discordrat | hxxps://github[.]com/aaxxdf3/fard/raw/main/fard[.]exe

Analysis

max time kernel
133s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/aaxxdf3/fard/raw/main/fard.exe

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMDc4Njc3OTI0MjgyMzY4MA.GMVCw3.9Odg7BkHi57hIYHgxOVloFKLkgznXTEMV1598Y
server_id
1210075567773188126

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4100	fard.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
17	raw.githubusercontent.com
16	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583952418169347"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe
2616	chrome.exe
2616	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 1020	4564	chrome.exe	85
PID 4564 wrote to memory of 1020	4564	chrome.exe	85
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 380	4564	chrome.exe	88
PID 4564 wrote to memory of 2256	4564	chrome.exe	89
PID 4564 wrote to memory of 2256	4564	chrome.exe	89
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90
PID 4564 wrote to memory of 448	4564	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/aaxxdf3/fard/raw/main/fard.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95f86ab58,0x7ff95f86ab68,0x7ff95f86ab78
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:2
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2736 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4664 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4704 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4824 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=976 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Users\Admin\Downloads\fard.exe
  "C:\Users\Admin\Downloads\fard.exe"
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1884,i,4407104415568965964,16556093353580084482,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
be01a931bf0ed05a54aadebe42763f44

SHA1
5a2092714dfe92d8c6d589e9b36c4da824f56422

SHA256
0b9bacd6315e514fa74bdf459464e988f32bbc86997e3c8baea68b7fe5a96ad2

SHA512
3ec2747a185b383fb8bb35db0636070c835fae7de40a5347012926a27ca1c650149a35eaa1cd83a6f25ae99c58176da8f2703d9abe282fc0e03c4265c369f776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
0e17ae6649813a5ec864b01ca042c4ff

SHA1
5f85fa66411e16733cc2191a031d95b9a6ff1079

SHA256
d09e216e5317e2c36d970b7213dbd1f78c4362b45225f28b9c8f424af6f72ee0

SHA512
9192f69eae0f072f59a63894d3862662cfbe85ab118824f8b28682099cc949268c0f3408d29c5081189dd7e7fa570dac99cb349d36f552fb4a3a0c42e15b8332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3fa920e49de3baae293845530362a73b

SHA1
8ca6b34c99e7ceb76f5d4fccefee70221643bcff

SHA256
09cfe68ecfdf99a05bca4354a0964a6f05c06a8006acb6dbfa3c79e9b0c2e210

SHA512
623d6b91ecbec2bb8ca240a1b16678b538113a6e6d4787fa784be32d7638782671ea5bb61688a881668c6ef7fa2ce9812aa5a6aefb6a451d469ead2c8fd519f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
904d4bb8fe663eef84ba199c5aba0d4f

SHA1
2222fb3cc897de5fb5dde667dabe1adf106f10e9

SHA256
66689e582074f3a742a18981f025fc9fb2d3578b945ad84ca2f55bca0a6ded04

SHA512
38fa8b96e73007ae1a0e1cdf61c63b7aa1e20eb19019e980a3db39c403dad7491c569e12ccd51553e209524af0709a983f95d7bdcf7b3e1fa9b16696dfceb445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
40fc3e1dd3309c90a646a5dbe0079a60

SHA1
cb96e7b9763f9f09ceec45323c14d13a78d9467a

SHA256
5bee5cc7ac6c26022a8ccabbc54ca62c969243e513e84d447035fd78741dedf4

SHA512
b084e38797e2a91bedf37f58586531d239cfbc4895afa00795d77c48660d6c3c0abfb741a0cc7075189b8be8ff78c17e2859e328eea6d16ce20098a56a3ba61a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
0d68b6e2c24338f9d715e654186ef349

SHA1
5321474a5511b00bcba34db29df5d3bf2635bb5e

SHA256
99b9f55f658cc3b4032e90139494cbf641b558985985e5d48d5f72cfc83940d1

SHA512
c298bbe2357a07be97f6f10d01b10eb7b647657e452fbafb2f4a9ddb9dead248a56b19cf3a7514bc3832ee1c0c6ae785babf214adb8926365495fef4884ea45f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590bce.TMP

Filesize
94KB

MD5
fb720c0c9d9df9b1a6149079db2df3a6

SHA1
d45b8bd5bbc660f22736525ebe95c562944e5b8b

SHA256
ddefc3486d8d998e58c674baa6dbd46af06b9e5ef8704267bdabd08095728f3c

SHA512
97091f938a45382f837d5b217bce5ac6809c71603e1bee90b95e4940f3b11d9bd128588acdca6984debde43ab3af2edbb78ce343679f410756184aef692fc614

Download Submit
C:\Users\Admin\Downloads\fard.exe

Filesize
78KB

MD5
658b9e16e094030391b46a0a146592a0

SHA1
de4b66ad24df92e847d6d04ab87e444cb38b2d5b

SHA256
039ef01b3a427feef400de03f420f3fe077c7ab1c441c1e7b998de3ebbbf7e94

SHA512
11f7b8cafca9e496278bd6959a30c5d97470841e6348422bac3e632f1c44d0538d102040e9e59672f4f9ea31d569675d65c3960d5e0dd3f993cc16b800cd692b

Download Submit
memory/4100-98-0x0000016AE8150000-0x0000016AE8168000-memory.dmp

Filesize
96KB

Download
memory/4100-99-0x0000016AEA6F0000-0x0000016AEA8B2000-memory.dmp

Filesize
1.8MB

Download
memory/4100-100-0x00007FF94BA40000-0x00007FF94C501000-memory.dmp

Filesize
10.8MB

Download
memory/4100-101-0x0000016AEA5A0000-0x0000016AEA5B0000-memory.dmp

Filesize
64KB

Download
memory/4100-102-0x0000016AEAEF0000-0x0000016AEB418000-memory.dmp

Filesize
5.2MB

Download
memory/4100-129-0x00007FF94BA40000-0x00007FF94C501000-memory.dmp

Filesize
10.8MB

Download