29de6afa913c32f713dd7bb97aec081a5642ed20d58e82cc54d0fa887d5d1ef1655acac160f3c95cdf37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
476d2ac07e5719177fd3ac939b33c7cb

SHA1
35f469e3bc781e05c8e5a38a5a65a7bdb596de1d

SHA256
f8b2bb951b92ce40ee4dac7d9d9136b96b51532a2a4d1df16c5a8ebbd883941b

SHA512
d457048b7a4adba487b7614d1ba166e4d4f06c3870ce53a9d2f2974f0437a020fc002cb90a6188b31a67f5e61fe3bdbbdfa8e74df99c715cf9638e344e19fbc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65f99def265b0b35067d220b1a87f9c4

SHA1
651417578571678fce66eba6d5e38bc0b0c9a8dc

SHA256
f34b11f6303823927db1d2c640637bd275a5f4a55abb8a3a5c1140b7c2b2dd4a

SHA512
9bfbf249b680f8070dfd2152026b5e089f8e18e2fd42fdd94a7b76e06e400b2081723a78d557f7b09eb748e5313d6a9b314a95995801e4c269576ff60cdc2444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46b34f6990bd0f2a1bf283ce82fcd243

SHA1
b59414fa3d0f70a0810910c874776d94c9f1ef94

SHA256
3612ef6379af7ac6e6cd8374c81924a866f6b848bd9d13107df84dbb97bf143f

SHA512
56473332b5853f7cc245a3a7e042a336028add81bd2808b5d15076944b092c93e6fd0bdb884a27aac2f8c3f4f56584f352336c9abc94946afe852da3a5a92c3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b885531209ba083eb5f41fc8e24cda1f

SHA1
a8bdeccc5a37ffde0d76f6210d409c3c10f3dd8a

SHA256
211d8abc2def8da15e213e1ac6606a5093d16f94ffceef00f665035176c29926

SHA512
395cf8d6633ae8187cee63ae07a570afb9cd1d6e811d7e1baeb6eb9696b68c003c084bed5fe5c41d46ff4013c65844c28b9fec150c561bd501e9900366bb1cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
997c9a1706bae2fa88ba3d0b7c01ec13

SHA1
584d6b3f4ea2f6593a49b98563e1388015ee19bc

SHA256
b5432567dec7cbe184ac9d1d544019f49ca6322ad61d0bfbe077e8435bd4361d

SHA512
158b73b463c50eeee22162fa8fd8a5937ba3a525a7dd0c1fd1bb76f8d1e9a51ec1662260f4f04aa8af87558376c10ad6cb7c98488e077cee8dfffa8fa9e330ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
ebd23ced22c3cae3dcd0d56af04639ce

SHA1
d5c20ab3ae45c8a63dc204f0aaadb05f8e030667

SHA256
7a0c3642a8ab3dc2118552de23534d1402ffb90fa85d5bcedec693531234a821

SHA512
ff268af363526eba7c67a06c3a3e41f61cfdab5ad0d1e12e15dc61276bb2773b2047fd52faf5eb7a7ee8315ab54c67f64425f853076e8da2a629ee7412b4c863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
4ff51f97ee8cc82f29ac00f8e873c82a

SHA1
b4be75947e9acdc96d7dc73c21c8084be1a5de45

SHA256
768369209a5a41ec62d88caae97e46f204238f0fad2ae753fa02458788cd4054

SHA512
4936809a16aa510fcbff73ae115f6362cffed419851a9ba3dd5b2f4c023e54a954b366a4be4571555ff42d6668d5887a428e37294df6b3a1420cb80458617991

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\11f1a4bf-06fc-451a-8124-c244a02931eb.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
memory/3352-2-0x00000109D9FC0000-0x00000109DA182000-memory.dmp

Filesize
1.8MB

Download
memory/3352-1-0x00000109BF890000-0x00000109BF8A8000-memory.dmp

Filesize
96KB

Download
memory/3352-0-0x00007FF9E0873000-0x00007FF9E0875000-memory.dmp

Filesize
8KB

Download
memory/3352-4-0x00000109DB240000-0x00000109DB768000-memory.dmp

Filesize
5.2MB

Download
memory/3352-6-0x00007FF9E0870000-0x00007FF9E1332000-memory.dmp

Filesize
10.8MB

Download
memory/3352-5-0x00007FF9E0873000-0x00007FF9E0875000-memory.dmp

Filesize
8KB

Download
memory/3352-3-0x00007FF9E0870000-0x00007FF9E1332000-memory.dmp

Filesize
10.8MB

Download
memory/3352-223-0x00000109DAE00000-0x00000109DAEAA000-memory.dmp

Filesize
680KB

Download