discordrat | f48cfcefdae5347a3b28636990ea7bf4a3913b25ead970549b2aed25ca126a2a

Analysis

max time kernel
53s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

a87de6c537a47d45a33d6cd7fe63c7d8
SHA1

7e6c0eeb273ff05cd0ceecf54a5eebf74eab3dfb
SHA256

f48cfcefdae5347a3b28636990ea7bf4a3913b25ead970549b2aed25ca126a2a
SHA512

594a952866609f288ce6f21359ca1a8e4e2452479b1ddca7b13de404816eaaf5f2bb4239889f3c4cc50a109cf862e92ad2e0e4a0f8425d98c8a7d0905b20df08
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+yPIC:5Zv5PDwbjNrmAE++IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1ODE0MjA5Mzg3NjkyMDM5MA.G8HI0H.--xk7lvmzg6lSm3Q38_QLfEurjVUDvUKfDsSp4
server_id
1258141390668435557

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2116 chrome.exe
2116 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Client-built.exechrome.exe

description	pid	process	target process
PID 1712 wrote to memory of 1212	1712	Client-built.exe	WerFault.exe
PID 1712 wrote to memory of 1212	1712	Client-built.exe	WerFault.exe
PID 1712 wrote to memory of 1212	1712	Client-built.exe	WerFault.exe
PID 2116 wrote to memory of 2636	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2636	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2636	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2688	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2488	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2488	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2488	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe
PID 2116 wrote to memory of 2124	2116	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1712

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1712 -s 596
2⤵
PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ad9758,0x7fef6ad9768,0x7fef6ad9778
2⤵
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1292,i,7595431558035182332,5557395083142089530,131072 /prefetch:2
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1292,i,7595431558035182332,5557395083142089530,131072 /prefetch:8
2⤵
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1292,i,7595431558035182332,5557395083142089530,131072 /prefetch:8
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1292,i,7595431558035182332,5557395083142089530,131072 /prefetch:1
2⤵
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2172 --field-trial-handle=1292,i,7595431558035182332,5557395083142089530,131072 /prefetch:1
2⤵
PID:2904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1480 --field-trial-handle=1292,i,7595431558035182332,5557395083142089530,131072 /prefetch:2
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1420 --field-trial-handle=1292,i,7595431558035182332,5557395083142089530,131072 /prefetch:1
2⤵
PID:740

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:108

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fde7688,0x13fde7698,0x13fde76a8
3⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1292,i,7595431558035182332,5557395083142089530,131072 /prefetch:8
2⤵
PID:1152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3728 --field-trial-handle=1292,i,7595431558035182332,5557395083142089530,131072 /prefetch:1
2⤵
PID:1332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2296 --field-trial-handle=1292,i,7595431558035182332,5557395083142089530,131072 /prefetch:1
2⤵
PID:1728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2320 --field-trial-handle=1292,i,7595431558035182332,5557395083142089530,131072 /prefetch:1
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2920

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7d2a92dbd5e50c5222fa303372ad8798

SHA1
5280ba547519fdda45d9da2e65bbe00e3f329314

SHA256
c5198520ebedf9eb7272d7536eb8e56ee40bbaa09f13558e0d837100e3bd77fa

SHA512
3eee7c7cfe6c09ac9b96353084e48f098839ee344c3330ba05de4ef4dc8a82d1247f965254991d88e310247d84bd382df98f04ca097df986d6522e0d2d0c90dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
5e3c3c0f7b2ed0f67fd318276f9084ca

SHA1
dc6741cc9b6e778a357fb98310533b56206b5895

SHA256
603a037a6aa2751bf49b2e51850d6e355310a3792a38ed864c8a4a3ca8b88840

SHA512
af126864199161603df3f172be1f95317802957c84056e923ac9d30247880574baab51f1d9d8951eeb4c7869b7a4f6f3017e8289b576261e795383aa0ba226ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
2bd6008a6849ab7ae04ff62912060137

SHA1
d78c4517a520aa98327938534fd36e6febb59cff

SHA256
12f22210bf9a54fee6e6c755aa4ddc5eff9297660a32159f9088102364419efb

SHA512
c550240fa6d80c4d77c1338e7e370147af15cad1bdbb260c6461d04c4bf7aa8bad216b1a254e0ff73c914a87a4c351b2740fb97abfa8a0ecfffd6561779956d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
648ed9c9e1ce36fb57c164bc740ac06c

SHA1
8639366be4232dc73a617dc2d579bf8a16a06db7

SHA256
4d98e773172227f2394455b0e679c3be6dd958c81d8179c63f438c3225d8d161

SHA512
27f1c60342e6e1d62efcb13dec6a9bf981286670ab6a28db23857b3677fab266eb5ad25ce08cd835b25ec705c3abc3e62e6ef0b170ac0502672b9a3a8abbc1fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
281KB

MD5
f1d3748b68df849e21adcc0419b5627a

SHA1
b07b4b87c4c60d7a33c93bfa9cb8e346e5ad0815

SHA256
63caa84ddf8507a2423120e637a818aa78bb3a13b3f20d1656dfc86b0e5c12eb

SHA512
a7102953fa947e7f732750189cd791dc38a23dc19f0bf6ec22cdc3438b2cf6cf45ae4d6ea844e9b6844ba272d3ab253401110665f31043a09359d5fea9c683fb

Download Submit
\??\pipe\crashpad_2116_MLXWUANARWDJGSFO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1712-0-0x000007FEF58C3000-0x000007FEF58C4000-memory.dmp

Filesize
4KB

Download
memory/1712-3-0x000007FEF58C0000-0x000007FEF62AC000-memory.dmp

Filesize
9.9MB

Download
memory/1712-2-0x000007FEF58C0000-0x000007FEF62AC000-memory.dmp

Filesize
9.9MB

Download
memory/1712-1-0x000000013FE70000-0x000000013FE88000-memory.dmp

Filesize
96KB

Download