discordrat | b686a911bf3d93dc0a30bdc046d74fae1ee580ad4a6620d67d9b3af00b3e7a3d

Resubmissions

01-08-2024 07:49

240801-jns4zstgld 10

01-08-2024 03:41

240801-d8sfaszejp 10

01-08-2024 01:51

240801-b984bszekc 10

Analysis

max time kernel
46s
max time network
43s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
01-08-2024 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord bot.exe
Size

90KB
MD5

24cde9873a5517844a29d0652889d284
SHA1

61e0edee68767fa2d2898bad5144e0059a417589
SHA256

b686a911bf3d93dc0a30bdc046d74fae1ee580ad4a6620d67d9b3af00b3e7a3d
SHA512

4c7f29150f37f8c943809264ead1ea5223919bceb62266413e8e2775ae5430e5fda8c40557abba12c920e1db822ea32c99116d7c9686d4444bbb6fe6fc86a1c1
SSDEEP

1536:THaXnTwWMeuPJdtAqBkblZNwpqejwSjZjZbANrC+uexCxoKV6+fhVp:msWMeuPy0kblbSqeUwZjZbANrC+bShH

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE4OTY4ODc2MTI5OTI1OTQ4Mw.G_zwdB.BLohYxvGEmumEgQ_WxzeKQ5m1YzgRVAsGmoaOM
server_id
1189695709369344143

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133669721862303633"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4956	Discord bot.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 4780	2108	chrome.exe	85
PID 2108 wrote to memory of 4780	2108	chrome.exe	85
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4224	2108	chrome.exe	86
PID 2108 wrote to memory of 4860	2108	chrome.exe	87
PID 2108 wrote to memory of 4860	2108	chrome.exe	87
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88
PID 2108 wrote to memory of 3332	2108	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\Discord bot.exe
"C:\Users\Admin\AppData\Local\Temp\Discord bot.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabaf0cc40,0x7ffabaf0cc4c,0x7ffabaf0cc58
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,9040590196123425535,520396192847347445,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,9040590196123425535,520396192847347445,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1968 /prefetch:3
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,9040590196123425535,520396192847347445,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,9040590196123425535,520396192847347445,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,9040590196123425535,520396192847347445,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,9040590196123425535,520396192847347445,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,9040590196123425535,520396192847347445,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,9040590196123425535,520396192847347445,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4864,i,9040590196123425535,520396192847347445,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5160,i,9040590196123425535,520396192847347445,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5024,i,9040590196123425535,520396192847347445,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2752

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1560

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b63c138569ce05e8cfde115825deefa3

SHA1
d8248a7dabafb2c0b50192bb42ab1d7f1f12ce0e

SHA256
fd40a365c879d3775920885629029bffb02d4e27aa22668dc044ae0ed90bb801

SHA512
adf23386572ff1ddf052980e24c2ccccd9768223a7d1ce30d65994f419a32c23fb6b222a1ffa8726aaabdd0ab41b0117eae2117565bef3d4eca2d87b64660bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3ec93388a3b46b27eb20c9858a726a46

SHA1
4c3b3ac9cc6a4ee5e94b7debe34f35ce5015e4cc

SHA256
94ed99ad4ba59c0852adbd6a7bc80814e3e022919e6078b8caecfaf1b6d1e8db

SHA512
ea8995c4e228d1aa74159132066a461ed3a95396faf0db016a223c65ad998f12ba73314cf72d671ff845043015c2cfda7a4938a98dd3c88750e0a0f164d71826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
61f2b68cc5a078bba5ba50c8ee30be7b

SHA1
5f7c6424643f55c214b82d05e6c1edb34ede639e

SHA256
63e1b5b517def146eb3cdd240cfbc4e632b6d73c48d97f2bfec122e8dc55faa3

SHA512
93c2ecd38d899e4ca8fc8f29b667095ef3ac5c190dd6bdc09e6e269b239b93b475f26aae46f3cda67794604f9742f8e891e635efef7fa8ccc60ab0b48e7358f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a149a2b6d64f0da9db5055b859ca8c4c

SHA1
50fa42672b9c11b6dc8da24f7cd969f1ab24a10b

SHA256
a237d7edf84fb99fd896610a51dbf22a17bc308b1590fa8acc065675a04114cd

SHA512
00480b0d4c6a84fe1bcf4cbf6772d8b74b40e50cfcbfc7437eb92e4126732f0b50754ad592bbde33d770b7969e9a0f1c053e38c362fe7724124cca092e81abf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7a233964395455c1a5dcf2653c3e6a01

SHA1
7eb408b2cf99001a6e881af0fc41fd33591e80cf

SHA256
6c1b9f83103a66136479d8825827f87c7227839534151f817678ca49d7ad6732

SHA512
ece7911081a08b1bd645ed9b9a4483cbdd488f40cd7e3273c072782b526603bd7875a3a5e8322dc0432e5a59f74dc5c3ddcaa46d6a021958c325c6a4721ffa6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4fb5c85ac8538fa4b6e45f47c026944a

SHA1
187091a23cfdd8eb7383711f2713903b1d0754b1

SHA256
0a4316ca935c48f87da7f2a07a47d6801afd674c19b6c3e4a5546ec560a8f065

SHA512
cd8d1f7c1d63475df7846466d419d19146c8f333d144f03c2e259c391310a46657a7b4a11fa65ecc389fdd9cfb0c2b6544dc511c09026603240743cf399555b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f92db50e8a2e8f5d6184f6cecfb7db9a

SHA1
74f8e664dea22c5a27176b5d487b27981a933a3e

SHA256
614da0554d97fcfdef670801b1225969436bda2bc62f3b12409ba02dccf3fe35

SHA512
85eb6784ee377576ca99a467ce49ed27a8fc693ce83612b8a05efce58fee7e7aa45a604ec40208ad4da2d1d2d56159cd05fae1df652655e9bcae0493bf7aa308

Download Submit
memory/4956-52-0x00007FFAA9563000-0x00007FFAA9565000-memory.dmp

Filesize
8KB

Download
memory/4956-0-0x00007FFAA9563000-0x00007FFAA9565000-memory.dmp

Filesize
8KB

Download
memory/4956-68-0x00007FFAA9560000-0x00007FFAAA022000-memory.dmp

Filesize
10.8MB

Download
memory/4956-4-0x000002C8A6200000-0x000002C8A6728000-memory.dmp

Filesize
5.2MB

Download
memory/4956-3-0x00007FFAA9560000-0x00007FFAAA022000-memory.dmp

Filesize
10.8MB

Download
memory/4956-2-0x000002C8A4D30000-0x000002C8A4EF2000-memory.dmp

Filesize
1.8MB

Download
memory/4956-1-0x000002C88A5E0000-0x000002C88A5FA000-memory.dmp

Filesize
104KB

Download