discordrat | 3ce93b5813e1b8534a70b227f7e8503e10c3480607032c9744354faa2ac4a070

Analysis

max time kernel
1768s
max time network
1720s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
03-03-2024 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nova Patcher V2.exe
Size

78KB
MD5

ef61bc4d93013d6072d6b6b4b2231f58
SHA1

a604af75290366150af26cb64bd9bedc01ab7b78
SHA256

3ce93b5813e1b8534a70b227f7e8503e10c3480607032c9744354faa2ac4a070
SHA512

4cb794bac0eba98e54affbb7c1620113409b3065c515e7565e31848ad2a446010f7216459e7f0f101013e46847a309f56967866ba7b20a85650e51572c3ebc6a
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+kPIC:5Zv5PDwbjNrmAE+4IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5MzM5NjMyNzQzNDk0NDUzMg.GQtyFE.630ymbBowAmccfehQ9LqT14nEeJOjZV4R1iwvU
server_id
1193395247854653511

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2788	1992	Nova Patcher V2.exe	28
PID 1992 wrote to memory of 2788	1992	Nova Patcher V2.exe	28
PID 1992 wrote to memory of 2788	1992	Nova Patcher V2.exe	28
PID 2604 wrote to memory of 2592	2604	chrome.exe	30
PID 2604 wrote to memory of 2592	2604	chrome.exe	30
PID 2604 wrote to memory of 2592	2604	chrome.exe	30
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2400	2604	chrome.exe	32
PID 2604 wrote to memory of 2456	2604	chrome.exe	33
PID 2604 wrote to memory of 2456	2604	chrome.exe	33
PID 2604 wrote to memory of 2456	2604	chrome.exe	33
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34
PID 2604 wrote to memory of 2812	2604	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\Nova Patcher V2.exe
"C:\Users\Admin\AppData\Local\Temp\Nova Patcher V2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1992 -s 600
  2⤵
  PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef77d9758,0x7fef77d9768,0x7fef77d9778
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:2
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1400 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3816 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2436 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2332 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3936 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3832 --field-trial-handle=1372,i,13526158582017334133,3411091634826569265,131072 /prefetch:1
  2⤵
  PID:304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
dccf12096bb297369451afc6db16a236

SHA1
571bc48377a985f63fc7899142a7224e24aa4c8f

SHA256
7715812d50fd87d35cbcb910abad64fcc94360346e7728011c71820c8bc73a54

SHA512
d14341f35d251ad4870d686a810feba0c1b802e552c13a050f34af51aa491645d4cad9dc72a8d664a567844d54ff758c09165e41f8cc9c9a03966dbc91efe8c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
46KB

MD5
8de2c3401fef13f5c0f8e82a2fb76354

SHA1
f208974c5f866e071c838d0407a6a72d2d1ef1e9

SHA256
3fa1c740fe39c7ac18b90935c9d64505c77ab4b95256356ffaf9c0cdee5f7643

SHA512
ce357e11fbb1ddfd15be9d2534e392799b94af0c2ce614980e3c9124e4267857989662ed2b7e46e0697d0d3ee222e259f66f5a03d0f321152cb5622f5a8bae5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
776KB

MD5
00494c10001e5d3506062fe05b3be14b

SHA1
b6863374fbf468a7e7ed8c5c229b6b47e9e158a9

SHA256
a474b4dbc3de7f01ae792b12f5950955fc94e31fc77c523d1676590b244c2a65

SHA512
9f68ffec822ef1bb4c479ff206d65305dc17b498caa5821c9a9da70111bf457eee594894189fa9ea4e50bba50bac876024d3a82349d35ab42adf523870fbbbde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
31KB

MD5
e9fec90d4af8805b11e69a53eb21aca8

SHA1
e546322eb933862fa653f20fd4bd38bc6c3375a1

SHA256
e3801b7cfce7b9fc9ad44dc8569bb007c4cd934fdb7b4c3fea8c23a79e4775b6

SHA512
9ee5f9f118d869b2f7ae5d30903cc081710a7fb2f3912fef3bc178e6ad9bd3556f227fc6db940def5049f855938ebc4e2d4d855afbeac5b1ef2305642f8a7b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
33KB

MD5
1862a084867804c6446e31f801a6ca10

SHA1
9f0addd7e5407ad6adc297d83e71864bf5d234ef

SHA256
fddbb692490ae3a98abc3505688261ed1d9de4440367b2b83dfc26237dab2637

SHA512
110160df85746bedc1b5c56c9837a0e6850f47b27b18b804077179821932ea5e4317d1e42407304d3b96f9848504f0ca879c02030510f509d6409285aa90d144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
a0e2fcd04855e3f05e9774e1f53a07e1

