discordrat | 913075df7d9f88bc8a9214b58725109206379130825e6c92c66a628287e44717

Resubmissions

25-12-2024 20:54

241225-zp46msxpck 10

21-12-2024 20:57

241221-zrs66azlfk 10

Analysis

max time kernel
122s
max time network
124s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-12-2024 20:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

DDoS-T00L.exe
Size

78KB
MD5

bb4d21fabc186439071c5ba578bf7ae7
SHA1

3c97e263c0b80eccb5e1133a7e7bcbbe2e9ee903
SHA256

913075df7d9f88bc8a9214b58725109206379130825e6c92c66a628287e44717
SHA512

41e094842993e183dcad193f15a073212972fdacb52e5a38131e6b1054c0573651d2efb2342adabf85796897a36f548a0fda8143031fcc85abc6671fb98b3dbd
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+gPIC:5Zv5PDwbjNrmAE+EIC

Score

10^/10

discordrat discovery persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMDExMzU1MDkxOTk5MTM2Nw.GAfhLM.-GVtZ8sv_cNA7nNBiGqC2qcc6ReexwDVjWanRU
server_id
1320113456485109791

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 16 IoCs

Web Service

T1102

flow	ioc
27	raw.githubusercontent.com
29	discord.com
30	discord.com
1	discord.com
18	discord.com
22	discord.com
5	discord.com
23	discord.com
25	discord.com
6	raw.githubusercontent.com
19	discord.com
24	raw.githubusercontent.com
26	discord.com
3	discord.com
16	discord.com
17	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133792882813139446"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1616	DDoS-T00L.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3472	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 4624	2876	chrome.exe	82
PID 2876 wrote to memory of 4624	2876	chrome.exe	82
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4464	2876	chrome.exe	83
PID 2876 wrote to memory of 4560	2876	chrome.exe	84
PID 2876 wrote to memory of 4560	2876	chrome.exe	84
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85
PID 2876 wrote to memory of 5020	2876	chrome.exe	85

C:\Users\Admin\AppData\Local\Temp\DDoS-T00L.exe
"C:\Users\Admin\AppData\Local\Temp\DDoS-T00L.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1616

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff991d6cc40,0x7ff991d6cc4c,0x7ff991d6cc58
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1964,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:3
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3556,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5304,i,16301248045699026106,6391808027931344458,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:2
  2⤵
  PID:4676

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\97ce229e-b1ac-44b9-900f-3be77eea88dc.tmp

Filesize
9KB

MD5
6167ece25d34157ceceec62a7325b638

SHA1
f1acc20bf6c9944a247f979f55b2cc0afb162719

SHA256
be5a7e62a9a3146419ea4d9abb53d8b5b9843317a1622630f3047d41a2d595bf

SHA512
b5050bb1b81d3124bada9ed9538063e53cffd95e4ec5da0088bc9e00283e331c5f2a47da7c4df2a49108840d7cae5a29343364ee9d7950e0c1404509ab85e2fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
252b6ce0931651edc195f3efbed4bcb7

SHA1
e9f9bc66b409247ae0210baedbc0a8e25190492f

SHA256
ae3250d3c3c35f66ca7b252e5d032203fa02c3d2b29dbc1c6ef38a1fb6c11a2d

SHA512
4374513d17ee14d607ceccc950a6dbc2b3356659870b4f2a33dc614ae5df8877e0566a5b5da29aeb705d1f2e01ccdd66363249cb392f726b48fe76c15a0bd098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5b985607f2f51fbbabb820bfbdbf42dd

SHA1
83c57f5464dd15bd3412960f76a126ff1a9a507b

SHA256
24d6e59bbe0f19155a22c856cca7e15ee0b9c2c769a01bb62a200d75fcf3ab11

SHA512
062771e5d55b5b01793643969c2afb038beba874d0d1ba705ac1cfe14cd9ca5499e406fe45f8b1f6bdd2868f21fd6fd26ae91fa69cee8f8f7857986a8e02bd89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7a07e13552cd48d09a376345563e9d0a

SHA1
9289f11c9063213fbd808b4ac577a645def79980

SHA256
852c6735b15cb052b09114b1d40ba60d6d10a305699851e105ca08f9131a5594

SHA512
d98471e4932070564507876b097dca6294a75bb198fb73e9db0cf5b1b8a94c5342db500dacf8c693da65a32cac0684ecda672e3c518183dd6015234d7908342a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09b301b63acf35c40ee7d479a3e1451d

SHA1
4eedda14ae2904bbb4d2c4380959bed55d388905

SHA256
f3f922d667ce4ac9e3bbf12e66071e9b4fe50c73462307e9273b06cb795328b2

SHA512
bc753c9c14bf1e7c5c682e1eddc4f8574d6c64734483f17a2ad7c593ea86d60039c1ad525c55ab918422b5684be45428c449733d6d56a2547a6613ba7b2e2ad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
800db991693453975f40c1f9294facec

