discordrat | f6c156e58b9fa032e28663d474ec9f747524298781a7df5e29a477b45d51bb63

Resubmissions

25/03/2025, 04:49

250325-ffs78s1wey 10

25/03/2025, 04:45

250325-fdebasvlt6 10

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

61ab5f0d4c935e070453793da932f876
SHA1

5743ae16fdd28ded14d4c6efc9967d520043efb6
SHA256

f6c156e58b9fa032e28663d474ec9f747524298781a7df5e29a477b45d51bb63
SHA512

818e77611632533b298e07aec26195901aafa0b08a84a1b6ef5199496da1829441373a8d347eafa9d05eef85733a075ad80ad814a339de957f00ee580592b34f
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+dPIC:5Zv5PDwbjNrmAE+NIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM1Mzk0OTU5MjgwNjQ5MDE4Mw.Ge6xlM.230RZkdbvNS3PW679kyNkZMoIB0mnjgZpxNYsM
server_id
1353947596262998036

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
8	discord.com
9	discord.com
29	discord.com
68	discord.com
134	discord.com
135	discord.com
69	discord.com
70	discord.com
71	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873516531249642"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	1660	Client-built.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe
Token: SeShutdownPrivilege	4788	chrome.exe
Token: SeCreatePagefilePrivilege	4788	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe
4788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 1700	4788	chrome.exe	109
PID 4788 wrote to memory of 1700	4788	chrome.exe	109
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5012	4788	chrome.exe	111
PID 4788 wrote to memory of 5012	4788	chrome.exe	111
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 5952	4788	chrome.exe	110
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113
PID 4788 wrote to memory of 2908	4788	chrome.exe	113

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff98dd3dcf8,0x7ff98dd3dd04,0x7ff98dd3dd10
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1868,i,2391306869137621748,12081900257840179671,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2024,i,2391306869137621748,12081900257840179671,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=1768,i,2391306869137621748,12081900257840179671,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,2391306869137621748,12081900257840179671,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,2391306869137621748,12081900257840179671,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4352,i,2391306869137621748,12081900257840179671,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4364 /prefetch:2
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4736,i,2391306869137621748,12081900257840179671,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5384,i,2391306869137621748,12081900257840179671,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5572,i,2391306869137621748,12081900257840179671,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5508,i,2391306869137621748,12081900257840179671,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:2868

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1cc1d926895ee6bfc865d59134fb7df3

SHA1
6285a9ca4fc2b6f52aa6226d0662c33a5fab09aa

SHA256
9d7d9f99eee6c050c924e7d2a696a952092f0165ea676a41e04051be0c54acae

SHA512
7889a821cdd5761350b9d0859da6f1fc441cbef36a0ac8e27ed7c36376ec1c621665f3ec9ffbd61353ecded9813b60fa201a8a446b5ccf385bd857227307507f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c16a1d5788e874c216a5aedb61a3cf8d

SHA1
d53d164a9f2fd99cd821706bcdcc700456145560

SHA256
90b8efcc5f3a57b4ebbcc86f8c050d3d71f22e1e64c2567f1e6df55308a573c3

SHA512
3578726176f9139c48add7b463ffcd6c7b8113d1c39ac814a113aa8b5e923eb5a4a40099d6c92f99d4e69fc1ea3af972be3fa44302c3cacaddbbe0a5b3b0abc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
00170d6f5f0eba845db643ed5ce1a60d

SHA1
a4b1c59c52720d7557587878da22844f31e9971c

SHA256
1499bef763404594d87d5150aec30a62f1bcbccc540814c337052262853cd8c3

SHA512
cd6ba3cc0031d599ebcdf7df368fdbb0432ff147cd998b9013fa081a718974804a6b4972e29f426c1961f726c97f50eefaf94979044a843639bbcb9447713266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
24d228b73f14b1137cf71540b92716ad

SHA1
c0141c0b8798c8b7e2cf062c6dbc3d686e3064e3

SHA256
9a060d49545c57f6120ae870e0b44cf58ecb2c1d19eb056612d1aa50c7d3d8dc

SHA512
1651401fa0b6b94b2141e3860164628923ffa09b863d297675b2d3c1bceca13763243e0c55b47ea130e87cdd98548a0774af49d4e4ad595bc5909b418754b4de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59affd.TMP

Filesize
48B

MD5
ad4540bce90fac4b4366d21f905a1adf

SHA1
c007b4cc868c4b5cff3a8cab407c02331dffbaf1

SHA256
831fd69ce0c181bd7d2a46719924610f91dd4e0ef92ca1e0b0d800266fac7284

SHA512
d02ca228c420fb06c5e017e7da217bf98ce7549d4881b5b952923f8aa9a4fe018e49551ba97dfe79919f5294f2cd49848946e8d993d7f2824ecb310e9b128dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
7779b3f5c68d3524fcf865f656798c33

SHA1
3c0cc4b134cf50e967329ef69bd1643c8e903eb5

SHA256
062eec22024cad3499b4b891ad1149a8dfe4f324ead85118c738b01af1924d4b

SHA512
c81e65cdd878d5dbb4013865a1e9093d8e4172ac49cda559c6f2a79814ad0bcc0dac0c37504cb1050681ca74123e3d22aff229a4859b73154177615b6e781880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
fd15f30dd6c0f1690f1d2828b5bf5063

SHA1
589129745acda2fada94177f71b9b8a0787a12e1

SHA256
033535ee0d706e0e9e9d8761a6967e9e1a34df5e88ca1f7168b40577cffab11a

SHA512
e1d7c8c0a4f918f2c03939dd6b4eeaac99c248cb6949b8bdf378ed1a32d0c89ddd804e1e43085053b172599a149d2310b32ecc1e954746c77440821a15b48ec2

Download Submit
memory/1660-0-0x00007FF991973000-0x00007FF991975000-memory.dmp

Filesize
8KB

Download
memory/1660-6-0x00007FF991970000-0x00007FF992431000-memory.dmp

Filesize
10.8MB

Download
memory/1660-5-0x00007FF991973000-0x00007FF991975000-memory.dmp

Filesize
8KB

Download
memory/1660-4-0x00000215A4690000-0x00000215A4BB8000-memory.dmp

Filesize
5.2MB

Download
memory/1660-3-0x00007FF991970000-0x00007FF992431000-memory.dmp

Filesize
10.8MB

Download
memory/1660-2-0x00000215A3E90000-0x00000215A4052000-memory.dmp

Filesize
1.8MB

Download
memory/1660-1-0x00000215898B0000-0x00000215898C8000-memory.dmp

Filesize
96KB

Download