discordrat | hxxps://bazaar[.]abuse[.]ch/sample/4762dbecb4b974a0f3f2c6a6a1b72394ec90b1054f5c970c328c6c7aeb8d5868/

Analysis

max time kernel
68s
max time network
69s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21-02-2025 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bazaar.abuse.ch/sample/4762dbecb4b974a0f3f2c6a6a1b72394ec90b1054f5c970c328c6c7aeb8d5868/

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM0MDM1NDQ1Nzg4NzgzNDE3Mg.GHP40n.qgKs_aAJ6GfrjhyOwfOiR0SkXc_4RQULhFiNjU
server_id
1340349846682603622

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 1 IoCs

pid	Process
5092	4762dbecb4b974a0f3f2c6a6a1b72394ec90b1054f5c970c328c6c7aeb8d5868.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133846342352558057"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737631-513087862-588053281-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3616	chrome.exe
3616	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1736	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe
Token: SeShutdownPrivilege	3616	chrome.exe
Token: SeCreatePagefilePrivilege	3616	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
1736	7zFM.exe
1736	7zFM.exe
3616	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe
3616	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 4752	3616	chrome.exe	83
PID 3616 wrote to memory of 4752	3616	chrome.exe	83
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 3780	3616	chrome.exe	84
PID 3616 wrote to memory of 4012	3616	chrome.exe	85
PID 3616 wrote to memory of 4012	3616	chrome.exe	85
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86
PID 3616 wrote to memory of 4332	3616	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/sample/4762dbecb4b974a0f3f2c6a6a1b72394ec90b1054f5c970c328c6c7aeb8d5868/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffde526cc40,0x7ffde526cc4c,0x7ffde526cc58
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,842458326697899362,5218805241286753233,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,842458326697899362,5218805241286753233,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,842458326697899362,5218805241286753233,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,842458326697899362,5218805241286753233,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,842458326697899362,5218805241286753233,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4820,i,842458326697899362,5218805241286753233,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5340,i,842458326697899362,5218805241286753233,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,842458326697899362,5218805241286753233,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:4524

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2052

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\4762dbecb4b974a0f3f2c6a6a1b72394ec90b1054f5c970c328c6c7aeb8d5868.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1736
- C:\Users\Admin\AppData\Local\Temp\7zO8C637FB8\4762dbecb4b974a0f3f2c6a6a1b72394ec90b1054f5c970c328c6c7aeb8d5868.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO8C637FB8\4762dbecb4b974a0f3f2c6a6a1b72394ec90b1054f5c970c328c6c7aeb8d5868.exe"
  2⤵
  - Executes dropped EXE
  PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
dceee8344a75c6fc85f6c51cdc0b3466

SHA1
feaf045a6650ca41cb13c26ac7fe1ebdcb8a25c9

SHA256
9ee2cc0d98c3a3b0822f76a9119fb4ea83022985242945e7e710a6c4c406028f

SHA512
ba80a4b7e116a101bca61954f66f8bc9dc20538705d9eebf8b683ddcbe4b95a491d032031e31f569f35bdfe882c1082300c8f4d8da878b51bd52ca76a2edaaa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
23530fb9bccebb5242702aa9966ac39e

SHA1
a0c78e815f8389dbc89b0702c3e01f07b924ab4c

SHA256
147898f8084a6eb90ca1134724596cc8f7870fe2bbb4f5cf4dab8cee749c9402

SHA512
52a3fc8452ff838e1eccbaf9899db501f6d1b29a0d469f57f6e11c25b8e71f9b5b16e25f2a3102fbc4a289e40e976c1a14676e68f57b1209f5b0b7516fbb764b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2bfc512f69d4430a516fdaee4bf6cecd

