discordrat | 9297e053593230a1ffe610b08cc5a15e2bb09b7fe597943c999619ae998afbd8

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2024 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoUpdater.exe
Size

78KB
MD5

4ef3988d23c0e3cb6c4a5948c7865ce3
SHA1

77a0b7cb980982bddd1bbf920c4acd918b417d7a
SHA256

9297e053593230a1ffe610b08cc5a15e2bb09b7fe597943c999619ae998afbd8
SHA512

d7dd7f6752beac6913158765fa24536f6563562250493e0e1db7b465524d29a80fe907dbc4524e47f261a18c5db45dff4844f5ec0496e0daf0c7a5a57869e0ed
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+wPIC:5Zv5PDwbjNrmAE+0IC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI3NTA4NTE4NzQ3Mzk5NzgyNQ.GO-AzQ.aCF8rAvj4Zl8ivypcz_3OksP199rQqiwhyHWfI
server_id
1275087276753293383

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
10	discord.com
12	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133686267800665896"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3424	AutoUpdater.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 1864	4512	chrome.exe	98
PID 4512 wrote to memory of 1864	4512	chrome.exe	98
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 964	4512	chrome.exe	99
PID 4512 wrote to memory of 3492	4512	chrome.exe	100
PID 4512 wrote to memory of 3492	4512	chrome.exe	100
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101
PID 4512 wrote to memory of 3236	4512	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\AutoUpdater.exe
"C:\Users\Admin\AppData\Local\Temp\AutoUpdater.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbc97acc40,0x7ffbc97acc4c,0x7ffbc97acc58
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,1127545960178315509,14836685161759594097,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,1127545960178315509,14836685161759594097,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1896,i,1127545960178315509,14836685161759594097,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,1127545960178315509,14836685161759594097,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,1127545960178315509,14836685161759594097,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4064,i,1127545960178315509,14836685161759594097,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,1127545960178315509,14836685161759594097,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,1127545960178315509,14836685161759594097,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4988,i,1127545960178315509,14836685161759594097,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4172

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e9e2e39345f4533001bd3aa45527c011

SHA1
0a042fc972657d78a7e75479e73b6b128c779105

SHA256
9a7988d2aaca8562ec89f210988ceefb3128189c1a67e5f2398b9a65f84b7869

SHA512
00278002deea70ffb762a986c9c2ae04797854f4b1aa826082ac873b5b2def2de06c1a3dd8f71225493e1d4e615d0a8abf26c598281cd8dbeb02ffc3df47937b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4e3aab971051e01c17e57cb06b6b1e7a

SHA1
6a96c2400265281a693cd408c36f895575124381

SHA256
903bb4b3b39b7ed5a5715b3e08772fa8983ae10decea9ed9fb9fa728dda7e98e

SHA512
8b1b00ba23c9252608d6f15138070efbeb7ef982bb4608a4c2243dfc8244884601883d0722c7b749e2c9fdf6b859f5bb263e7c77bb595a421dd8f360a222965a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
69a6105933ddcefc79e0f6085d4ca348

SHA1
a773bbf07f5f24a96c9ec259c0a1ed8e2894afa1

SHA256
68c647c1461be270ae0894bd27b362c44c3ee52e92c7de2fcb47d8596716ab8e

SHA512
a85814557418622ec00718e12622eb91f9097c04a09e0029a0106073aa1e506134cab7beb7df68a59c5d6a2a94a03528dc60eeb609939aa3bc7105572fd472f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c660d7cc21c8513700866726456f3cc1

SHA1
84f822a489cdfd62d72520ecec88e1ce55245066

SHA256
13f86bbce76fce1a0e7beee7bd73cb6b6842993935cd09af44e561538698ef6e

SHA512
afe5e6ed433e131c106635f2b73db078819a9be0f8b43b82293d2de279fb19c4b8962f9d10d45e1466314c2c97ccc23688b546bee4c0597f01a730a1e39e423d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9406d7c98c69ce5c8478cf727209950e

