discordrat | bc1a4130fb7cd74ec1d007a3a02077d62a044fffb0cf3da0facc9ffd6053c53b

Analysis

max time kernel
209s
max time network
213s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
05-02-2025 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

8703559c0b9c8c89320913a1c4c1ae4f
SHA1

d6ce08ff8c5b17417b7311ceb90c90915646694b
SHA256

bc1a4130fb7cd74ec1d007a3a02077d62a044fffb0cf3da0facc9ffd6053c53b
SHA512

5d921473b0319f2d2a7aa3fd0c066a2d948ae214156087e4c050896583662cdf5fb365ab18bccffa3d5f41ab6643a4090ad05d082c111262726e3a5e6b830df7
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPIC:5Zv5PDwbjNrmAE+ZIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzNjY5NTMzNTc5NTI5NDIxMA.Gcz8aM.S9GNOb8hb_K5jw1INx35qkuuY43bIbRdj8HWZQ
server_id
1336081242344390706

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133832373531033098"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3500	chrome.exe
3500	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	384	Client-built.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe
Token: SeCreatePagefilePrivilege	3500	chrome.exe
Token: SeShutdownPrivilege	3500	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe
3500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 1452	3500	chrome.exe	80
PID 3500 wrote to memory of 1452	3500	chrome.exe	80
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 4352	3500	chrome.exe	81
PID 3500 wrote to memory of 1568	3500	chrome.exe	82
PID 3500 wrote to memory of 1568	3500	chrome.exe	82
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83
PID 3500 wrote to memory of 4556	3500	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffdeeaecc40,0x7ffdeeaecc4c,0x7ffdeeaecc58
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5000,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3492,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5076,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4536,i,4069864212691168042,14073759426992244901,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
40b399e76bf1d45cb79985a19616c03b

SHA1
890b20257606fd2d592c767ff59b70116291ad8e

SHA256
08d252ad5b151fe35c86ddfadabf4d390fe6202ff5d16cdb48e57848ab5f38d1

SHA512
bfa8ab2804674d09319755bc3e4244f9f60d264f9fd1aaef2c5913d277e1f542d4f3f33742d5ffe35b62a2c78d9f5e1ac4f35e0dcaf97103078d57b7cb165595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
32201596fcd20401a915cf86f5d84a7a

SHA1
b80acaf0237107e13b0069290962cd9d0ea39203

SHA256
73409e989d1075846c8aebf308ac9c2188e4f4df996b487040099ffbb7bec95a

SHA512
61e20f48561e52175614c330a9953c082a64a1c8b2addbf6f60b8ecf53fb857fb954fa35eb4faf38ab156979929d952512d46f13d0bb7d82e50c857aba8b63d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
682d93b55d78fc999a914681dd316548

SHA1
3ffd10bc01f2ba8f17a0c6f59cd33d746fed8364

SHA256
22ab869bff97e4d05fdb7c6fe5f320303c576205e042b835dddb8ce941e5261a

SHA512
5d789b9bc8b15c989f8155d5efef5539883b6f6fca0d62742d464b0af62128dc59b511ac65ba75237c75238cb0d76dd50d44957a162757b46afcd823c86f699e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
cff22a204434adb4e22e1ac9a620f0f1

SHA1
e355584911b0a8d0207b5cd098b03eebca81d6f7

SHA256
0d06a8a2d94afc576bd813cc93ab1514e207bb5172925aa15e9039e39a48553b

SHA512
881eaf6973bc89ede7853009e8041861bd331fcff0a90d18daeb066aa68f45be6f5a8dbbcdb150f3869839efc887b8186bd81d6d38103589b9e780e6f6878105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cb1ca03790e378cc51bb54415eb9f719

SHA1
7f6c5df910112b99035be3d9552742fa3fa377ff

SHA256
9489c9d079c2bc3d89f2e39207b539363e175e23d5c189e04180f6c8ae277fc7

SHA512
cd00673f16c8439b575febda557dbb93f5d4e0d7793173fc69b582bab4636828941bdea308c1743a750db78dc66c107ddf7b532ac727afba9ce2df85be41a837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4d1b16b8e52c933f67ac042433fed0c9

SHA1
6db47d60523497e5e392526351dc66ecdbd4abfe

SHA256
b01df2a19cd31bce4ae2c7907953f8bfe5023e38c210859809d5de4896d071ea

SHA512
70cf2811c0bca28ad5d8819f1499013c96d5cf6e19d1c39b234f20ee00cdf9d1d1baa30d75f9c581a1e7f6d18d087bd6fac88c4c4049957cd2d90f5a5942743c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
28b5de108c0e791be1747f6cf2af9445

SHA1
93f30fd63eac7ba5c680106866e7149695adc582

SHA256
d748589fc4f352b311c76828ba6212b33d0624a35ff9c27a7665088f67134f2b

SHA512
747808497f182efeba670850853239871176267fe2d9a11ec5ab0084b28d845bf1db0a316d713ef4e4ad9adc3d20d8be370ea501722809a1ff5e5fff52d861b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
aee9fc2a67259d66bd939ff723afc84e

