discordrat | 74eb1588f759f2506b59257caf40a51946c3de7115aaa07ecc0c398c30ebb327

Resubmissions

25-11-2024 01:15

241125-bmg2bszpav 10

Analysis

max time kernel
42s
max time network
43s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
25-11-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Woomp.exe
Size

78KB
MD5

45a48ca77edd6fcb75e6086d44afac76
SHA1

87aa042d3b052982e390768af1f9171c8c6249c1
SHA256

74eb1588f759f2506b59257caf40a51946c3de7115aaa07ecc0c398c30ebb327
SHA512

1e7066274cb066008c989f3478b735fa238c094ccaec661345fc113db5cea92b79f778d9882d9b4249d76eebce5a9fef5fc27fe554d6092836a573af7599db11
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+fPIC:5Zv5PDwbjNrmAE+nIC

Score

10^/10

discordrat discovery persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxMDQxMTgxODEyMzkxOTQ4Mw.GwacT0.PAQkuzftriLM7RlTUiPVz9Ef_tbR89UCutRUvM
server_id
1310412901319708682

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
19	discord.com
22	discord.com
2	discord.com
4	discord.com
6	discord.com
7	discord.com
8	discord.com
13	raw.githubusercontent.com
17	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133769709704050701"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeDebugPrivilege	4936	Woomp.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	4936	Woomp.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 420	1124	chrome.exe	80
PID 1124 wrote to memory of 420	1124	chrome.exe	80
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1976	1124	chrome.exe	81
PID 1124 wrote to memory of 1596	1124	chrome.exe	82
PID 1124 wrote to memory of 1596	1124	chrome.exe	82
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83
PID 1124 wrote to memory of 4708	1124	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\Woomp.exe
"C:\Users\Admin\AppData\Local\Temp\Woomp.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc723cc40,0x7ffcc723cc4c,0x7ffcc723cc58
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,3697922908715402245,6185825376801228934,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,3697922908715402245,6185825376801228934,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1952 /prefetch:3
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,3697922908715402245,6185825376801228934,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,3697922908715402245,6185825376801228934,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,3697922908715402245,6185825376801228934,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3064,i,3697922908715402245,6185825376801228934,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,3697922908715402245,6185825376801228934,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,3697922908715402245,6185825376801228934,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4696,i,3697922908715402245,6185825376801228934,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2988

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3dd116d913ef03c09409254881be8ebb

SHA1
eb4ee53b307c4d474b171b01545af8898740aaa1

SHA256
0d14bc2c968b66ecb61c46cdc7ddf94c6ea066e3abf98ea547f60c4ae0aa53d2

SHA512
0b37afdce68c7db829342a6abfadbb077c78fe5a86ba7276447938d5ea6c52a18aac4a0ea7da0a4e876a9865b923210dfdd159f33f50e8a8650e08c4edef75e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9d2c1f663fe02ae3d419753e89bee05e

SHA1
dcf4d7fe61127889e7cd660c6117bf50f67b80e6

SHA256
e2066dfc7860fe1123560907e34ea3d2a5bd76f258a9125a28247be462363e7e

SHA512
41c2487663a458ea4cdad17715a43ff9fd2a8b46c37159297dd662bde1c215b0025f2134e10d3119eace5bc3f1f1b85491108bc9ad39737932d58e84ce564f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e49be001fb77e69fe0d44377c29d6f5

SHA1
26e40e8cb0253d6292cd267e389393cacd4c3a2d

SHA256
96f7e7278b507b1ad0495861a5a0770a74f259db7e6c8833c7e8a4efba76efaf

SHA512
425e1640c24c764197a35535225a8d9c00486f7f52d27fc38205c2c330571c320c3701aadfb1123b6c61316f397a4d09d4f3d52ab2ddc9656bb83d44dc1b72ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b58e1c0938183e93aec7dcfe155b7a64

SHA1
c0cca666d1e59f20121e888168d24abbefff14d1

SHA256
611a819705e30ab517f272383fed2ed356b9819d026794a3750cbac0ed82ddb0

SHA512
1a2f2f414bebffd17832a0d90b0b83d0f3e1939a56b9f1c2059f296e327411b3f5f96d271600c145b883478b385023b6e67d09ce48000510876040471d4cb7b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cd7ebb2ba8556cc3485f28fe43691c10

SHA1
9a252e14a759a86064f8e6a2c444a4226cf8592e

SHA256
0f797cd323570be26744809b5f22deefd9c4eb9258ca5baefb03ad1287f03d25

SHA512
dd3ff558c60e1d1da9e0949aadd426f29261fb81243e499d96fe371decb9cb75414ad321b7c0185899b84edaaf8b166ab46a9c131ef389b6f6cfdeac4150ffb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
d857e7a20a6007bc0fa148833130e6b7

SHA1
e33339c73a2dc5e3019bb873b300851e82484df5

SHA256
ab0bf5b8c7788ed33d6206482de1cb3be27863fd689ca75d89e577188eadb239

SHA512
87bc5a36d0f6ad9b377e494d8466c4cae458d52c07a102f1c7d0c8c8e4bd259a5466f3cb1651b6dc0c626ba615783613588e04fc472fdd29810a4ca86c1f7ca3

Download Submit
memory/4936-4-0x0000028230B80000-0x00000282310A8000-memory.dmp

Filesize
5.2MB

Download
memory/4936-39-0x00000282306D0000-0x0000028230746000-memory.dmp

Filesize
472KB

Download
memory/4936-45-0x0000028215920000-0x0000028215932000-memory.dmp

Filesize
72KB

Download
memory/4936-46-0x0000028230650000-0x000002823066E000-memory.dmp

Filesize
120KB

Download
memory/4936-6-0x00007FFCC0B10000-0x00007FFCC15D2000-memory.dmp

Filesize
10.8MB

Download
memory/4936-5-0x00007FFCC0B13000-0x00007FFCC0B15000-memory.dmp

Filesize
8KB

Download
memory/4936-0-0x00007FFCC0B13000-0x00007FFCC0B15000-memory.dmp

Filesize
8KB

Download
memory/4936-3-0x00007FFCC0B10000-0x00007FFCC15D2000-memory.dmp

Filesize
10.8MB

Download
memory/4936-2-0x000002822F900000-0x000002822FAC2000-memory.dmp

Filesize
1.8MB

Download
memory/4936-1-0x00000282152A0000-0x00000282152B8000-memory.dmp

Filesize
96KB

Download