discordrat | f578aeaeaebdccbd4fc2542fa79b858edc4728c9face7c8ef95077d038d7e9cf

Analysis

max time kernel
358s
max time network
428s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
18-06-2024 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

02cff14788ea8de0a69731bcbbb30b58
SHA1

a50f9f26b527263034f01680f3eec26aa8fa4744
SHA256

f578aeaeaebdccbd4fc2542fa79b858edc4728c9face7c8ef95077d038d7e9cf
SHA512

62c7f7f7825fe441faf73184807157b0a5317726d66571d8e0ed56c6ac1e43ebead19e72bb27fdd74e5fb22e048d169d907695aeec671641c49a438bf281bfc7
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+2PIC:5Zv5PDwbjNrmAE+yIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIyMDc5MzQxNDI0NTgxMDI0Ng.GEBKsM.ZC_PzVBNAJuDtGSU4g7MSk0kvLhn9vVw1QBppA
server_id
1236364451591229492

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2700	chrome.exe
2700	chrome.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2472	2432	Client-built.exe	28
PID 2432 wrote to memory of 2472	2432	Client-built.exe	28
PID 2432 wrote to memory of 2472	2432	Client-built.exe	28
PID 2700 wrote to memory of 2708	2700	chrome.exe	32
PID 2700 wrote to memory of 2708	2700	chrome.exe	32
PID 2700 wrote to memory of 2708	2700	chrome.exe	32
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 1972	2700	chrome.exe	34
PID 2700 wrote to memory of 2420	2700	chrome.exe	35
PID 2700 wrote to memory of 2420	2700	chrome.exe	35
PID 2700 wrote to memory of 2420	2700	chrome.exe	35
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36
PID 2700 wrote to memory of 1892	2700	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2432 -s 600
  2⤵
  PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6629758,0x7fef6629768,0x7fef6629778
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:2
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1420 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1180 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:2
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1340 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3888 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3816 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2508 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3300 --field-trial-handle=1248,i,7535565453974541571,1073373904298298413,131072 /prefetch:8
  2⤵
  PID:2260

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1212

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x570
1⤵
PID:1112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
15c108c98f43aabcadabc528f61ea061

SHA1
64f66d3ec799dd6f757a20ffcf4a5f8cc276c85d

SHA256
00c96a09cba015f78fef9b0121a1c5e94e242f8a8191847b0a7b23f1b291ac63

SHA512
7225b161253e5d6fe94bdc915cb585835504acd8d2c90edfd6083b2dcdd032e1a2373461d0cf749cee623882d588f1b51a78281afa7b55f3aa4bebaf21f3b422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
364B

MD5
26f1ee503b423b31b6ca253f25d595dc

SHA1
e7953ea57501030f78a0eb7d91ed1be5452e834e

SHA256
be373026a4b652ce765a27b9afb050d47d6ed3be2719e3b364601f0fdc5e8ab8

SHA512
e6e4f423448e1276691b1c5119ce70c6ef888302af40fb61f3a89f8118b8bd928270875132f159da0762973f53032ed699ad47aede7745e650702868cafe2333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
14cf902b20e285f62312b324c597628f

SHA1
76480d554464db761adaf6164720e03eba34c3cd

SHA256
7ea9fb1b9868217576717654c92fb37858081d7a14322716e14da47aac84a18e

SHA512
ada663242039d66df5eb4468a67644e5b1710b17dd12950413f5f769cd9f6e80f1016818b305f2bf03636501a124ca9cc814d4b4058e67bb4216ee4f78a3ae96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b3b1299e96146af7416451cb8ae5cad5

SHA1
7ecfed752ecb7f6b89b2add34b0c3d03bf9e87b7

SHA256
e36d6cd2543173775f238191d44f6ea35afdd1900ad37e4f9c67242593567ca3

SHA512
6d6ee86f2c57058d89e85c09a82083bc569ffa31b4418ae0d8366f68333b0f7ae644d30d4b2e9402d2d7eaa413fdfe08b51fe1d526412b03de521de27f69be16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7ff7e63d24148a16d29a2757d2693b82

SHA1
59f8105c2fdbaced1245b57f51f7a06a337d1aab

SHA256
57f37c3a18cc688e3d69693d62eea98911963e3a1ba357acf26b835678beac37

SHA512
5df0947a6e8ebd73865fea8b23e014ee9139ceb98a7f14c7eea5527a32305417ee375b85889f4b3c27c6430a40dc8a38c7e78487057d9265b5bcfb37c9340900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b5f9c5b2f156012d85a12df5402fa6e8

SHA1
0de5b8883d5f5d03cfe02c72f65d20321cd3c14f

SHA256
7cf8bcaf9ead762b994f5d6f715b0600636c95fb8acdfbade853772d119106b4

SHA512
26d6f9d8473f635fa27fa89985188266c013d77eded1052319c009905f083b8b168066b04d2b75717bb16f9c768a4d60c74d588969b7287a74b8fbbd385681d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
204564744bf9cc5fb1c3fe3a7a2f1f7d

SHA1
515d60c81315bf4971259915f717bfc9681f69b2

SHA256
2040ac84254bca4aff7c11771268f33d03b0d3113ae279ff5061b55914e634d7

SHA512
fd260da9e10004ff98d305b95b113f852ceb2e957647ca3c997def1b8684680253d7ceba39e2249adb8ad86b236bf9b13ddb5f838664baef4550b4180e53b6b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
298KB

MD5
7455fac253865a1d44a26cfb7fa47353

SHA1
ce2608bf4102107968f53f09c222147f415484ec

SHA256
4388a45217b49e54a760b30c3df7b20d30cf8ae775bbabd7ed1ebacaf548eb30

SHA512
cab7aaeefc57b96eb96e2a35ae80568ee69b779ba8b930d9faa6f552dc431a3cbcfa9f47007b1c34ff577ac333264fd3c579a45234063e7edda9ca8a51517405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
298KB

MD5
a02a708cb9168d5e8d070448b488324e

SHA1
3d79ea5aa57d1741ea7186095ef7c1b480ce247f

SHA256
1e1ba906f1dc6df1120b189d557ff104a27894f75edeca4a883bbb07508f13a0

SHA512
f6a5a8f349cae481e0ffb2b5990605a97b4f104bfd00016c8c6606a9e73ba71dcbf05712f23201feb4020726066735a2f65dd3929cad71850776db718a30e530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
298KB

MD5
fb5c858da72ee0b2665a29d30750a0e4

SHA1
24c0699d56a2382a55ad88c6cb3ce604b4887308

SHA256
385112a02cdb428b45dc4b9d06d6b956770fd01e5374672cc8a1719abe5a90b5

SHA512
9cace9d18dc29f8d6ab90dab77f9e6ed37f394e13761e9573736e88ca78365e787e291bed4116356f9bfaf7ea600c640fb1b349446ff2932a40141f14c3f4b3f

Download Submit
memory/2432-0-0x000007FEF50F3000-0x000007FEF50F4000-memory.dmp

Filesize
4KB

Download
memory/2432-3-0x000007FEF50F0000-0x000007FEF5ADC000-memory.dmp

Filesize
9.9MB

Download
memory/2432-2-0x000007FEF50F0000-0x000007FEF5ADC000-memory.dmp

Filesize
9.9MB

Download
memory/2432-1-0x000000013F980000-0x000000013F998000-memory.dmp

Filesize
96KB

Download