SHA1
110debcd08e4398c5d0ee73453b1cdae0e51900d

SHA256
cdfb43e0e4790b801eb30ea9f46a93c692a00b136a8fcee0a66b0abd92c7caea

SHA512
73d37d5322c555c2ed824880a6da2bc58eb480b9ff5cca17731899c663cc9821202e5e50a708d278e0623eb3baa7a626d2bff4e7ce288efe53cce3f45104608f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ebe39838c10ebb7eea48bf3e2609dd2

SHA1
6b67cbf9d7a1550ae3b33446178898ba1fb9cb10

SHA256
a87e4cc997d3491e5201d2ddc8c1db910fa1f9019917edbdbddedd91f986b81c

SHA512
764f8814e0cc2eb95b5bb2a19bab1193aee4a5163e3df88bbc62dbc98276e071a6d2d02605291910505afe37c5edd15f68e5dd7ad919627ae15a6b8b582cb0e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
15dae02c61fc3dc8566e18b69967c5a1

SHA1
e2de87a042d697c41c6db0b36f4d44138508c0ed

SHA256
55f717eb4dbe6e385e673e48defa2fdcdd5954c4628a4b30370ddeb82a294b6d

SHA512
400861c86c954be2d665f530f27d08f8a653266fd0296d6882e9289b96d8000e9983a34c8750907000d35f8450f1e7048921dcb5ac6f63f0ddafab5dadf1e090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f0544ce03f1bbb4ca07e9d8c29a6fa4

SHA1
e047e4e8c48ae1c3835887a1edd02a450b8cd240

SHA256
36c4f972d72b437c974898b75e01df3d63e75fdebbdead369ba8afa7cb74f658

SHA512
417ed67dd37896cc891d24115afaa8e06bc2af4b9c4ddc57d83531c868a713f30c76c3d9a82551b86a8edc795c13a55ba847f25d3d99b8f99f22b43052886c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
efb4cd3b966fd71f39db4419ca26c7e5

SHA1
fb3bda6606137e5d99df3f4c60005cff42082659

SHA256
6d5ed81a3918a6e73996fd7f0069d34b76c9e192289f584988c1c263cb6f3313

SHA512
748326150f0725b132224225173ddd028b39bbbcd66aaff09891a2f72fa1b98b3045d9e7e0b94540603c6cc57058efa0859832f5dfde3baa7082ee1ea0fab2bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6cdf28171ada6879c2845187c21908e5

SHA1
af878340911721a337068c3c3b00a0ad5ca378b9

SHA256
0824a160aeedb9171140ab75e77bc4cc942aa52bdd7aff2899827d4737718f71

SHA512
959118d9bb9144e1f71c492d076a78b9c15ce5600014fa72493595da6b58945e8905d5f654d8f4ebb79dc3593a6f70418b683fd613ac3cec9cea8cf582ba441e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4127db01542d083dbe715b7362a028b7

SHA1
f2b180d37abc366fc7a0dcf2c835d9619848e82f

SHA256
597a0d760d96c6c6015a11b51a1b34aff0627b7e137387a32932577d720156b3

SHA512
ec8957a1526f987f1b651893f8187be92d541b06d9ea808c24203dbcfead38bbf44fa4252877691fa1374de2bd79550d466dd11744ee1afcce6cf49e434257dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c565d8286c9da4a954f85a7a3641eb58

SHA1
35cdc301538b836571f9b08f2ea425eb754ef032

SHA256
7e44ac6fb8ecd12be25dfabafadf4a558a2c73bb8441ea58b411761a3d5d95f7

SHA512
5375572b43f021d9b3d493433f32735534a1ae30e84f8ce03e7a295d47f47ea74598d347f2e5b1894bd33876f17f29c4d9392efc3247bf42d2ee55b686ddeb6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8f69a766752200e4680ea7b9969d1aeb

SHA1
6a9b20ba34467dae84f359fe4c2d8bf330a85968

SHA256
9fcd967608ab8a96d345d7b5578d98a90a0ff6307e4734ff863c8b3f7f376fde

SHA512
2c5cb1b260ec0dacd8eef2d7222871452f68787626b89f92f93a497c4d6d13f83e1196a876f58b4218d34ec0fb6b1995aa444847659d5c99af189debb1cb4d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ef5bd47b8c7eddcecb762b53b16f906

SHA1
772cd99107d1b8e13db7da924fe2748e3e6569f1

SHA256
334d38e85107414335f6b854deb051b043aa13d4c36a8e0bc156c75126305a06

SHA512
41691aeacd35a7ab20abf43ea4be92a25f5300e5b87c27c295730bb24960d1b4e9ddf30e351828a3f48275d09a8e3665f6125ad755a8b9c9294c5445138fedd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30f6740e55be591dd47e38b0bc8e1011

