discordrat | hxxps://github[.]com/ramer-py/Polo/blob/main/PoloV1[.]23[.]zip

Analysis

max time kernel
52s
max time network
54s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08-01-2025 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ramer-py/Polo/blob/main/PoloV1.23.zip

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMzE2MTk4MjQzMzQ5NzEyOQ.G7I-ZN.LY3G0kXRw3X2si7Yml8_CWkPvPlNXzP7jCKxBM
server_id
1326287372194939032

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
54	raw.githubusercontent.com
55	raw.githubusercontent.com
79	discord.com
80	discord.com
84	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808165743676779"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe
Token: SeShutdownPrivilege	4640	chrome.exe
Token: SeCreatePagefilePrivilege	4640	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe
4640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 232	4640	chrome.exe	81
PID 4640 wrote to memory of 232	4640	chrome.exe	81
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 1956	4640	chrome.exe	82
PID 4640 wrote to memory of 2500	4640	chrome.exe	83
PID 4640 wrote to memory of 2500	4640	chrome.exe	83
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84
PID 4640 wrote to memory of 4612	4640	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ramer-py/Polo/blob/main/PoloV1.23.zip
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc2ad1cc40,0x7ffc2ad1cc4c,0x7ffc2ad1cc58
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,12308721732071052335,3655542695377225143,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,12308721732071052335,3655542695377225143,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2324,i,12308721732071052335,3655542695377225143,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,12308721732071052335,3655542695377225143,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,12308721732071052335,3655542695377225143,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,12308721732071052335,3655542695377225143,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,12308721732071052335,3655542695377225143,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:3808

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3500

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4048

C:\Users\Admin\Downloads\PoloV1.23.exe
"C:\Users\Admin\Downloads\PoloV1.23.exe"
1⤵
PID:776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
38b7fe7d08e287efbb1c278ce86aca98

SHA1
8be4954213cb9d3842ecc562ed1eaf2628a3e7ce

SHA256
75fe26bae89a12e798ef3fd6464d6218dd66407610c4a299fa3148c2cbf51ae4

SHA512
a0bdc9c4f253a56de031799bb3892af0a91c1654487a7b2d678ebf917dca34e8aabc381bfb12f173c6b3339f6c57f23a953ae3e10b10cc893cd02fb3a2527c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fafa1806227109c18c8602b548178ddd

SHA1
bc1a22f10c1bfcadd85835908a60527d18857fe9

SHA256
b5594d9ba9beeeed47f1e8fbdb28f4349ff102d949ae0c64301bcd79fb53d353

SHA512
fb2c75053fd6a199df07587220502dffd4f89d0e5434a8b2c8169506ae7c2b15fd476cbbeee3fcb4c3d8edff092cbfdd5c02b20124ef6cc9e60f5e2efa0847e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
985a8962ca2c11ec19719828ac58ac5d

SHA1
d55c2d8ecad51db1b2280a750c16263361ada1b8

SHA256
24794d708af13f9013a403612d945ffcf1c4ec4c84031d400d5583286f413138

SHA512
049fa4e2ca55960a45ee7b8e42f3f14306d949f93f453ca5275f12bbc42bd11cbffdef9d0f73bf107cbc0112a97c843dcbe6fff6af2d0e74646d9429b1d4aa6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
650c1f90409b77c5beee94548c806768

SHA1
5f52f0e3475578a294b4af94db04b03e9a9a0e98

SHA256
d4ff89ac4e832bbe6bd08159bd2387398f1e9e978a0dc151629a988b0dea7eb8

SHA512
a0f313c3baceb2f5d69b5c2dd3eae25a336b33957c52a9204e6e52cd40a09e4c2a5c113c0d48b4652a56f592664786fa3b37738594335abb9c8152109113a226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cb0fbe2d41ddb13fe8e8b3e706d0219

SHA1
26d07a76984b7608a19bf5b7b02a074ebd56ef27

SHA256
3e8a0d817b18108a4c24a68afad42dccc19b78fb2ffb7657bd3fb310d4513e61

SHA512
40f0bd3d9612d55dd82eae2ec9dc49050b35fea24f0b119d82ecb9c080265c999f2ecda47e9092114a98178c80e23cc79cb12ae2abb6c2a5e26a420d6551c606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd925aa5485fa50573f2dd7a65d2c0c4

SHA1
68506e396c979b8386a234e6a5fab40d11a53458

SHA256
9aa19ab96c71c57e9c49526b3eac8577a69d9580d88e519805172298a2aee42b

SHA512
b5c2131fb8389af670ab5a32db5688731a60c161b0e959ff839108b850377536039493eec6bd39cad0c23892b0d3ecda3daf838084a761fc675f8ce205fcdecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c3c568f4000d37b25905e810076a3a86

SHA1
7c9b3e97204828fc85cb3827f51e24d3d9187a5e

SHA256
6e4417c7a59d69b813499511d44700dfe2e79311411f70772ae823edf895bbdd

SHA512
917652859337cda91d8c9fcb558cf2605e7cf9dadb34b858e7e47ef801fc82c40d45cbc0e7a3c5982540caf07380cdd0867a5e33d90b27d74e6f4b16d9790042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
2c59637d7a31cdadb2a4a1c2e1e5fcbf

SHA1
b632db97963fe6c8819f3c1cdc84ecfb61fa234d

SHA256
c1b57f909a5a98bb7d5f85fe1cdc362e9e8873d28dfdcc33de0b6e2bb771d55f

SHA512
76cf70695c39def880c508fb7f8a49c5b283cab7d5e2520198e70f62d3a31df91e31c755027c2bffc1f6853d394ac3ed13dca517740fa05b0244acc89aec0ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
5e4a31533aab06099f16e38a491f44a7

SHA1
b77bb9480822bedeed3b9506bf5e10ae9e6434ac

SHA256
dfc7b956560c7a46c3a296c72f86c88bc43ed78b58b2cd7b7c013f5dbad05f05

SHA512
961d0fa69fce166413e8bbd8e25c9d2e8e05a925a44c05d0f85b23e7cc172bbdba7c7f4db21b120b172cbccbb1efd616c3be71cec85b7c20aacc9f24188e3023

Download Submit
C:\Users\Admin\Downloads\PoloV1.23.zip

Filesize
28KB

MD5
b6c884ab2471bdc6991ae54a5f268d46

SHA1
2fede0649495ae359b3a35ad64a6a4c466fc1f6a

SHA256
2385341acc422edf8829e5d730e41936b5c71fbb22bb59cbfccd538b6b65f9eb

SHA512
2ad5e66e18c0b03043b5a580e5b3cbc6ad7415668c3c50d2db33af76e2ad4ad0a3fd33a6822ed56ab97a5d016b119faea6ead9a93e197f092389c9e8eb0427ff

Download Submit
memory/776-189-0x00007FFC16733000-0x00007FFC16735000-memory.dmp

Filesize
8KB

Download
memory/776-190-0x000002D3C8C50000-0x000002D3C8C68000-memory.dmp

Filesize
96KB

Download
memory/776-191-0x000002D3E32B0000-0x000002D3E3472000-memory.dmp

Filesize
1.8MB

Download
memory/776-192-0x00007FFC16730000-0x00007FFC171F2000-memory.dmp

Filesize
10.8MB

Download
memory/776-193-0x000002D3E3AB0000-0x000002D3E3FD8000-memory.dmp

Filesize
5.2MB

Download
memory/776-212-0x00007FFC16733000-0x00007FFC16735000-memory.dmp

Filesize
8KB

Download
memory/776-213-0x00007FFC16730000-0x00007FFC171F2000-memory.dmp

Filesize
10.8MB

Download