SHA1
a6148d748885ac0cc5271f23d84a585bbbe6f883

SHA256
352dbeb9e715861645412b126c48ee2379690f6322ec2e98d556589a054f44d5

SHA512
a0d6c0062819891cdcb0aed0ee3d51501af38262fc0032ee3ff4f038a68abfc97ed5335c5c6645ad5ec7473c94eb6e8f87bf088f09895fb587cc91c8a76912ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba2a83860a797768ea230abd6e7cc4f5

SHA1
deda59fe2b2a3b5b2b5a6e6de6f77a49fe3f95de

SHA256
dfe9967529dfd3ff8eebf7cee57583bc76bbc700519035ba39c59d25aa0a17c4

SHA512
3574056d1525ca1cfcaa691a12b400bf44fb523b3cb5ca36cc6ebb0b9991da2ef8058926464395b8d2774c7e31e789e3cd11fc61f028d89ce46328fc40530032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b30ae3d65a3e072fe1fedb5f3f9c08be

SHA1
c0e4c08943381a0d3e55d85c9011e78e89d4eb90

SHA256
3a78fb1f75387dcef93f2c987e61aa853e734e4028e63eb8a8479d270bd78143

SHA512
4658483e834e768dcd17e7d4312056424147cf0251acddf8a8756e778cb28cddc0b8220f538f5a2a6b300c41aafd01ed9ec6f111a715a6c85dd1e33a3ee14e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cf485398babe67b2db240f897ccde66

SHA1
68e4d1e5548546c2560d46d2b18666e7f629579b

SHA256
02f8dea54636292fdb7ff2c08d80e278f4d42b5ec935ddac5f79ea0668be82e6

SHA512
682ac0ff6fafb7599ec4ccd76ed83b3916634225a8b8a6dcb098da6c38d0ad56b833ae1482c28af9d014813117bc7f43fcc0f0bc6d5945aa512200cfa88b59f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
de274fada9dcf46dc4cff864e2875a18

SHA1
4aae28605675efbfe2d007e89cd58247521ea81a

SHA256
6719e7c9068c883425e1a40c85c13a01f525664cc656c05250fd55e719f18064

SHA512
3e8d2c515d9e7f71fdf190b669a9d07dad89a30406bfb26da8c43f0b0f10dc5bb50094515956bc588e4e61d5895a3c22e7c8c074c9c7dbac46b754892590539e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
56eedf63078f6922f3572fedbda88dcd

SHA1
94706047878277791c5d531e13f0cbadbb505d92

SHA256
434e0e4321670503122039a1e153975b0f80a70dcf7b07961e2a8735cbf77acc

SHA512
ef136c83a53b91301bb88c90771f528ef219953dec1acf6b8d14b6b668306f81e184353caa391658e10cfa035ed6c086e5583f215b16fa4ef504cba9ff32ed7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
3e36488f22ce883f423dd7443ab5123f

SHA1
a973eb773ed7c1ef6cc0f0ab5cbe8602d3c95d0a

SHA256
6412c27fcb9d442442b60467a6825c7f43315c089d7b661cb48727389bd20889

SHA512
b132d3bd24a5741bcc189d64bcd6d00330dd9f60466d8fb1acdf9a520ef31c1a4043aeb802d816e8e89a0c93d8df2273b51978c9206f7a0906dcd69262487a73

Download Submit
memory/3424-0-0x00007FFBD0EF3000-0x00007FFBD0EF5000-memory.dmp

Filesize
8KB

Download
memory/3424-5-0x00007FFBD0EF0000-0x00007FFBD19B1000-memory.dmp

Filesize
10.8MB

Download
memory/3424-4-0x000001F900C80000-0x000001F9011A8000-memory.dmp

Filesize
5.2MB

Download
memory/3424-3-0x00007FFBD0EF0000-0x00007FFBD19B1000-memory.dmp

Filesize
10.8MB

Download
memory/3424-2-0x000001F9801A0000-0x000001F980362000-memory.dmp

Filesize
1.8MB

Download
memory/3424-1-0x000001F965F30000-0x000001F965F48000-memory.dmp

Filesize
96KB

Download