discordrat | 1a3072f72b2747d1bbe6f8aec7945d7753c061cd02ab1a1632963d13ba9e61bd

Analysis

max time kernel
1741s
max time network
1751s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lock image.exe
Size

78KB
MD5

eb574fb1d907ffd85ce1854f5585d67a
SHA1

6b72bc26e0f282010c1c1e5589e130d250d28bb5
SHA256

1a3072f72b2747d1bbe6f8aec7945d7753c061cd02ab1a1632963d13ba9e61bd
SHA512

0df1476ff05cc2c34e9c84ac4ba7760c233755f8a9f031ac33241aab71cfc1fbba20344b1403620c7f7695360d30ab124cf3557bff4730bd10f8f8b71a580c6f
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+EPIC:5Zv5PDwbjNrmAE+YIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxMTA5OTM2NzcyMTc5NTYzNA.GqkwcX.UOjwiFdGIpv_jY2sOCDo02zExIyfhOxTIiOv6c
server_id
1251241660453752944

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628659605707254"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4160 chrome.exe
4160 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of AdjustPrivilegeToken 55 IoCs

Processes:

lock image.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1584	lock image.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4160 wrote to memory of 2068	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 2068	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 440	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4380	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4380	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe
PID 4160 wrote to memory of 4800	4160	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\lock image.exe
"C:\Users\Admin\AppData\Local\Temp\lock image.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98fa8ab58,0x7ff98fa8ab68,0x7ff98fa8ab78
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:2
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:8
2⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1840 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:8
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:1
2⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:1
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:1
2⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:8
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:3020

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7b570ae48,0x7ff7b570ae58,0x7ff7b570ae68
3⤵
PID:2604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:8
2⤵
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4964 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:1
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4832 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:1
2⤵
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3060 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:1
2⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3944 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:1
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5476 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:1
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5632 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:1
2⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5708 --field-trial-handle=1940,i,8665622278734277408,4611815953292474965,131072 /prefetch:1
2⤵
PID:1680

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3964

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
810B

MD5
5f76a561bc4535d7389b89fae9faf6c9

SHA1
413b10d8198f7353cbc6ed6f1c2e79379a862ed2

SHA256
aa14c5f3d95d743f082141b7dd626af4790193c1321e45ab487013d066e210a4

SHA512
9a02d76985e99d4a3b42ce973f7050972d556d978980c570d555a36ae641616e872964c37b39528b49d902d90e33ffd520c52f63c7ced5c7739d1eb41a225aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
45ef9ca3d4cbeb61e4d3cb2ee9dc9af3

SHA1
7d98d459996fcdd86672c4ae8efdb0285b063ad3

SHA256
f1adbc2b790c5520226c16ca35ad8f54c9f650dfcaaff73d13f2ba99267c9ca1

SHA512
417107244de34610731171f9ba3ca8facfaa42ce39f2f216b738200592559c915b1a8dd465c3bd63c756ee59fbbf6ad4feea920452aa7303e1da9ad8d68b281c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
161370883ea52267b2e681e910c06070

SHA1
f21624e67eb35ddede7535b20621c68819bf6500

SHA256
daeba0bc34cb5446e3dffe06475f1f5c330da5cbb4c93fafeb32ecf0fef16f10

SHA512
507ebf16b7e5a36eb81410479ae99db88a34424846ce37f79b5a5fbcd219d8c0be6c5cd5b00532f4b2185144dc6098fd4639585afc70bb45247f0d8f129f7ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
cdf355c2326f60cfc9d77c223fe7dd63

SHA1
d6ea0ef19fc5825767ae14a89069e94c6350d715

SHA256
98153651ed1ef437b01e7a86c8b278b517ba4324593fde1cf57859ef4d519354

SHA512
05be05930cde7d1d92ac3d32e6fc4d20bd47f8d5698b01bef2fb255b1dc67e9c751eec575fdb7b5bf79bde0eab93b85fad381f68b7680f2da3cac43335268197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
cd63890d0e159fd0dfec538ef9244491

SHA1
380354e84b8c8e27ec1adc25882c0341c76e5f5a

SHA256
fa9f58dc3f535a501764fc504ac0e3bf369f1668daf99edfdcfc354abf31da90

SHA512
ac4ff3f71a0d21ef9f94c14acf31191456f8a016590d5d6aff80a142dd81541c364c4bc36a6b987819b5d5f8dcfdc01cb25688ac8f28f8b3d0687c6dd4206211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
eff83833233f2480c0ca6a4dbf3b195e

SHA1
bf061c4f4a81b78458e33de139f2c4d6fd9e5408

SHA256
42bbceb2c8d03a6b3e0e75396b0348fe50737189f03ab7e2bea828602ffccde9

SHA512
7e2798689a3001580834b0e67f852eb640cba1f85442a48d8b098d5b982b8e539e8ca0ce09d8cea08f680a34a32d7effffada612582d25432e761b550a00edaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
de218a2417e45ee19b55d1b5eb70bffd

SHA1
223281c4da341c1713b6ea04d74078151a7f2410

SHA256
3deb21cfd2755ed2de51839a3b7271843fc509c1c8d6cc4de897597dbb033b84

SHA512
70a62d04c32549d5147291b88ac6ab83342654c9bb27f99916cd242df12e702b351da8c4e727db972437e4a7cf15f201674e18ab1174dd128349c189dc058a8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\crashpad_4160_KDKRZIGYMBDESOAC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1584-33-0x00007FF980EF0000-0x00007FF9819B1000-memory.dmp

Filesize
10.8MB

Download
memory/1584-1-0x0000018188670000-0x0000018188688000-memory.dmp

Filesize
96KB

Download
memory/1584-3-0x00007FF980EF0000-0x00007FF9819B1000-memory.dmp

Filesize
10.8MB

Download
memory/1584-2-0x00000181A2CB0000-0x00000181A2E72000-memory.dmp

Filesize
1.8MB

Download
memory/1584-0-0x00007FF980EF3000-0x00007FF980EF5000-memory.dmp

Filesize
8KB

Download