discordrat | 5d1c6f43553cfc3e034cca1ae788ea3cc25eb705e2f65ed1c234b70a42eac245

Resubmissions

22/02/2024, 14:30

240222-rvetyabe46 10

22/02/2024, 13:57

240222-q9ft4saf21 10

22/02/2024, 03:12

240222-dp961aba6v 10

Analysis

max time kernel
67s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

menu.exe
Size

78KB
MD5

94b0cef834e50471c6d2a831aa79504f
SHA1

7618db2ba165475ebf98805a88839d4933cc8708
SHA256

5d1c6f43553cfc3e034cca1ae788ea3cc25eb705e2f65ed1c234b70a42eac245
SHA512

715b1fc4a3986dde8d0c901fed81b2a0241cd0dfc3e1ee04b73a7c2bc676ee5de420c84ab3b728950cdb95b4b0d407846114e811347ce42d3712083d58b45512
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMDAzNzcxMDkzNzM5OTMwNw.GD2MsQ.pb4P11_SfSpg7C_ciV50xHdtqk-mTgjk911dQ4
server_id
1210051148896018452

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2556	2164	menu.exe	28
PID 2164 wrote to memory of 2556	2164	menu.exe	28
PID 2164 wrote to memory of 2556	2164	menu.exe	28
PID 2624 wrote to memory of 2656	2624	chrome.exe	30
PID 2624 wrote to memory of 2656	2624	chrome.exe	30
PID 2624 wrote to memory of 2656	2624	chrome.exe	30
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2408	2624	chrome.exe	32
PID 2624 wrote to memory of 2444	2624	chrome.exe	34
PID 2624 wrote to memory of 2444	2624	chrome.exe	34
PID 2624 wrote to memory of 2444	2624	chrome.exe	34
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33
PID 2624 wrote to memory of 2872	2624	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\menu.exe
"C:\Users\Admin\AppData\Local\Temp\menu.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2164 -s 600
  2⤵
  PID:2556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72a9758,0x7fef72a9768,0x7fef72a9778
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:2
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1568 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:2
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1272 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:1
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3676 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2792 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2476 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2504 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=800 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3804 --field-trial-handle=1120,i,813570539264451030,7774948603411849470,131072 /prefetch:1
  2⤵
  PID:2064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1936

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\CompressConvertFrom.doc"
1⤵
PID:876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c4f19b6ab127d9e8cc70562cd3605685

SHA1
70660462f02c44bcf8dfa522b509a7bbe1633d23

SHA256
496746eaebe8d3ead4b8c16b9cb983d4428252ca91d8ac28c90889ff1cbd1067

SHA512
f2ae0c1b8fb938788fb0e7df30089885a0249358afbc6642767a67b4f013e4490b845a7eb200d3b48e50e32a76c9d244653a6f53accfa477681cba97e6632bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e2cc789e64e1b23c1bc447c32b016998

SHA1
5e2345d4fa6804873f8ab4b4c4e88dc99ad5b43e

SHA256
98624d37bc4fe40aec390db2035e182280f0ef938cf5020d2c61f59b755ddd12

SHA512
cef9513671d65a6c3be91032d06ccc7c02f30d68d60195882b6f7396239457b33dedd85134d9e2359de090c3a69d4f7b0774bd91ac7c82cda5ebe6a0099d1aaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
27db0b7d8675cb9d33ced1bd630008e5

SHA1
2ec9bdecebc9d1b6f0cad06a914c1c60248c2c2d

SHA256
15f07b05a7439221afdf01b0eca8f1eac8f81c220e810218ae69703c9b747b02

SHA512
ba613579ba12a05438216725130b523d9301eb86cd6d2237f5eefd93fdc31d5133dda7aee8acf1d8c102e80c8a4506edf12b780a3c3391be6f843d6b441e5306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
da516b4cd6abc492eab4ee315c21848f

SHA1
daff7a11b126312a1034b0976bbe2c2bed12caa6

SHA256
d67916d367672fc00a7f16de57a1dae2c9e579320fa5c38658a8376457b4479d

SHA512
dbc7f70a1d8d4c14f1fd7469592b6cf4c3c4310ed3be0ca1c3424e5429fabc20dba1f30e6629af37455839bec0be368da6ce091037df9aea2452b0dba1cd78d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
d62cfcb21d43db18da9937255f3de76a

SHA1
a9be18b6b04f00f06ed746676ddc7865ed382ddd

SHA256
008134b12911cbb26a1c27080ca4e04af377a3ee7040e37bb6c7c9307e6c86bb

SHA512
6727b004bc0f0464a9daf536085ff163e3c65360a50220b5160ed6db6a2c6c31313a20c99a3dde91bf9a3da48d38edf41cd748a30da5f90a53f1755b50496fa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
751ac3cb357cf39e0d781d63bcf8a79a

