discordrat | 258ccb0c1dbfc2fbe13da1c515f9f903ea7803dbd2a990ad5574763048a3e30f

Analysis

max time kernel
149s
max time network
152s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-06-2024 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CoolMods.exe
Size

78KB
MD5

ca9bd14e43e32ac225ca5a1f0ac78688
SHA1

a14b80b814801e67086735cde8955ecd14b0262e
SHA256

258ccb0c1dbfc2fbe13da1c515f9f903ea7803dbd2a990ad5574763048a3e30f
SHA512

cdcb4b4a2c75b9a65f3612d41160707bab67888d45860aaee83fd44aba998565817feffede5eb9b8fcf0f513adc3d11cc00119d6143d6cfffa60bdaf4796b850
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+YPIC:5Zv5PDwbjNrmAE+8IC

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0NjI4OTUyODIyNzEwMjgyMw.G00x3v.G3ebYAE_DKraHpsoWYH78Oi_9kTyhdFrGvNm0o
server_id
1209686999565475910

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs

Web Service

T1102

flow	ioc
13	discord.com
18	discord.com
62	discord.com
5	discord.com
16	raw.githubusercontent.com
19	discord.com
14	discord.com
63	discord.com
64	discord.com
4	discord.com
9	discord.com
15	discord.com
17	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133616860846729105"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3040	CoolMods.exe
Token: 33	192	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	192	AUDIODG.EXE
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 3648	2220	chrome.exe	77
PID 2220 wrote to memory of 3648	2220	chrome.exe	77
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 4452	2220	chrome.exe	79
PID 2220 wrote to memory of 2816	2220	chrome.exe	80
PID 2220 wrote to memory of 2816	2220	chrome.exe	80
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81
PID 2220 wrote to memory of 4076	2220	chrome.exe	81

C:\Users\Admin\AppData\Local\Temp\CoolMods.exe
"C:\Users\Admin\AppData\Local\Temp\CoolMods.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3192

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x200
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaaa689758,0x7ffaaa689768,0x7ffaaa689778
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1668 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:8
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4808 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5020 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1860,i,3833904045077405278,14164475840309946052,131072 /prefetch:8
  2⤵
  PID:4468

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
98997a5ea7993a00c7c4ebb02c735ee8

SHA1
877b44252e2318413ced756931a66ef17fb5cf4c

SHA256
150df849e2bc00ca1d5b14a7b9282500af685a0ed2a298138ec51e6899850bb2

SHA512
7ce9499746dd24a6c16e2d1aa11df70958a5e3447984219283e0c11eed58b2fc0a3801f10f1186f540d1127da9744e775028f157740a53f163efde1628135f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data

Filesize
46KB

MD5
20ce12841bb32db6359d7a7a5a213836

SHA1
bde9de37602630ab7424e94163b0824bebfd57a3

SHA256
4b28c238bb501a1a18bccd95a2ab9d1efe351135da569f4170ff277f6856ae96

SHA512
30082a9d9d840836cf9a5b75afaa89b49f22bd3dbd5e3f04d827e6604ed5b6c96d4ed48d50bca2a43e4aa934225cd0788b9e494a575e4075e8f10ba6d8080bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
9bea89eae157109435a79d4e10a5bfe9

SHA1
104ba247fcc5d6e66b38ddef33c90a8447a9d075

SHA256
aaae9a85f21d6012e89d5b062178a153b2594f128cb03abb2c5502fb0177c5e3

SHA512
0db32fcc22f6ef0e7f467d2aaee38169432c49f36a11f654c23e9552fb00a6316520345746bde18225b6a98d57fee76b53b56c6599da316347624b2ed332cb4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
66a1097512dee61e3fe67c3cb50e71a2

SHA1
302ad73801e50aec3af85afe649a683c8c786e28

SHA256
f5775edd4a904efe91d42ad3deef3e530d4958aa1d79890ec8c1ab840a822397

SHA512
e1589411859dce68bfc54dbee54746f10f452f0082160de8ad273bbaa25a32c09765a0df7a3b09b1acb4e06318d12d22c10c17c7547216e1710dcd03db7055ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ff5e3790928899affb3b4c2f3a34ac31

SHA1
560984f33dbfee8a92f06ec03f954676ad7e76b0

SHA256
ea8be49ca016e95ef0d956fcaf1af37fb86e222d721f9a9d9a9f5bb91faf6122

SHA512
1ae1a5b98f84d1f5423209ccfa3d4dd071fc92036d9e6cc6b806428fc76dc01d89a313f2f96055208fe10cea0ba57eea3b6021a0b79e180050a0045d348d4a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
8bcf34ae2bb8b73add176f92fba5be3d

SHA1
ac10f064a6ed19a425b166e7ecde634a3a18949d

SHA256
a4a5e43509b46d29be07fb86873e7e4b82cad5445d48995d594f017d3a1b23e6

SHA512
376622dfe228ad1f8a2217bcc81fc76546b190e920bbf7b3b2f5518777d6fc32c98c2b415c55b1801d58935e94a4e03022d23e01731de37786bde50d7554817f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
9c0e29ec89ebe7b051b6bbe58fb34114

SHA1
5abdde3d2cc09a928891c2f823f98432f3038bf8

SHA256
8d27655a5df254c958d338b7f219e4f259c50117f9e58ce088a5d51c7f847857

SHA512
ad6fca7b64a0772b5387f6170b35445ec749016149f4d2c26d6da1809c78b4919369382a001f9a0561f2c500f95625df3f0d19cc8126371741aec815838b76cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3040-5-0x00007FFAB0573000-0x00007FFAB0574000-memory.dmp

Filesize
4KB

Download
memory/3040-6-0x00007FFAB0570000-0x00007FFAB0F5C000-memory.dmp

Filesize
9.9MB

Download
memory/3040-16-0x0000029F6D6C0000-0x0000029F6D6D2000-memory.dmp

Filesize
72KB

Download
memory/3040-17-0x0000029F6DB60000-0x0000029F6DB7E000-memory.dmp

Filesize
120KB

Download
memory/3040-14-0x00007FFAB0570000-0x00007FFAB0F5C000-memory.dmp

Filesize
9.9MB

Download
memory/3040-13-0x00007FFAB0570000-0x00007FFAB0F5C000-memory.dmp

Filesize
9.9MB

Download
memory/3040-7-0x0000029F6DA90000-0x0000029F6DB3A000-memory.dmp

Filesize
680KB

Download
memory/3040-15-0x0000029F6DD40000-0x0000029F6DDB6000-memory.dmp

Filesize
472KB

Download
memory/3040-0-0x0000029F6B140000-0x0000029F6B158000-memory.dmp

Filesize
96KB

Download
memory/3040-4-0x0000029F6DF10000-0x0000029F6E436000-memory.dmp

Filesize
5.1MB

Download
memory/3040-3-0x00007FFAB0570000-0x00007FFAB0F5C000-memory.dmp

Filesize
9.9MB

Download
memory/3040-2-0x0000029F6D710000-0x0000029F6D8D2000-memory.dmp

Filesize
1.8MB

Download
memory/3040-1-0x00007FFAB0573000-0x00007FFAB0574000-memory.dmp

Filesize
4KB

Download
memory/3040-134-0x0000029F6E490000-0x0000029F6E4E0000-memory.dmp

Filesize
320KB

Download