discordrat | 60f1773412433537eb8d178603df50ed19b70e53bcfccac1265e55af704de749

Analysis

max time kernel
64s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NigaMafia's Boss.exe
Size

78KB
MD5

21885f673ab1e5656712d1946e139a95
SHA1

af4b0886b99640a98fde66638a08e21fe6acda52
SHA256

60f1773412433537eb8d178603df50ed19b70e53bcfccac1265e55af704de749
SHA512

324c0cf0e7cd6d378f32d7e539ffd2f25afe5a487f0d1bedc864e58b0f7c3d66f00dd87aa53c915d745694dc2c1a324e97803a5c42276894b32eff17c6d6979c
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+TPIC:5Zv5PDwbjNrmAE+LIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwNzMzNzU2MDQ2MDc2MzE3Ng.GN_Yaj.0dKAdTpvE5EiY68CCdI2lKg80pcq5NJa3CMGIE
server_id
1182383459306586163

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
20	discord.com
21	discord.com
22	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1600	chrome.exe
1600	chrome.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe
Token: SeShutdownPrivilege	1600	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe
1600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 2064	1392	NigaMafia's Boss.exe	28
PID 1392 wrote to memory of 2064	1392	NigaMafia's Boss.exe	28
PID 1392 wrote to memory of 2064	1392	NigaMafia's Boss.exe	28
PID 1600 wrote to memory of 2728	1600	chrome.exe	35
PID 1600 wrote to memory of 2728	1600	chrome.exe	35
PID 1600 wrote to memory of 2728	1600	chrome.exe	35
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2680	1600	chrome.exe	37
PID 1600 wrote to memory of 2408	1600	chrome.exe	38
PID 1600 wrote to memory of 2408	1600	chrome.exe	38
PID 1600 wrote to memory of 2408	1600	chrome.exe	38
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39
PID 1600 wrote to memory of 1248	1600	chrome.exe	39

C:\Users\Admin\AppData\Local\Temp\NigaMafia's Boss.exe
"C:\Users\Admin\AppData\Local\Temp\NigaMafia's Boss.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1392 -s 596
  2⤵
  PID:2064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4d29758,0x7fef4d29768,0x7fef4d29778
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:2
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1492 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:2
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1380 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3928 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=692 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1768 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2316 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=900 --field-trial-handle=1316,i,10879460679957620457,2605439577099610326,131072 /prefetch:1
  2⤵
  PID:2964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
7c9cd09f39aa52b534731756bbef3254

SHA1
e0d9c8fec90d6e7bbec5d527cc09f8dddd8eadb2

SHA256
a0f61a7eb0fd76fa362683f30dc6c81f8cf729ae241639c2ea0173594be9d186

SHA512
30cb54cfe20d0e30c07e284e83d28333dc2bd4928c29004b0afe185615c705860b53eff44ca18143fad1f759d71d2a9599fafc642547232316419fcfa82a1283

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
333a15f7c6ffbd76e0913ffc889eb9ea

SHA1
d1cdc1a3a853b328a6a9cc9410a397f230a376f0

SHA256
d491ac986153feb40b8911c243af1a574c9fff6e9d5755f3753cea96e8e81676

SHA512
c889ca0465bfb40f719b6fff5cd9242723f4c559f638e7672e3cc05ea73be3021cd039ffe85218383981cabc0ba3aa8dd9057487d93bcb184267be05cba18344

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3a79aed0093076c3f8cda8c6fe34930

SHA1
d64dae07d51a90c323ab772b383a3bd94e621fad

SHA256
14d4c5e10136cf9c21b87cb4ca680850f43d40339a917f91b39a2fa1855abb8c

SHA512
a0e85cf44554d7c063be6b0e67f8744c8f863604910dbb4a4c5df9fe84039bed6b1c1cbd5595c18a162a75937dae63c549b8198505a63354cf422f09390d3b64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1683187def04259e7d6e0f87488d1dad

SHA1
f4b56f1cfc8c6d9b2b799b87c753eb91dab3ed9c

SHA256
957aed10fe10e967f872ddb9daa80631965c545ef1fb27275632ae2c8b16b608

SHA512
17123aa5a68f34b32208106a8ff146482aa42f49dd7b0c540cbe385ac4cf3d93cd60ea63c685a13a96db31f552ab0cdfe4740caf90010e436ee695b57c0d8013

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4354061543f09f14fb62ae8d0f8cbe35

SHA1
da0b6c1da3b992873e002d8378917b7e0b887527

SHA256
ddf05e3bf2bf1584079d74cd8d65a113fd94e0d429aaa8d91f91d1a592e76acf

SHA512
b8a4e5ea3047c3cde1cbebc57fc9754c459877158c8854648a4313a1a7dd013f5b8e8f6594b5b4f43aa37ebb301b2418c22aaea15d0739283112c2076fb45948