SHA1
9450814a8e49a85067284c37bd46c4bad9219d46

SHA256
071f30a23fd37cf5e1ea27ee1c256c371f1c67aee1c9f66d0ca13ccb3e8b5c3c

SHA512
3b729863cdbc07946ca970957428c05f57527d43b1d89e4657ef13f064ea73c0ecd2c654aad287d3ce98fbfcf13c791443e4c4de0e2126d2a84e0e153c6b13f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec1d75d86f9170d01f4752a843e84de5

SHA1
729b9eddacf147f49049c9b2d31c2da8a78bc244

SHA256
3fcb864db80b5dcceea95f7ba495e49d560b8cb334a1a16a5ff1da0e212727a5

SHA512
1f5b027f02bd5f53b2a4380cf5871f22ff7fb9bb090c5340baed73c306031561c650841179f35276a7473915c670fd7e6d4ae125de532eac57c3c1290912d6f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b866b32563ff0a59a985c63ca31176f

SHA1
1326f53fb1aec0e8eb519ced3122f37028b5fe62

SHA256
306f6af3624150c283433ea12ed83204b4513ae3aab46fdf794632427583c745

SHA512
85bcb8fd327c7bdefc21b9bf6bff762e8aa91f016c2f1c31122f50659686583b5b622fe208e17ab964289678e7e3f4b3a2fe7c652cc60b5c9f6c5ecb2e6245a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8d747a9708313ae9a898ed729272c757

SHA1
db8acd3c1010745ff4f4c9d6901fec31c90bf365

SHA256
bce71ae8b98e3e6fe6d400785373700c86d450f751034da75064bf4c7e96b187

SHA512
f33e73761478d8905a9a0cba219ca58fb424b9cfeb3f4cb5ecf86b988d0c6177958e143088427623910dd471ae16af6de007a4af6b3c117f4719742d1f0b0d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3de9de367ba5694d469252b574bbd60a

SHA1
03293e82666c4af2fb57195e0f48009efd57801b

SHA256
3186f26cc81c07ac849d095bc89af2378fb0ee2e1810b7d166ae5d115612f6ae

SHA512
f31128c379531605b418d1763afd5e72e321bd285773db290ce5e5e92388a9900fa08ab169a6718e630f32f0d2b69c4083746a9cc27d642644569c2ada5b3fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b1908983a862e1f885ae925cb984e946

SHA1
07f3b857120b7d47c2ec79c26058b3a485b5aee7

SHA256
963940745fe59bbc24f17ea2c429881d8d1031680943551eb67edc33acd259cc

SHA512
bdb935f13d0985a758bc9257c509e32089e4c7f363da5551697ddf843eb799c8a8e85f99ac8d858731be04915da2fd8f6b5e7a4e2fd7012314940bcf5b0b0d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2a5912a6176b6d356b4d3a8d46a20580

SHA1
4ff4c9fcf5ef41f7ae7433b014204179dd747185

SHA256
e5265435e0624ea7df546f22ab5bf1bb0e4bf8d9e9e087c4b118bea9d348abea

SHA512
52290f9981c0c58f1104ccbfa7b0b5a9b3bd9ed3de4260466e8bb621b17d6e6431d0e256688637ef987b9372d9aacd0fb83ebf2587e8283b828e32ee7a811773

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
b7443e89f0cb29d51ee6a257750e54d2

SHA1
84127eebf275e781d5276af6fc4d09c5a6bfb7b9

SHA256
8226877d6ab2e4834aea6bc71bd9865b28d0bd1ec2e8b4c23b8acf0301c56f26

SHA512
446cfe25d82f3bbf7badd324cae691ad62e13bd7469e415f47b9141bddf30679219c672937f4f6768796c2936c3b9c557fabbda1fb51c5edbb7c1964bffa17be

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2876_33691134\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2876_33691134\a61aef67-9d05-408b-b670-c9dbf5409bd4.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
memory/1616-524-0x000002A8F74C0000-0x000002A8F778A000-memory.dmp

Filesize
2.8MB

Download
memory/1616-3-0x00007FF996B90000-0x00007FF997652000-memory.dmp

Filesize
10.8MB

Download
memory/1616-1-0x000002A8F3E90000-0x000002A8F3EA8000-memory.dmp

Filesize
96KB

Download
memory/1616-2-0x000002A8F65F0000-0x000002A8F67B2000-memory.dmp

Filesize
1.8MB

Download
memory/1616-490-0x000002A8F5B90000-0x000002A8F5B9E000-memory.dmp

Filesize
56KB

Download
memory/1616-6-0x00007FF996B90000-0x00007FF997652000-memory.dmp

Filesize
10.8MB

Download
memory/1616-5-0x00007FF996B93000-0x00007FF996B95000-memory.dmp

Filesize
8KB

Download
memory/1616-4-0x000002A8F7870000-0x000002A8F7D98000-memory.dmp

Filesize
5.2MB

Download
memory/1616-0-0x00007FF996B93000-0x00007FF996B95000-memory.dmp

Filesize
8KB

Download