discordrat | hxxps://github[.]com/ramer-py/aimmy/blob/main/AIMMYV21[.]exe

Analysis

max time kernel
61s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2025 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ramer-py/aimmy/blob/main/AIMMYV21.exe

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMzc2MTI5NjA3MTU5NDEyNg.GFiP-y.G1ZGkk1Rtq0uGDtBmj_DEvho3ffW35IfPtBbrU
server_id
1322790854867292273

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4556	AIMMYV21.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
51	raw.githubusercontent.com
52	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133802320047027041"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeDebugPrivilege	4556	AIMMYV21.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 4824	4084	chrome.exe	86
PID 4084 wrote to memory of 4824	4084	chrome.exe	86
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 4608	4084	chrome.exe	87
PID 4084 wrote to memory of 3420	4084	chrome.exe	88
PID 4084 wrote to memory of 3420	4084	chrome.exe	88
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89
PID 4084 wrote to memory of 2980	4084	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ramer-py/aimmy/blob/main/AIMMYV21.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8cde2cc40,0x7ff8cde2cc4c,0x7ff8cde2cc58
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,137296991500810668,7855212713024593968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,137296991500810668,7855212713024593968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2116,i,137296991500810668,7855212713024593968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,137296991500810668,7855212713024593968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,137296991500810668,7855212713024593968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4980,i,137296991500810668,7855212713024593968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5040,i,137296991500810668,7855212713024593968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5052,i,137296991500810668,7855212713024593968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4496,i,137296991500810668,7855212713024593968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:3816
- C:\Users\Admin\Downloads\AIMMYV21.exe
  "C:\Users\Admin\Downloads\AIMMYV21.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4556

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1448

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b152ecb0fa18d4c9ee6198db293cfd0d

SHA1
00e6d65c08dc4fcf04bc684af8f3f984ca0fdc3c

SHA256
d9e0e140a407a5379ef729d756d20c5b0f22cfcf15bf62cd8b737379712e174d

SHA512
0f67feb2ed29bae10fa9d37ce2075e89a4718ea7e51c76e4fc910ec449c1548d9fa8141e8b6a126c0e2715e7f2e246f8a4ab5c86bf79c28718290b345eb4cb3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2fe1b60a876888eb2f93449e0932cfec

SHA1
709d653f2745462898169cd0cad3dda4abe572c7

SHA256
03f4daa6c0a599352cd88e28011d0f2f2559aed8ccd2f740d9abbb19b56067e8

SHA512
2a96688bad7d18f31653b84af4a8d5fe490bd5a112add2a6ac793d88e2d045f20fc81bfdfb8ee4fe51a2623cc49149fb21f7b2b2dcb057c97b24fce2d80c6bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4d7be3509667dc38f6a3da08f0d0e10e

SHA1
1d7f2020673be2be3bcfde71c9bf32bb7c7ea8f9

SHA256
2ed9c42194e488656e849fd6e1246c444015da08fb125831670bd2daa74dacf7

SHA512
b6b37ad1dd72056b4040ecd3fe0f5c067d8416a1a010fec95fa8219c7a66a89ce16d8da59fbccf0aa0898721825e810fc9679e2646fb583935c23e201d409f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
65806749e46d9233a507aa49e3c34812

SHA1
e05839dc1037fa707f23b3aca6300017550b5bba

SHA256
559735fea52b34b8a2ff6a30013125ca32138bf32458bbdd26a557c0068ba9ad

SHA512
ebb872697484233f28eadc8bb25219c4db0d95965c161c1c10b67ac43aea647f3be84bad73851bc76ed3ae040e3962dbb7d7c090636f7f2ab6f6b5f119838563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
efbad427c13475165ed7cd97e596ccd6

SHA1
2ba14b9329c0beadf423f39143f25d57a5c7cb70

SHA256
a44b9f1a6991fd6bf59e2c96ecd409c5e2f361c3f8bf01963836ac7ea0830979

SHA512
f980f386c5f12dee0453275ba38e3cb604b1f8663c057837e5d24c0e5df83071119dfbc078980f1a701356a46e90dcb35bfe2d0dbd68b0986e02eb2e61d0ad51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32e8a97da2eb96a690ae8e996544e74d

