discordrat | f48cfcefdae5347a3b28636990ea7bf4a3913b25ead970549b2aed25ca126a2a

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

a87de6c537a47d45a33d6cd7fe63c7d8
SHA1

7e6c0eeb273ff05cd0ceecf54a5eebf74eab3dfb
SHA256

f48cfcefdae5347a3b28636990ea7bf4a3913b25ead970549b2aed25ca126a2a
SHA512

594a952866609f288ce6f21359ca1a8e4e2452479b1ddca7b13de404816eaaf5f2bb4239889f3c4cc50a109cf862e92ad2e0e4a0f8425d98c8a7d0905b20df08
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+yPIC:5Zv5PDwbjNrmAE++IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1ODE0MjA5Mzg3NjkyMDM5MA.G8HI0H.--xk7lvmzg6lSm3Q38_QLfEurjVUDvUKfDsSp4
server_id
1258141390668435557

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs

Web Service

T1102

Processes:

flow	ioc
10	discord.com
29	discord.com
38	discord.com
86	discord.com
11	discord.com
39	discord.com
42	discord.com
46	discord.com
85	discord.com
91	discord.com
95	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645763455903256"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4848 chrome.exe
4848 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4848 chrome.exe
4848 chrome.exe
4848 chrome.exe
4848 chrome.exe
4848 chrome.exe
4848 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Client-built.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2552	Client-built.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4848 wrote to memory of 1800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 1552	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4876	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4876	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2344	4848	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9e90fab58,0x7ff9e90fab68,0x7ff9e90fab78
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:2
2⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:8
2⤵
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:8
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:1
2⤵
PID:1588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:1
2⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:1
2⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:8
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:8
2⤵
PID:4208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:8
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4740 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:1
2⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4928 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:1
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4256 --field-trial-handle=1924,i,13135101364112728676,16589998017639789170,131072 /prefetch:1
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1360

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
d1187d5520a488a5f47f48a4482e6a2a

SHA1
a68d4d8655d20d7f4d0a4602f8d91f46f61b911b

SHA256
2afa8ecfb561ba2ed6773063d631efe7acc11598a66a9b60b28487aa0e163cbe

SHA512
b3f7000d59745e76a1df931bef22d4b50e258e0336effa5392e411a710666dd2d4774f21edec4068ffc5d580fb3d715d2032b1fe9902e4325927320b1d3c2183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
08b1d24abeee32851b9695eff5160c8e

SHA1
fdb14a2ebfa75869a9b9976a2675a5a800073a77

SHA256
2529de930ee5692aee2c3d8796e277ed66445854f672bbc85ca77b49bfc8cfd8

SHA512
46f070cfdf148e12d29caa6b70ff68a12e96ba046368215e5b4750947c67fe7a31a4a89dbcea2710ef19ef43d459f7a9be62d2b81a89e59a3377fd4a5b5af034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
958ed048f847e466aff235cb6be8cd15

SHA1
228e973ef2a715601081515cf0b6749e54ae3aa0

SHA256
1d3b258756b5687cec85aba76bba40c7923a5cb1b2eb0a4bfab79e59b6801444

SHA512
c609be5c074edd9fa4327542df5d7db907df591b74d954cdde3e022378a1bda4a155f675516806881424a90dd2eb99b562c8ecd5d570c636aa2daf4b77401613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a422b8c28ae5b4c14dc2ec988fe5ed30

SHA1
a0ceb71339f62d402cd2dafa1a52353f0073ccc2

SHA256
57d30bafa81846691da12d6de9e363596d13ae90de982786d5cfc1109f595eb7

SHA512
1cbdd2b603596b77e323d501841dccaf56ff85558ffcb154227f6e5a2866a2909a132895b99cd78203c3da4d72ded85239a0c23eb45fd5775f7a151e022dd1f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
bb539167e40cf689e0763a18553a4050

SHA1
b00c8e74a38cbb70f866b7df8978c055437ed421

SHA256
7c5cad4301eebfba4c551ca6aadf5946b355972efa08e81d89b8acb31e113421

SHA512
4a9046bcc66fea7403c7539b80632451a807aa44ab500053f7f8db2d333a9a91d4cfb305e7c837a8c68022f2d60d793273890fe20e1d0a770cfc525bb87220c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
279KB

MD5
d6f091eda825b74a2594eb4db6d15cdd

SHA1
8192856097e615f76e0d68b4408ae6d28ae6ff3d

SHA256
b01ad62411e50381e7672dba2f188b63f914553b444c97ca43c348ae2f24bd99

SHA512
658150788e1e54cce637570fd889c5ae25c0af19c14152364a0be249563189203cfc3e628d76c80d21d59ffc192beae8ea6bf9abf500877502ac442d08206594

Download Submit
\??\pipe\crashpad_4848_KMEJFAVMHLZFCCVR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2552-5-0x00007FF9EF803000-0x00007FF9EF805000-memory.dmp

Filesize
8KB

Download
memory/2552-6-0x00007FF9EF800000-0x00007FF9F02C1000-memory.dmp

Filesize
10.8MB

Download
memory/2552-4-0x00000196A6D70000-0x00000196A7298000-memory.dmp

Filesize
5.2MB

Download
memory/2552-3-0x00007FF9EF800000-0x00007FF9F02C1000-memory.dmp

Filesize
10.8MB

Download
memory/2552-0-0x000001968BE50000-0x000001968BE68000-memory.dmp

Filesize
96KB

Download
memory/2552-2-0x00000196A6530000-0x00000196A66F2000-memory.dmp

Filesize
1.8MB

Download
memory/2552-1-0x00007FF9EF803000-0x00007FF9EF805000-memory.dmp

Filesize
8KB

Download