discordrat | c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

Analysis

max time kernel
149s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
24-08-2024 11:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release/Discord rat.exe
Size

79KB
MD5

d13905e018eb965ded2e28ba0ab257b5
SHA1

6d7fe69566fddc69b33d698591c9a2c70d834858
SHA256

2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
SHA512

b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb
SSDEEP

1536:YCH0jBD2BKkwbPNrfxCXhRoKV6+V+y9viwp:VUjBD2BPwbPNrmAE+MqU

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133689730839034720"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	784	Discord rat.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe
Token: SeCreatePagefilePrivilege	3620	chrome.exe
Token: SeShutdownPrivilege	3620	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe
3620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 1168	3620	chrome.exe	89
PID 3620 wrote to memory of 1168	3620	chrome.exe	89
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 3020	3620	chrome.exe	90
PID 3620 wrote to memory of 2264	3620	chrome.exe	91
PID 3620 wrote to memory of 2264	3620	chrome.exe	91
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92
PID 3620 wrote to memory of 4856	3620	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:784

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffa9c9ecc40,0x7ffa9c9ecc4c,0x7ffa9c9ecc58
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,18164280836566823934,8499426715956140995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,18164280836566823934,8499426715956140995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,18164280836566823934,8499426715956140995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,18164280836566823934,8499426715956140995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,18164280836566823934,8499426715956140995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,18164280836566823934,8499426715956140995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,18164280836566823934,8499426715956140995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,18164280836566823934,8499426715956140995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4876,i,18164280836566823934,8499426715956140995,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:2504

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3516264cc8eb5e836fae23a1aba063a7

SHA1
2ff211b2c863a5f64b24816aaea0a9751612ee49

SHA256
4aebf0ad56d7986510a6866b52ad9c771cd2259346fd08cf97bdea6cd44025b2

SHA512
50c854f0ecb03fec05629a8be998ad0085edf1467736a7293b4a35c9ad14441b71ed0656669db1ea90eac235a0994ded2733f3cc03bacd4a36a498e9ac381e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
48fba7dfe5cb5487788c6796e8c936a0

SHA1
fae2a609e7f950503da4e5e7383f8ca95b85dc26

SHA256
284b3fe43ccd25fb3ce65db22d3a67a73df350d93a9dcb684cc571070efda1f6

SHA512
9686a436a3620095a63e8c44ec9ad174b409bc9d6714d3148fb5fc5c09edc993690298365fd41cff805c2da28aff9b894ce943ca0f5e2bdd91b743416c2aa202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ede0fc527fbf7b50cc454fb6be4e62a3

SHA1
db0e98aa332d2c7f4fedf4fd31e16838c3e04548

SHA256
13af2146b4b73928a70860f0f99d05c5f3786c9fb30a72327a59a8379cda4fed

SHA512
af84c875c5cd49fd9a3c04ab8d5527c8d5ff4ea4bc8675e16f04465c98baa13208454b4237d055e2df7da76a957b2b889ab852a4c5579c698c32b72b8d3be09f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
317d01dd3d833067c9f83b01f80d0b5c

SHA1
ebf94c0a4922cd79e8992adf4a52621fde227f10

SHA256
57d728b925b3479b2e52a01bdab33c5082f53a68cafb94f0fabd025512822547

SHA512
9d118cef1720f662c0c0747a53db85108692afd42eb2dd6c61040288b53fc841befef025f18d04f2abdffc75b91b78091cf11383145fcbe667c52585613ecc4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7206bd85c8bdacc99e0338e9842255a6

SHA1
668c29ae6720ff4c01e2a4e5452b219e0124f550

SHA256
014fba86957f73d7716d685580a00b0e95e25c983ac454cc33c59c1f7cd7f015

SHA512
79f5b58c257dbd9565285b25fb2a6a39bb21f3edc9aa7275b5a4a0965fa63f3149df43ba85dae9a80e81c22b121d1e9ebf273ed559c2ff98d4a1307de51607cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09a5927258be7e6d3aad5ce165b729ab

SHA1
24bf61631a2a22383d410307ff66dec2a69529cd

SHA256
3cc6ee383e0a00692e399e7222b650e37408622958936f40f922dc29d93c55c2

SHA512
bea291e32e5964ed84151008778d9cf6d850474db36cf9662bc8e683ab0bd59a49b0b1788de46ce8836ed28f2161ccb80f9caffc07ac88a0facbb676abd14781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6fdc2e3142f5b021d1b18c1667a8bfdb

