discordrat | c90e3f3f870668887c6a5dbfc49ddaba907bc1ea0c0966ad6249ff0e3eb9869e

Analysis

max time kernel
60s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Project Ligma.exe
Size

78KB
MD5

ef8b04b617ece592b13b0b92ce713bb7
SHA1

f3edfedc351352d0460cf7ffbba1f0b195e56f33
SHA256

c90e3f3f870668887c6a5dbfc49ddaba907bc1ea0c0966ad6249ff0e3eb9869e
SHA512

d4d05132622560b506e854aa3798da97379e742f6e3f9d012505621bd28f4b5b2102e555fdf10008f44e4d82f7d07e66c1f2b26e8e238faefebc15f7b963f0bd
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+9PIC:5Zv5PDwbjNrmAE+tIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTExODU4NjMyMTM4MDg1MTc2Mw.GimHVz.Zy6wvVDGcOmDEO7kYdxfHcGYhSCWj8Uq47_2aQ
server_id
1118584897725022310

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2640	chrome.exe
2640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe
Token: SeShutdownPrivilege	2640	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2088	2080	Project Ligma.exe	28
PID 2080 wrote to memory of 2088	2080	Project Ligma.exe	28
PID 2080 wrote to memory of 2088	2080	Project Ligma.exe	28
PID 2640 wrote to memory of 2460	2640	chrome.exe	32
PID 2640 wrote to memory of 2460	2640	chrome.exe	32
PID 2640 wrote to memory of 2460	2640	chrome.exe	32
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 2816	2640	chrome.exe	34
PID 2640 wrote to memory of 1580	2640	chrome.exe	35
PID 2640 wrote to memory of 1580	2640	chrome.exe	35
PID 2640 wrote to memory of 1580	2640	chrome.exe	35
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36
PID 2640 wrote to memory of 108	2640	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\Project Ligma.exe
"C:\Users\Admin\AppData\Local\Temp\Project Ligma.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2080 -s 600
  2⤵
  PID:2088

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef57e9758,0x7fef57e9768,0x7fef57e9778
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:2
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:8
  2⤵
  PID:108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1340 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:2
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1356 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3348 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3344 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3804 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2484 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2376 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2468 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2476 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=692 --field-trial-handle=1332,i,14132893095397176165,7009027133801647301,131072 /prefetch:1
  2⤵
  PID:928

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdf75d5d38a6c260e77c1f3b177f07c2

SHA1
59c12493a74e27d8b4f8b8e93e618a3383a1faee

SHA256
cdfb7f1526e4bdf2f5b7ec8a5ad64e44366216efb68be8df31950b048bf4902e

SHA512
e7f072f939087436d0189e6ec558262cfd504d87fc9e0c0c621fd81e47d8f6a8ebe1121312870192799cc644988e9ca4ad9ef549f9256a18d57d16d979509050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1807bfa1c2aa1e51a14c638b5d60b15e

SHA1
2ee4562407d0215226a321409b36698f08863771

SHA256
cc32178d0d83cc178ce7c3a2cee102c528d9664e941b58284e69fb7662017347

SHA512
be6b476a838cf38e460ec5305a3daee9a524b6268580cfaf682fbbd068b92cc0be2134785a3eef39b7aad130478f9e431d1526699ea9736970e3aab260a31c6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb8ebc1aaf4eeb88d4fecc86dd6edc31

SHA1
2c63a7e675c39f9f06f540080d88fe6c15dfbab1

SHA256
2ee6c55271584aec63afe2217765ae4088f7c3d659601fc9077ef18fed62853f

SHA512
205a43046a2a7e738963b34b8182062d673b31402c47827a4c29de5b6dc511470305e835ce785e87ede43510513f47fa2fa90e9d2e924a8c14c2ca759f7c4a5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4f12ed7de27bfdd683763e81dd88df4

SHA1
03e26a4ba3108d26d1a256233bbaa32ac1a31ba2

SHA256
98b4274f0fffe606eed929273ec76d3b0e99c0dd80fb97ebe7ff1a8ecd9cb357

SHA512
82ef43ca1f4d16ede5a389c1d3da2e4f79e37698daecb7cf7b207ac1ee1ce3efa382a9efecc706aac9610bace399b3258ce1ae0f20a5c2fb72a5307c86502c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
69KB