SHA1
bfcfcb41037af3f3239958ed0bbd104eb7765d65

SHA256
c76f3724edd2a4d16cfec792e145543ed9f04a30d3e85df805c1d55ef81b1f9e

SHA512
9326fb3d5b9114868b3de0a92c00d64aa0fe936649a3105ddfbb5f6fa0e709e57e334acbc1aa5b074e6f7d9b960d12014326c4a7774ad283913ec4d785e743f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ec02924590c2c6dbcdc7697d75312fe3

SHA1
910447c78ce28fdc8eee37258f764b57d950ead5

SHA256
b3ce0fa9b71ea6df5df9b737875ca08098f745af63e22d602539751df21dd7ae

SHA512
140ed7d922b56828ad0295f0deb820887e40f3d9737741beece970748b84ad5427de4cae454baedbd019dbe711e344bbbcc20ed36d8f69632206ee6d29d2c927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1b18cfd25e66c88c35a70695a860c710

SHA1
211699ab877d0f4809f937d3740223eba16ff758

SHA256
7725d968ad02edde0928fcb6928f209a8f602494c3eed25364ffb6c5b6cb17b8

SHA512
61e65b52c7bfa0cc41f629ec7488c797d345c042bf1cffb0910978dcd900ae49cbcb246e2fe9dc87fcd9e51ce83a610791ea1ce74294bd128f340a6122e7432b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9a4e6c48b6bdc94dc6a24f9df0f63163

SHA1
8ddba7c1881608a8a99481aad7f2602fcbd65fb8

SHA256
69c3241912370f54d7e7efaee71a3a1a3df5d5dbaa9025ed72d57d114fbd2f45

SHA512
2e7a76fa99f621f339f54a4a7399245b4094fa17f160dbd7f2c3fd15b6c674d3d03fd5f5f6258635ab1482f67ba598ded43496c23fc181a2584c15f6afa72507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ce83ca753eba7af2b7c95339d10a7dc

SHA1
59d7f0d9d1ecaa9520a03173331301c0aa49f444

SHA256
9646d6e44938220518d98ff9db8bb2a3ecb6576dd08d96e040a2c19f92f14cac

SHA512
f6df11d9eb9bdad8309a47f47ec6c6492cda37c49e52eb5d5f72cf7d512ea2ba0824efcee1e11732b6b9c4eefb0a8469fcd4f201e92866f3ac5c85151b0c242a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
861bade28637509643bbf2cd64943e22

SHA1
5c0b90ecdc24a289e7e9dc1d6b669b110dd2fa57

SHA256
da7fd840fb637325d60246320c14d2137e70074e9c29f1fb7358449576c316dc

SHA512
c2bf41f06d54227986ce3a2036694aafedddc807a30726e684a5f2c295b26f75787b0642311ff0c34aa7711e39b538ef8695c67e02bfbca6ac0acfed5ccfb7f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
c97d868a6af89006b24abbd04205e994

SHA1
9d034ca5481fa61e0a31306de9a5f68b15a9138f

SHA256
4e6560fd7c62f7bf8027922e0e6234dd3c0c104027c8112d54d338767d51d76f

SHA512
5b67cc9a1784e29a45b0b13e3140b6dfbd361d57c4dc94c6c9e3cab84793d7785b42918048fcd8e7879788087e9b503decce3c5a1c2f2bfee46c3c749bb9180e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e12f04f4-9b36-422a-ab81-753f8f0c815a.tmp

Filesize
257KB

MD5
82b6855da5ee3e0f0fbd0d6af1b8dd6a

SHA1
f6d636c742e6dd67e2ba49b2893e707f410bd861

SHA256
af97bfa85a65bdfee3fb3343dff6e0043d3a5c9c6f850d4417e8c8c5af9ebf3e

SHA512
1af396c8792ef263d595c0034ffa4996ef98a40d24708d320fa731f6240714e10a6968f70b37e85fd128e90c94db8214dad2b2ca697f480e653b85d07ebb09c1

Download Submit
memory/876-344-0x000000002FA61000-0x000000002FA62000-memory.dmp

Filesize
4KB

Download
memory/876-345-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/876-346-0x000000007107D000-0x0000000071088000-memory.dmp

Filesize
44KB

Download
memory/2164-0-0x000000013FFF0000-0x0000000140008000-memory.dmp

Filesize
96KB

Download
memory/2164-1-0x000007FEF57A0000-0x000007FEF618C000-memory.dmp

Filesize
9.9MB

Download
memory/2164-2-0x00000000021E0000-0x0000000002260000-memory.dmp

Filesize
512KB

Download
memory/2164-3-0x000007FEF57A0000-0x000007FEF618C000-memory.dmp

Filesize
9.9MB

Download