SHA1
f1c653b98588e8fdb10c4a5703deded0864533f6

SHA256
e76911c68a31d0cbe144ae02b539e13f7e49b2fd064c3f3d1c9f5189ea251ebd

SHA512
3a4e9d6100b27f44a7700915555bc87540c7040b9b9cece14f5050ff77dd28fb23e6a7869ce23e50fae0f7746b4f83fb05258262d5b2fbc3ffbfbe488be7091e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bb8977dc9186a29c7767ef3a7b437a64

SHA1
7abd54ad37df1126f36f23c9f8fdbb345fceecaf

SHA256
4c78d0d1bd9ac126e8fa9721e409818b8e0b518491e5a11b224857b9a88379e6

SHA512
a07151482f91fa38839c0681b5a107b07726f290ed1184db5d84162e2f8f5ab8994c8f17defd891c2474c7b1d3d1da58d74c39055bb3efd2c4f4b9421557031a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
91b5650308ce7e383388d32983bae94c

SHA1
0a30c98b31891f92d9b7c980ac033a3176f78dc5

SHA256
9db0993b0d50c3bac31e24fe15fd5b4702650729c2f4562e936c51272a3edcfa

SHA512
acfef1f9316aba26df46fd2e48834d4548d68fc7fa611f88af0f846c66f475dbe7072e7a7c14b24902420c7f057f05c8e2701abaf3e88c4b25243d1161fa75f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e747b23e-cf1b-4f05-9a2a-b0a539112152.tmp

Filesize
9KB

MD5
b9714c964ec04ef392344b0b36594f3f

SHA1
0551fd2ac9222efb207bfd6afe72e1ef8734a0b7

SHA256
9bc422a60749aab545cde2967bae9252c322c620e55c7507360b2f3249c06c54

SHA512
33860b7107654c5c61571b4754fff4b4eb071858bb2d3158c1f23a7dacc8d53bb9b411de6906c3f9522b3791022b93bab28ed14b54f082c3a0fcf8298873ad09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
72e9afcb47883232bce020a680cd81a6

SHA1
fc4c06c203c6593f5c01d22f781a3b18b535f042

SHA256
f21dcd3c1b2b3c37012d4363aa84fb1a04e11f5cb818c43f08df95aa84aa8058

SHA512
51201734211c4ea24ba451d7d431e63e6d9b46926cc1be78ee128936e48dccfebddb079b1b11925dc893eaeff13e5eff54a8a54057a1dac0b214ed6a6c715fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
6b80f9d4e842d95c409a8cbf409d3fe2

SHA1
6a87fe1ef741723a945a10db7ca690f83bb3a853

SHA256
56124f111bb0c8a83ea23d6d7ff65ee17b77839f3d10d286208f402db7e92e30

SHA512
0c3239f3a9ef008142ae185834e53327ff4ecab59de77485b0db622ec62cf91bf4e250893b5e1ad78bacde402a57d10bbe3423016bc4d90ab61179dd1cb2f1f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
44b7a758a07b9319662d0eb399ebe69f

SHA1
51e968b8c52a3366b84dfe33265071e355812ae6

SHA256
23ba4bd7fff73195abe24dcd517778f78e13db5e04a17dbf199a18099cdb090b

SHA512
8ceb8839cc9c7820437bb1f0348941e660edbf194a92ae84e1c9b33d8ce58e255e12bfa3ed800277694913696f9614c5379c1440335018c23bb5fcec8b2b282f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
c3dd85946ce1f9a7fa9f2b701138aa51

SHA1
94f72dc788a0f11a371cdb591a323af3c2d085f4

SHA256
2988fbe94701436775eef11b9ba281bc5f73168b006f597d73decea51176132c

SHA512
b44f350fd1cb77af11cf75a22848735fc7ecf13bae01adac19a10c1bbd6228d901424e7984305075978f85925d634a51afcec298eef3c1d6c0464ef3854da2b3

Download Submit
memory/384-0-0x00007FFDF3333000-0x00007FFDF3335000-memory.dmp

Filesize
8KB

Download
memory/384-6-0x00007FFDF3330000-0x00007FFDF3DF2000-memory.dmp

Filesize
10.8MB

Download
memory/384-5-0x00007FFDF3333000-0x00007FFDF3335000-memory.dmp

Filesize
8KB

Download
memory/384-4-0x00000245D2B70000-0x00000245D3098000-memory.dmp

Filesize
5.2MB

Download
memory/384-3-0x00007FFDF3330000-0x00007FFDF3DF2000-memory.dmp

Filesize
10.8MB

Download
memory/384-2-0x00000245D18F0000-0x00000245D1AB2000-memory.dmp

Filesize
1.8MB

Download
memory/384-1-0x00000245B71E0000-0x00000245B71F8000-memory.dmp

Filesize
96KB

Download