MD5
4f9d58547367f284c0fa5c840c00b329

SHA1
afdf5a998830ad8bea4d57ad8cb3882ac911b43f

SHA256
3104d7911ad5190e95f4bcc647740dcc286325ca7a57f46510cd7970aeced0cd

SHA512
7d21bdf059b4cbb5a1203c8c7333ea91118bab3b6d935f59e7e89637eb31d2a28d69033ce8501431dfbcccdb6df1f05d86cc4d99af01c68270a5577b795eb350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
327KB

MD5
5b8581c78fc086780bdd86bf1f7867c3

SHA1
3c639e7fed74050d74adefba6e57c8df31d41433

SHA256
f148ca7f10b8e792f5a0eb2d5185e3f6f6c66ea123bacc13470d8b76ac5a0645

SHA512
cb9e4ed077cb973d7107c98eb0fba82ff8990fe2b1c0dbbd71262010db0c560d7b6ba30598b5c67cee41fc11b72b274fa32263ccef299ba2134da3f77707bc0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
133KB

MD5
ccc1a20ecacd818510e1b91fb94a5d19

SHA1
c02bce9581ac603176134fe3cf545b01d55fadf2

SHA256
f6aa096e456a2566e6158707e9f8e5fe56cc48f44384c96820a97923d9687407

SHA512
157a9b833130cec5ea5deacb9fcadcd04415793a09e594202432a95938b8f18df6b2cc4d2a8aa1551a88239cb15c1e93e61a641e57ab775ab61a0ad54c9fd50c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
27KB

MD5
d6cf32ae85a02c86044db8ecc675a512

SHA1
db3ebae50be0f2772457234e8064e8d613669bc8

SHA256
fba5b7bd7e5d909571106c0b8829d085656e869cc7923532e8aa6d49f3355f38

SHA512
0b00d679db2577362a2f597fa812bde3f48e38d1bf177959498d96c5d3cc3984b88ef7f54d812bb1a375508e6c5e3546525c8b06e247c6461039a3d50fd381f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
46KB

MD5
8020829282f8d6133736f8079e5665a1

SHA1
64ee9e05894d5f726b5719c7c35c10dfa8f863d3

SHA256
4035124285f7d7e8588e4fe69bc1bfe663090e68ca6b1a6438c0cc9de22b6540

SHA512
68a01229ceb0d09a76b646db8a7641c41b98cb89e8632d6a0261437fba750b01f8b8ff29c1f70242bb3cdba1850d9e8c31c5b7ef69ce5ad2323801b4f3e0503c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
19KB

MD5
0a7b330d35d1f90a931ba5a5841128d4

SHA1
09bdf4c09b15a13ab725e036cf5b77bbcdb413f0

SHA256
88b3bb0764ee6edc9a3142807bf0cf44ed88ad7de857bd213102319e106701a3

SHA512
e71bce3e697d9166369751ebdaf24fc7f215b94c2ffd3448b0364bbf34de00305318a45dc042e11e0cb0dbecfc4f59db532d4a9796e54f84a5e2e1e020c939a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
96KB

MD5
f6e79e8c666ef12e078f4993ae35fc22

SHA1
1000f2c61f9aa7565dde57e5aec1f8cb72df95fc

SHA256
e6462ce39a8c2270f539dd16489608626eec2f0d6e7bb3808e58894aae8827c3

SHA512
3afb0faa2b9e8d2b024424d7a13a153b391bd04cfc4e0e1a2501643e440b61ffebdaeaba431ce14551c0876e9ab8f7af26994a3efb1e2e8fe0a74fa0cb11b960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
252KB

MD5
5add4ef197301f3b835cd1860942bbfc

SHA1
1688d8d8c9243fcf3768a61e08ea2fc4fe9a18e6

SHA256
985534caff81c915f62b27b63d0efd8f21226aa4e1d784e5e850b634c42ecbcd

SHA512
756563fcc519d04130b326a068704534372dedbbc9c25cb3a32230216bb9ed392053b34c0f2df13b290926b7b407081e70ae60946d43af1e78d30d9a224948bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
164KB