SHA1
32e89b74e1e710de4d3350f599d2881e0559f07c

SHA256
9cf7d5d36e7e8b47eb6853ee86671286bdc7e2f1819cb9da54bf77e912d3c11d

SHA512
50b43b4ce6c929aa98e67dcbe5ae0ebdc5311af68dac57da2bccb8e71a06da63909bae551b5be8854638147c1ea48b3842f026121ad9c73f8371000f7c43a975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d0113314da07002fe1f70709b35e55a

SHA1
b31ed51a8c6d5a478ea40ae901a233d6fbefdef0

SHA256
d20816b49281270a769d222b12e74e9d4a9090d407616354e25721cdb0f2dcde

SHA512
d43cf838aa5bc2d7de759c811f8780cf5379681272277751fcdc1a1c58833caab62511c36e110c0946b259846cbdb30fed85696e87f82ebddc9fc127d46ac3dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
450896d83c81dfd49d8a3a5bffd5dcec

SHA1
278d07b28b9a72bc9a0bacb58d91ff96a8ccc149

SHA256
ee8b34635e18ceef762ea7745f127520e7fed27ce24c226ab48682935d451868

SHA512
eb796be7b57463b1d83bfe1d78d045fc88030a162d99045a654250717cd7a95865612f6441f070b1c1c953eed8c8f5ea6b286eb4a144aa833ffaf737ee193098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ddcb46e3e1302d93aa85b403c7754f21

SHA1
0b6d884a83b1917f73bf7048a4e286da8b06b3dc

SHA256
18ddcfac7781346c6311d36e9b2f9fff599f313a2ae45763c6e366dd8f3ac410

SHA512
265cd3eb2c79ce99324ba087a2fff3b328aa0741eda2bb497d4da7bfe13e7edfac736bdef7745f5b386ca0c9683b6d0c485c422375a60afe1affcb9f6aa2edba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b49e325f640b7095e5ff5aa43bf6cf40

SHA1
03974493c3f50c68d86af2682e04811f84aa3f51

SHA256
0a99a5fc046bfac6f919b4a4f571bc4c573df04e6107a6f16564e2c0a48967ea

SHA512
cd1b859fd830db2ddae154b5f02f83ca37e58585f7f7c549f40dc639ba3fe1ef746605e850b55123b9d89972374c412f76d8b6660839b07628a470534a49bb9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
e8fd365fb048161812b03e576183c65d

SHA1
86f347289aff8da9ee77859857f9c7913e5327fb

SHA256
4cb5f93c1db3301efde1643930c58d8cbbf064d51d736c59d58444de00ac95c9

SHA512
dfae0ce45b9a33b4f680ec359175aaae68ecd094d20b85e89d0afdb0e2b29aac4af3ae43648f78aeb23cd3a4d0abb2de86d0a7167e2c80c86c553a2d3ab19c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
0438462e6ab156b943ec1089431561eb

SHA1
f933dd7a4d336c59c6627e6342e7e511778645d7

SHA256
4544af13cfd2b09d49ff333b1f0972a1df2b08b8a1d69b0f78b2d7220cfe84f4

SHA512
570685730b951871387538fed7f03421601fb1ef7d81b41b14d2d5edb9d23bbbf853a2a06d2e1edcb39402ed5425e5fb47281d5f60859be035f2490e9e8e1af6

Download Submit
memory/784-0-0x00007FFAA0653000-0x00007FFAA0655000-memory.dmp

Filesize
8KB

Download
memory/784-5-0x00007FFAA0650000-0x00007FFAA1112000-memory.dmp

Filesize
10.8MB

Download
memory/784-4-0x00000275CFB50000-0x00000275D0078000-memory.dmp

Filesize
5.2MB

Download
memory/784-3-0x00007FFAA0650000-0x00007FFAA1112000-memory.dmp

Filesize
10.8MB

Download
memory/784-2-0x00000275CE780000-0x00000275CE942000-memory.dmp

Filesize
1.8MB

Download
memory/784-1-0x00000275B4140000-0x00000275B4158000-memory.dmp

Filesize
96KB

Download