SHA1
181f13d2ed8fcef68d394d1c9e519a2345c6001d

SHA256
c592da6efe911bd0c52186c95d7d4bd301ef2296ea75e951e45dd6381fddd8c6

SHA512
0ce1748a855031412790646cce7070627bc3f5070d5a9c58736fcd2ab7a274c9d8845cbf32cd25fb475757679ff4abc81e84219cdb8eb3c2cc94a337139f1a01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e2caed012d00c6674d2352ad34fdfd82

SHA1
96c3ff7ebaaf46a0c3a7e543da7d74ee64510b49

SHA256
ae71736761ac39aaf3e7c8b6f5c20f34e758559b2be887e43539018e52c87f41

SHA512
5e5eef8b19b5afadae4bb6507ee5197d19b32cc50e5d114d7708e5cfd93f2ace075d247f4333c5eb93d11f48fe67c4c309c26c74e59b2a406340211b7fd76eaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
31378ce8873a62409459f01da6c00dd9

SHA1
58f8afc6f8bc41526ff40df98961086c0c7a24fa

SHA256
acbd4e305bf17feb49873c7ad779cb597fe0b7b0aa1f2430c74ae98da1d35474

SHA512
c4951394648b4f43f553edc61bdbe5b8a38213b9dc35175ce7ba61f8836e9f322bb6e8900fea8ec02666729c68b30fd34d3a0f012a8877008f1b5dc0d57077ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
50ac49573347f4ae147573e09b93bdf0

SHA1
0f1af3e838c5962a4ff171d8ad99a322a2046206

SHA256
f85ae07779d7369ad84a08a4c56498ff8c9dd4f03c31864a65f5e06f812e8682

SHA512
4cac1c5ca29ab5efac5de2d77a6d6d657dd340dec8a72daf7aca329cf44031e959e7fd5c562b6564f5fdcfc06f2000208dcd47f8cfa5e51eb40f2d28465d4673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ebd2815b89bb686e0c156b570a3e8cbd

SHA1
f2d8d83c035852d22a46d212b419ef9fa8daec1f

SHA256
bafefb9a1fa73544434d821b4059332931783e946568c5e7b40013b413a2d2d4

SHA512
9f0f82e79700411a3597028908e465c09eb70af0818b94ef98aceaba9e6669f9926a87c4691c27a90cb04420021d97739a92067ee0762a8bdbf2d5115c472143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
293ef1838c59543046c7a2c27ada2b8b

SHA1
cb421547d43d8876eb2b52e7c4809f68d5cc6332

SHA256
387390630cd630f64d5015d68cafe2bcae0647d6da05977c2e60a3179c9ed35a

SHA512
2ec117dd95f5e97b164870fb1ca46f7c10b2de7868d8716c2c4f304f82e5eac96abc24007de6e2bf9bf583f2b6c1274ee975535e73ad4142a1685fb5ec6230d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a9735340fbec8052b79e535bd850e007

SHA1
015f09133fba980626fce1cd1a275310d769f416

SHA256
8fdf4866e92fc74c3473ca0b3b6e3a66ddfafc588b249422554f7a1a2b2f1469

SHA512
d57adee6c569a0be5c7bac7f5108847a9a9408182d3a379d686d1402f40e1e0cc73100507a602e603879c8aa4e7e89c2dd9b8f7379006fa284dc82a43afe248c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
060a80511597927056882f2306515415

SHA1
f9575bd4f9be06ddeb45a40b4023d9d5636821a7

SHA256
2978b3218014be52a74b0b6fe23e85ca5a6a2ab52bd23cf3c8aef69eb0ebc7dc

SHA512
481bac1dadcf5b068a4ed9425a1f29bb71f1a5f4071ef623655645d64dc1401b844d256abdb0fda726ddff739b0cfcd91fc70194e59f4ebedbbf94ac3969baf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03d2856bf8018951bef843e5a09120d1

SHA1
d7870eab030592de4fb2f348ac5a48570ffa5254

SHA256
632460723a43a38029452723a4c6d4579f8000d0b6cc4d7428dc2bedb471d842

SHA512
dec93e202af6b027440e56558a620a424826b89ee23aab2bfc03d8a6876cc2775c258d3af2e960f5db5ce7132d0bee20507e64f3cefdad3b949398fa689f5582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
d7ba446b8a306c823cf827fba7ee75a1