MD5
4d556c2cc10f8727638e49463b7d2a89

SHA1
257179478e9f824988c329ac72563c9aaf7bf60b

SHA256
ca0f78aad838f0e3fed01621284f941df080cf134c14768f9ae104fc47c996fb

SHA512
3146f1d3b6a0bd3ced1231d313d23591ad14a680b08f75403c79a22c52632ebd279fb05a11918b060b860751633eada4715d13b066fdf6867222f2506ad10a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
42KB

MD5
8f1f73a6bbe39bdf9491f7672b28db4a

SHA1
17e1b5e01c6ec0fe14e5091c4bcfebc17c0c0f79

SHA256
fc0f0e634256ad4acba4e91d7dbe8f18d90b5daa7c5868a5e2115cd45e41c92b

SHA512
ea228c4f2126a188005608488b2d980d36984a06999d8fa5a00ffdf14073e4a00d417518fb1716f664394613bbf1ea70b74ad6d12335d1afaddfab51d42538f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
802KB

MD5
d25a202898df9f5c7d82d63c7b08e71d

SHA1
422587b364bdebf17256de63d90cd1eda62aee84

SHA256
f2521f427c1bf65d8fcb714c4004cfc089c2737d4e4d483ce7c8a2958a41bbdd

SHA512
d13445545f35549caa6e207b035cd2b0faa54b5e2f22b3887ea7677cd49dfb242425a46d809b3002c86367f1bab98aaeea755e0da24b2e1eeadaa7cf92becaf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
223KB

MD5
95c52f6245db5aaaa931341d9f50642b

SHA1
8104535f88bb2e28ed75a12ae6ee5f4fca6b03e7

SHA256
29e4c41afb964a1b20184535d545998f18dd1f0757db2e312c6916e902d5401d

SHA512
66c3f8f3604249b39c49a91fb8c0e21249f1216888918762ac1ea156e0ad5289ac5d39631012de14f278841f592b73c9f1bb84727027cafb68e5e470d61146db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
32KB

MD5
a7418ed14731cb6dde4bb4d4d1db0aa8

SHA1
323db7b4e6fc6b75d6ce69aa2ac60515bbb97906

SHA256
cbb4c6cbc5033c23aeb6ef9980c5096dd214245857639a2ddd8d7a732415b37b

SHA512
f4ecf0118ef46df8acf143d5196115495a273240557a77cf981a4b60996c4eebba1bc1aa567e1f1c685ee9af6da83a9b17c2a78b67f843bef74cb7e0f9440ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf769f1d.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
e63cb060833d816ffc0b093410b2bda1

SHA1
226476969291601191a123101d3294e2926b9157

SHA256
0b5fc80a14fe53dcbe6da82c5326464e01a2efa347b04e8e3060b04e0792d240

SHA512
200515418dfe3be51ed607f1f033e2ef79a31afe46c17134b29b9610d444b5d7cfa3632a311549b66563fdd473e098abaa059b1b4ff1fa2ae0651237b32e0903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
9080044b05f86596ff173327ecb6b030

SHA1
1468964187ad0add1d9ecc50ee36ca8ce7131234

SHA256
525ea6dd4baa637818c58dc9e0f58a930646ac349e0352fd73a363442c762d24

SHA512
6e768e53f0eeeae7fadddf777b3296e5b07d8e777aa654fd3a571d71ec3da5c342e5bafad2d5f1ff514ad5502e8b7abb9e4a2af3ef91e3487042640a04425989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
0575c85129ca4aa60b9d52f7400931ac

SHA1
8342dcda033892fcd5959d1a5eb83ec93d7d42f7

SHA256
f5642bdecc0f40a267a4bb818f83c91f762a9d88aad66921a10736fdb49c6f99

SHA512
c82b13fd61d51980a571d27612a148e5f081cfc69ee5d834f4ec99a916e5cdcc073602b2b7c92a3cb626ae7344e56dcba427bfc8f57d91107cf7be9cca982ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
cfe63e435ef12a49b41ac007b468eb8d

SHA1
6ca57a6906a751ee286315aa16e6a8e695d9701b

SHA256
d79a0dda99fef32f15e81acebc0033b747adeb74d4851af414ace26f7cd2ba04

SHA512
5a05bc87dcd487693bf2aa9e374a5ca8e9647998f6fb5fe2a8ac83c72e96ea52739060f6e49e0f5bb8fbbd0ac2db06e71ab12d27574a2a0b47628d8b3a8afb0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
7bf189d1e6a933883a946393d497c960