SHA1
8372842c62790c02677194254fb88bfaae648978

SHA256
293ef8c255658fa60b9db7e8ca323db816a8881813f366ca465c4d5dc9332ef4

SHA512
0e8969da01014d0d176cd63bc0feb96848b09591b36e565b0e4577176e06bff1ad6fd55aeb41d36ed415fdd5506720dcca6f2a011b06ff1c7f5a26b6dc218bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00638d4fb271976bcab75bc5d576a4e9

SHA1
36765f5878c6d677a46aff0a54327e7ae21d066c

SHA256
96367106edddc2f31dec6395b7ae2320de9295c983d441cb3e7164e4630e5c78

SHA512
290a9348f1f6697b85b286dfb95a3cd366abab900a72b710abdc2be5473b95f1c4c2cff95c0dc348821a980f65eac97d20f5f812c6a67cece6d23aa6177b4dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ad3910f3d081fa3e079ff726effc7590

SHA1
8274f41ee7a56b7ef06f0362084e64297555ce4a

SHA256
5e25adac1ace291c2798f366f283c2a537bdf880128dcd6f0254124f41471378

SHA512
90569092688d8941ee6d7cd913ceca314b4c35f90b2c92995eea922973a2ded2a1164dc685c90fd2985f1db0ea47ca02b15723fc70d0d4dddd6073a5567aec6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
08b8b795346662dcf362d37095163603

SHA1
fbd2d6c360cceaf699d6cd7369201039302865fa

SHA256
1959efbe6709846b2d0b0b3a14e5eaad02e6218a070edd97c52908d093dd8187

SHA512
2e02bae745602a0553030d610f29a14bef822fcc77b33cce1886631d20398bb612e00eeb20fd5944f227469bef4fd060992eb765872ea5d90b21e0994b515000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
96679ebe294a9c2dc01ef6774721ad21

SHA1
1224efa3ba64deab10bfcff2e301b382fe21333f

SHA256
a390b3c479b4f0831b40a904df1c6f6bf78fef40b7f1a4ba4e6c557077ebd710

SHA512
c1d84481534e7dcaf15e012819b6b9438f39b14485b40dd35d970b7df3a4cd5d7e7c37324b7fec8c7a6744b01b9c08840f8467aeb534aef2cdd1a59d492a495f

Download Submit
C:\Users\Admin\Downloads\AIMMYV21.exe

Filesize
78KB

MD5
2a95e56d75d30dc32ad33e9fca4e3656

SHA1
6491087d42b3d1a4fc2a94d96c00c4948a7cd832

SHA256
205ff503be40825be39382111776d60a19d9cd8278b165d35c06478ad6fed2a7

SHA512
625a501d205ce929a2fb47a1a1b8b790a8e8767e2f6b9ae3ff471174bf4e1a6b8ff941a8ff1d19856a488c18d22a94ff9f23940ed259b957865363ee435c2e5f

Download Submit
memory/4556-200-0x000002507C3D0000-0x000002507C592000-memory.dmp

Filesize
1.8MB

Download
memory/4556-212-0x00007FF8BA9D3000-0x00007FF8BA9D5000-memory.dmp

Filesize
8KB

Download
memory/4556-213-0x00007FF8BA9D0000-0x00007FF8BB491000-memory.dmp

Filesize
10.8MB

Download
memory/4556-202-0x000002507CBD0000-0x000002507D0F8000-memory.dmp

Filesize
5.2MB

Download
memory/4556-201-0x00007FF8BA9D0000-0x00007FF8BB491000-memory.dmp

Filesize
10.8MB

Download
memory/4556-199-0x0000025061DD0000-0x0000025061DE8000-memory.dmp

Filesize
96KB

Download
memory/4556-198-0x00007FF8BA9D3000-0x00007FF8BA9D5000-memory.dmp

Filesize
8KB

Download