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3c395a88d56ddc00259f6f965b6bd1b

SHA1
950e714b4e7bfa1148774f87c39f84fa15728208

SHA256
def37a12740e2cddbce2c44190f64d1cd2bce8e19750cd5354907c92aea583c0

SHA512
65017768f788c1627b32f6ebb6bbc50b1fdff2c75a673426b140b69e587e685fb2c10233a27fdebec0b3e98815a5e30d034048e430d2b814b003b7bd7ab9b2c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RFf773d8d.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3d6b734a1a995c593be75c9a0f5d118d

SHA1
f774b9c2e0a86088e3d766edd71b01de4c814455

SHA256
6fc3fe674f72c00abf1285406b37f9b4550d1bed9b1b40590aedc25ca4122e93

SHA512
0e359d30b3173b7008c72d4d1cb2db44e5144e472714b45d0663a3ce4a9cfeba77e9501cb761439edaaea31ded6e6841fcb64ac82b09b9b9e8fc5fceda4c46df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
d1a04d0b0974a824789279c9ee6757dc

SHA1
0fe6810554089e78c646290283de7c8be9453657

SHA256
651721bdd0b4a8000c6c67232138e39935f84a8fb66ca79aff43437e71b38217

SHA512
c443dbc9378b26cba83709f4a446882ee23879784e19ff8026c2e6409857170388d2daa6ba874183eba6e9669177e71fb92b0141e83c94d3209f0c58f561fdaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
9fed64111dfec3dd6327af3c1db421f7

SHA1
59b4a4cc7360b49e118279065d5be3a2712e99ca

SHA256
aed108d8d45f67179e71df6c9b631e9ab4aefc8c7b0298c6a2a2eaeea448d97b

SHA512
b97c2e484f8a90fcd9f506dce716c7818c4e57b368e89ca6bf8387f5d9f577053dc7a4ff31abf7ff38b3baff51a350aaf70783f6bb5cf8bd4892b74fc8901372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
6764df74ce697517c2411053c13ff456

SHA1
2cf28d1f537eba245abd9c02b156809e258472fd

SHA256
2013160f761d99f3a47d2803670a8d5f032128598426d2724869b448464031bd

SHA512
2583550bb0d9a41aa79afb3507bce6f67fecd9889e25515cacfe661a76bf6ce89601a31cbc854ab864347b8304a3a75e1c74483a91a96a55dcb9de0b6e0b64d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
70faf21f5b494e562871dde558740691

SHA1
bb15f537833efd3c7d1edad0e313334db2cb253b

SHA256
bfe966769285058f384b91e5a814db1cc34805f6bba1a4b60772319e2a9a00cb

SHA512
9c53b93a8e4ebf106816cfc667707db9d23112368340c40160e5932b2b7f6f47c02383d0387dca9fb89842378e7556cb6421e92006049be7297093b6400b0b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ed687eb5c783b67facc79ed0657bd7d3

SHA1
28bebc454e5c6e4ff61d8cf5d597423c4e7aaf3a

SHA256
34d3573e84ee62bf3fff2b0d52603e8472aeef6a58d1539aee82930ea9071eff

SHA512
d53448f23630f47c6328362fba66d4af935eadb56bafa378976d6c056d751372ad97cb07906c3ef57bf850b51b12942a7b4d5d0d0976391accb10d5a8770d6c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e8762843c8032f1912c99cf1a9b2c47b

SHA1
2990ad93273814f795bfdf6c167edc5d25ffe934

SHA256
025420949f0831111e7aee0cac5a2e649fea62c477c293b5e280101c2515cd4c

SHA512
fb716dc2fe6774d5468ebecfdd91efcd8e5e57a8e1dbb557c3189b88ed2f20a62ec020274fec8ab94067bd7e65a0af7dbd52f402233c14976fd490528d98523f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2e2c1c9023de02850889393cbb08b0e7

SHA1
9d87e0d97fb262d6e206d27937d9d974b99d8eb6

SHA256
c688bde7a4f5358218ca84fb9ea80ee828bd04256e4b09f8e04f844fa8a32fa2

SHA512
9315baf0aac5e8415f7187e31c445794d4197cb75e71fb36c286d15cbc79caa90fcff3f4de8500befb3b56b72165f50cfd0a718853fdf4eca90942c203aa339d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2D8D.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
memory/1392-3-0x000007FEF52E0000-0x000007FEF5CCC000-memory.dmp

Filesize
9.9MB

Download
memory/1392-2-0x000000001B940000-0x000000001B9C0000-memory.dmp

Filesize
512KB

Download
memory/1392-1-0x000007FEF52E0000-0x000007FEF5CCC000-memory.dmp

Filesize
9.9MB

Download
memory/1392-0-0x000000013F0D0000-0x000000013F0E8000-memory.dmp

Filesize
96KB

Download