SHA1
c6b0c61438b184572c5dcb349b384543baf35683

SHA256
593c596086b026e561834bf81718c78c10987d99707e6aeaf941c2c9c442e84e

SHA512
acf65343c04878ebb636600805e1fcae55ee933403848773efffbd6266e38ed0b2da41d45361cc62efd49c4338e74edd386a5bdcc4f46e699ffe912297a5e4cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7653ac.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8d33a082-dd37-46bb-b4ad-d656318750c9.tmp

Filesize
6KB

MD5
fc6004ddcd1ff099e6532978bb495755

SHA1
d1c26e46c24f85fb1c77930ee70a2c84207f42fd

SHA256
85d342e313dcb61c46b31fb136460bb1559d2c888a2592cd8b1646a1b0f1ddc4

SHA512
d3053dcb71b1144bc3d98c3f674efa8b7401ea19612d09806b0be0aae9815ee7b4e531b29f97f5669d4ed2044ee6402d10daa0588b512b3871f714d9a5fb10f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0ce3ff694b862239552321e663e09be0

SHA1
ee53b232dc50f5a2e3fc8b04cd375e3e9a0070e7

SHA256
9e7b12addaf72cf180d1326cb1dbad542da8d29c20d4a64a25ba4dc2de4a9b37

SHA512
3e38b361b53764f2514794b722d2b7d78994c67032f6211ab7e9d630c4793b3615cbeff130be1649becb0f13557ab21ff0503cfb1f9d30f51cdaedbb2e26965b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
47fad5d6e88480d4c3766e170190294a

SHA1
aeb8d696391379d6ad0d6bb35534e38a7faa0836

SHA256
215cbb7783793432a1c89829460ba1ac88978da15cb2e0f01a82d3b76c9ff769

SHA512
2c9fc723bcb3c54bd490672f2849f137082757844a666eaf3e538a63860e5878f1ea4f99088bf50196513c197d6697602d5ed1ecad539a3a0846ab7a4ced03d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
adb3ec7689181b0d2251d75ac4f3c610

SHA1
2ec4de233b860e88f4c71b241d3fcbe83773567f

SHA256
bfdd19cb823cc821013d6897f7eebc9c5a79ab364a7507d71205bd5f3b41d81c

SHA512
65e2357aaf3c430ea5aa83fffdb021edcc97f2defb8c274ece5e969a21e6bb08220752ee21c1c60856174f0ec4eb287cb829b3ba2be7a5783128bd9e5862afc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c8aa40ec743e980ad8d3c24ed024d5db

SHA1
8559bdfff5d4fe0cd3b610339839d6cddc87ac67

SHA256
72981499856b790d926ebdb6fcb7b5e9a84f5e8f82a4ef01ad443aace82e6d95

SHA512
37d2be0fcc78959fe91ae81b09f8085b00c1a279831140fcf036db325987136a7d069d554e7184e8f9c44c806534175a7184e7878be2443f8831a2336cbbe427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5f9cdba96e96228b04bd4fe154381cce

SHA1
396d26d6f669abaae0b21de1f21a4b66236fa43c

SHA256
7bc4ff94beaf05e842647783379cebf5490574075b4cc71fe0ac1f0053ef42dd

SHA512
055e40890bd00934ab9ee4f0614a896d4a577be4c05982b03e1386121bbb3ca7e0dff3c63ed1f5ac343416f7466c524aecaee290555e740e3e86b38d8ab93461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd0ab98d7f4b2ceb740b76e90781ddae

SHA1
c4abfce613fcddc8a3d34980fb6b11ff67e36069

SHA256
92803f7bb18ee04dc3e8b425749cb6cf372e37826b1503dae3e87b358c97ffb5

SHA512
adb8f40e883d7374d952f810593b704e08204406907dbaceb0a86f75827d288b509cb94c89eb442772e1e5257ca53e3d0593262d35b6c6debdad68328db3b6e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1d535967-80c8-4c2f-a2fe-a41ed02e8b8b\8de59ae37dffe7b9_0

Filesize
2KB

MD5
3483bd36e64d07ef0bcd6588c96d07a1

SHA1
8058b6f37958af0596f86fb4b43862055ed5f265

SHA256
c326d1634d3683749e2c8f5c6c978a08256f2bcd579ff70cdc2fc7e5498b5c21

SHA512
42aec961d8bdfcd11cbf9f867749f3fe442933b60fa678fa026981e30da009d2d69afb102af3fb55bc1e8d860603155b30088319f45cea6ce73a13e79d11d22d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4305bf80-2223-4b21-b729-9e7a965d1cb3\index-dir\the-real-index