SHA1
b8cd155d16bcd7c9d535fa44bdfe25f978fffe66

SHA256
cfcbc6df567b76d77e1545c2a1087dfc4e6c42406c9ca69086c771422977e936

SHA512
185fea1e4845bc85bdf1fbe815e70fff41979a21ccdde811cd816a1696b57801a542526c001189b30b4bd11e80332c2677efae5f88576f816cb1b3863c9ff14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
701fd0c8eb59623d76fbb52a8d9de0bb

SHA1
a91d3f087ed011ecd48f5f5e166b456e865953a6

SHA256
bb9a40518e6639b193a78d79e0f10df3652816b5c689486f9435ed53fb34df11

SHA512
fff96406aea0fc1551dc4b84b37c4b074e36d0460517aadd6cbc9dd4d054003d5dc686286151a048c5071ecfd176c93b347de9bfbf501b667bf4cece5cb969a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d58a959cabcba7ae07d05cd6d39f0ab9

SHA1
7bf405c5804e264aeafa84d1936c1448620e69b9

SHA256
02f00a7b96dca09b8eaf85370a4b12902c328fef53f0c4d51d0c7255a1bc6dfe

SHA512
e04e67b8acd8031204b4b6c22944731a711abb05de1841bc2f5d6d5f97092ae9a8cd51eed5725489518525b38cc64e09d1dcf5e5dac27efae92f059d5538e79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
562d7032158f8d41187eedc898219080

SHA1
f6e4c2e6d32f6327514f3ee644fad3a69fc70a2d

SHA256
f9e9e0afb7b4d115419462c25f54972f02eb96ae3e917e7a9f413321bbc7be39

SHA512
658104c0660e0830f333e090ce1d2956fd7d36dfea381fdb678a765de17ff706478d8813ce6de1862c34c95e9313e92d1349a8847e5b9272b4437752494b847a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
77a3c82f757b9ee2b630f8c6b655b60f

SHA1
6a8997b88a7e7c9ce9cadb52881da641902e2bbe

SHA256
690b5e247955733961add34b9c80eed23efef2bc221180046796ffed2bdbafaa

SHA512
f30ace29a77a179f78cb64e132a377afe1d254ba24e78f412b00c2de7ca4b7e40b1ed4cfa4757683630dfdd82d1de447ddd7edcb81fb2de06de7713d0104968c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bd9eafbd-5ed3-44b0-bdfb-70882e38d915.tmp

Filesize
6KB

MD5
0a82fad727b9ce6db8018be989a309de

SHA1
d6ebb8c4f0eb2d273e6107c935daf1f86def5412

SHA256
1ad27203160986413c8ffc3986652b5851b25768d81edaef6541d0f3007dff5c

SHA512
1e6cceaf7d8fba9f355fee28fd7bb6f4fc76440b2653ed071a8884358a24f038c0c081fb703ab8f22aae9a079a31f7c2bdd089f020e7e355a65323fde9d1b9cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
40c50b5f9c0208c3e840ffd34c265305

SHA1
644048a4d1e6682edd6eedc7617c6c7b44063858

SHA256
e3ebe82d4329827a47cf386d89d7057f2b2e0797e84bb25cf75a707366a8104b

SHA512
7231d9996cee258023ddecb8f6073789853c855573154fa83154b5fe460573673f89d85060b76caa367ca8725e9b91acb481483e941e247eef70d7030652c9fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
37ab222e79f3288a7f6c72529c022a5d

SHA1
fbb06c875535292a35890ef4e238308853b0323e

SHA256
8149f0e82b0bb14893e339f5e22c4c5219ba1dd1ac982e8e104a807f7cfb758f

SHA512
0757d18b0089653933bccff5750ecb915f70b01eb9be6c10331dabc5ef3bf25c4d2dcc0807c30074538ee88de4ff2de979ac030e51000b9e895d72654c967a4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE5A5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2080-2-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download
memory/2080-1-0x000000013F2C0000-0x000000013F2D8000-memory.dmp

Filesize
96KB

Download
memory/2080-3-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download
memory/2080-0-0x000007FEF5AC3000-0x000007FEF5AC4000-memory.dmp

Filesize
4KB

Download