SHA1
61c84297e1b3a941c7c291a30a8dc726926e79f3

SHA256
71d7b4ced601f35bc814960ff374b4efdfb2f6c0553091ed244908cb47e23621

SHA512
a7bf07938f8db98507cd364105494b5ea920a991c99d754b40bdb69ed9e40cf0178eb3e6df6ee4ec2a0052dec7b0960a6dd32df197cf2365b73de8f195436f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
34c7f7fbf3640eb62e17a819e968d43a

SHA1
7cad58d31ebcea585c04cdba371b8b2c8ba343d7

SHA256
ef88ae84d2a8d0b7340497a733a26007eca40846809cee2669fb81bca0e14fba

SHA512
caebf48ad8209c59998d9e01c9f6ae2a8ac3d1402cc3a1176c80bb4518bcd2483c429ce18b5ce09c5c98599d3eeb017a14bedf0132d95448280a05e97a56dfce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ed29d7a5dc4b34480328c0578ddce75e

SHA1
ae245149568e82e6d7062cbee0b9602ddfc390af

SHA256
56635ffdeedb8c176a31ede837f4bbf184de3f696265c087f95645b5a0bcaf16

SHA512
dd74495de4afff65149a94f8d5b7ec9e02a625baf306cd56ded1e083f3803bf15351a4fa8fc2581a367a237a720140347d9f6e6acd437b73569bc14b3e545d80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bd7c3380-89ac-42e8-a4f3-c46c8cc4275a.tmp

Filesize
123KB

MD5
bc6589287b43832cc4af21e3e2a5a7e4

SHA1
900dc326cd7ef34e0b5c1fd01bdf78d7614651c8

SHA256
5c8fef4b811031d2288f1444beaf59cadcbbc8852fc876393770838e55562cf8

SHA512
d5a6b44d2f205f3c558b6813cbcd0a1962b1b7041cf4e493a31ea7f821448dc164e2048ab03b9fdcc829ac2d97d6d1d1feaa569be76447acf22f9c5b4ddb2bf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8C637FB8\4762dbecb4b974a0f3f2c6a6a1b72394ec90b1054f5c970c328c6c7aeb8d5868.exe

Filesize
78KB

MD5
7d46fb5bea8ab51919f0bf0ebf3eda7f

SHA1
681bd820d40108123ab676207edf44dcf12eb357

SHA256
4762dbecb4b974a0f3f2c6a6a1b72394ec90b1054f5c970c328c6c7aeb8d5868

SHA512
fccf194f7b1a522eaa384c0d64af6977b31fa1f22d987a153ef057107ae1561743bc589eb5a54c442fe9a711183cd3e4edac79c554e4509c25fea9be16fb99ce

Download Submit
C:\Users\Admin\Downloads\4762dbecb4b974a0f3f2c6a6a1b72394ec90b1054f5c970c328c6c7aeb8d5868.zip

Filesize
28KB

MD5
d3189b83969153cf7d1cb66716b1ea29

SHA1
6053de8de72fc00a91d5a8a641a8e19d09a948bc

SHA256
9eaca604bc315c70e30d28ec681cee084cdddacce6013c9fb0c6942277c63165

SHA512
7d2bb2d29b709e645b68a0ac9c129ce322cb1fc2598814ce19b9d72ab52240988ec66f4825a374a2ffd5f4d35d7c1c5f91eea523e912948c8027d5d13efed3a6

Download Submit
memory/5092-202-0x0000027229060000-0x0000027229588000-memory.dmp

Filesize
5.2MB

Download
memory/5092-201-0x0000027228860000-0x0000027228A22000-memory.dmp

Filesize
1.8MB

Download
memory/5092-200-0x000002720E230000-0x000002720E248000-memory.dmp

Filesize
96KB

Download