Filesize
2KB

MD5
264e3a80bd27aee5152ba8ddf72b8ccb

SHA1
86753aa2fc82e8c0a19346175d524299c4f4ec1e

SHA256
795f48169d499004d708e641992fbe59ca24fca7f092f88b714369b1999a4eb0

SHA512
9a27eab78b4294efd5348511022c6022f900935c746874339a16988d5b00736cde5d9afa713ccfa5043e199e8886006822b72f22008ca9b25eedcf370bed5701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4305bf80-2223-4b21-b729-9e7a965d1cb3\index-dir\the-real-index

Filesize
2KB

MD5
dd01f65e7320cf73fcd5302cc7dcc4b5

SHA1
cc0594508681067821e861351995f33a4d7d5e11

SHA256
9136519e2ffda7cea74ff9b464ddce03c7e4387ec266cbfb75ed590c85e2e226

SHA512
49802cbde2c812025b3d10232d299a9efa99ccbd3a302e0de617f2a0cab8c3a7022a3e3e09e1d910bc436a2ac1d6b7cbfbc9d752593576dedf0501b0a6c4b8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9178670d-eac9-4872-9572-b763a78265b3\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
78283a79f359209a327791dabd57264a

SHA1
d28354e4c423412d6b667f4e5d0418d6fbb6d146

SHA256
963391ac12533fe94b67c52f6b90cf990dccc37effed2bf1c19692dc572d9fa1

SHA512
6aa630b74b4061bb40344e0374881c9eead66b8e39919af7f92953d22f79624cf937963f6e5dd6bac48db3eca0f43bf9b70894af353088106eed383d9e61a198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
d43953a562017b2b2b723c4e432534db

SHA1
903c199984f703a5f061631d612f675c94d42249

SHA256
46bb784e9156f25db90d1f58fea6f4de4ea5ce6d44a3ebfa568e28013a92361e

SHA512
4caad573dac896bec2e17806a78b9810c81203737ed13bb5922d48add78ef41daddfb65fddc3d915fcc5e6d1eb01c37dbee49a9bd3b89d829c1a88c5efed8a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
f7f57ef7123040f2c578f3ead7752222

SHA1
b89ed912adcf7d3e0711d3b119ea953b83647ff9

SHA256
20f2317587419d7e25501f53ae19de8470ccc74d75f153793ebf50eef756a19e

SHA512
db9ab371b4cf802d1d0e67c36ca10c2c4d8062fec3c33687f3decee0f0fcd951763dfa47998292f73dc10647a6aa0e912369c864a8e08ab8f99bea2e571d0285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
7555e1d56c9696216aab69e88a5bbcab

SHA1
62473f930e47f8b8bd0822e85547205a0d451b9f

SHA256
a1b65c0a6e89824c406ad62f43d34f38346a2b49bebf12f581c0b512f1effb05

SHA512
9017de9e9ab953b00c8b08ecb84d4b625729697613e85499a5ee02ad95fb4b2e9e69ec12272ffd6317fe446c3893344e67c6c30bdf2da3ec2f6225fc54e18539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
906c345c35b2982e9adaf819876a17c2

SHA1
cd7bc93d296f7372686221c49e604079f71df500

SHA256
4d43516883f0351001fc8219da93e4a2b3d367a4ace479da038de01437e9f764

SHA512
b6e84287bb63effad436fd81f65feaa03ee3267c85797dd13286ce94bf2c63345a7437bf80b56b8dcec66a04be66711aaeeff8762da87064850c27a72c988020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
5f75607155ba96a01063ffd03ca65378

SHA1
5260f4f1e6997ac30867dc3d68234fc5c7d6a01a

SHA256
67bf9cd5b16ca9d207121ae921810ebb8e16341db3520a5212d2492207478e3d

SHA512
872831233630aa4bf15d2a842823752d1bda766675ae0a0065020b0e3d98be4a52be25490dcaf645783216a66f866a33831228673b4269b660e868f8943ba967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2604_231164142\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
memory/1992-0-0x000000013FE10000-0x000000013FE28000-memory.dmp

Filesize
96KB

Download
memory/1992-3-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

Filesize
9.9MB

Download
memory/1992-2-0x0000000000970000-0x00000000009F0000-memory.dmp

Filesize
512KB

Download
memory/1992-1-0x000007FEF5BB0000-0x000007FEF659C000-memory.dmp

Filesize
9.9MB

Download