discordrat | 156d7c0abe1f4731630a10d4493e7ad83f65925e79e11a72eea83af406fe9546

Resubmissions

25/03/2025, 04:57

250325-flcsfa1xat 10

25/03/2025, 04:54

250325-fjpzzsvlz2 10

Analysis

max time kernel
34s
max time network
150s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
25/03/2025, 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nitro-Gen.exe
Size

78KB
MD5

20397bb84ea40f8089b3f3c10e6a1dfb
SHA1

682d864624ab380996721419a710f6ad68625142
SHA256

156d7c0abe1f4731630a10d4493e7ad83f65925e79e11a72eea83af406fe9546
SHA512

86d800d200727b4b77d754588acd8c117259f08d3fda9bbc157962d00ad162c43d91833e563705e08c03c746c5e61fd810b599a7c1f0dcbc7637247593e8dce7
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+4PIC:5Zv5PDwbjNrmAE+cIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM1Mzk0OTU5MjgwNjQ5MDE4Mw.GIQxca.zd34fFM3LslRnShOeP63jlyh7qIY6t5s9BZaZ4
server_id
1353947596262998036

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
39	discord.com
37	discord.com
38	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2128	chrome.exe
2128	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe
Token: SeShutdownPrivilege	2128	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2856	2740	Nitro-Gen.exe	30
PID 2740 wrote to memory of 2856	2740	Nitro-Gen.exe	30
PID 2740 wrote to memory of 2856	2740	Nitro-Gen.exe	30
PID 2128 wrote to memory of 2900	2128	chrome.exe	32
PID 2128 wrote to memory of 2900	2128	chrome.exe	32
PID 2128 wrote to memory of 2900	2128	chrome.exe	32
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2116	2128	chrome.exe	34
PID 2128 wrote to memory of 2008	2128	chrome.exe	35
PID 2128 wrote to memory of 2008	2128	chrome.exe	35
PID 2128 wrote to memory of 2008	2128	chrome.exe	35
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36
PID 2128 wrote to memory of 1656	2128	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\Nitro-Gen.exe
"C:\Users\Admin\AppData\Local\Temp\Nitro-Gen.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2740 -s 600
  2⤵
  PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72e9758,0x7fef72e9768,0x7fef72e9778
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:2
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1656 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2172 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:2
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3240 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3476 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3744 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3892 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3944 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3860 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4184 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2620 --field-trial-handle=1204,i,9767179190561453519,11616534353493684611,131072 /prefetch:1
  2⤵
  PID:764

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a25fd41ba384b358b4532fb1eabfbbc

SHA1
fd0aa1383a6dfe445bf10635e3a446d5265734fa

SHA256
8f5b2bbf0f5f5abba0fb0e87e5f03bd95fc45820c304efff55b496e43148e2f8

SHA512
a3b753a5e7f0b529eb3d72d36acd57828dcb44c82cbae02b65f0c307a3535b87c6c7648235a681126fb735356522f8eb723fe00a2951fde7087614388ee3d6b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0530ce159b98695c5ee189104afde3fa

SHA1
9f4d02c9e57b15fd0c274ef3632548ae1b0c08be

SHA256
11bc1c58b97ae71374eca3ac0aeba4cb193f577819c5e36ced28d458713c263e

SHA512
a74f441b6b80f85255131975570eda11e611bbb12d2727039e6d5977a1ed1022f48eee4994e641111c0e5560aaebc3e6c7c6171584eda1b88401c655c9a8109f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

Filesize
113KB

MD5
8bba2b31fcad740f9a7fcd850bd5892d

SHA1
05a69f033d71e0e90e9705ee2861994bec9c1a1c

SHA256
6dfee86d0a393f12dc9048d9e2229286a673f273d16aa83b53959e189c8162dd

SHA512
d40fa8a1b4cf8bc50c7d35f9880c0890b65d8841a88eef0c2a8417886f4be2f5a56dd1febce88782fb3a11055c6bc94fd7d8cf1190f148ea048130345e07f793

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5d238505b79bc9da328667fd93a997c4

SHA1
5d05c6f3c93d9fd1c4c6ea70616cdf8b7f432438

SHA256
ba3ab94a0f08ba27c95f9a5f4df3f69e3567c6b7c5d4771b39407669cb764540

SHA512
c4276f0736e7cea187de65c125bb292e7b5360a34cc76c7ab4815ef2da95aa6a10dc7190b80e518ab1b2cdcb4a488590e21f35a88e794cc60ecfa887f900aa91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
56c67e279f3042b5a6fad97a021aef3a

SHA1
48583ac4128d257724bf45e11422dd1e6dc9e1f3

SHA256
10de8f0e0e321d670d4203cef59042bace052c0b04e78dc8851e1cd5f7a100ce

SHA512
6903c301eaabc35e57f9d1cfd86a596a6b730d5f0c90e94d80f79e7fd0735e4d99a0a394762283d495a6f7c798a68252ed4f3e1f2dc1eaa359be52b26a2992df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
a2f7ce0f96e0e05588e4a361bc4b5bf9

SHA1
452a6b3dde3c581f00b18c19938417be1d62576e

SHA256
60280258cbc0040e42b4a8b58952d5eaa88accf809fe102e3244e1311460b8dc

SHA512
1134d37d6ae245c23d2b44cc5c597a89dee6deac318f089bcf5f7cf835652d4bd575984c04ceabba6308763f0c602f0ce443e778ef7414f142ff86dc224a6aad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c9e62609140fe6192f76ce94bb9f237f

SHA1
5faf9d63272b8c4e6f055e141cf7e2d2e826f4a3

SHA256
f619c96a1f01446f595189452d5d1c12eb0ad5ad36fac1cff927fdabf1ab2ff6

SHA512
7fdcbb264f0325079d2bc2f48408028e7c61028e6f9b4682433c729e6acff48141ce67438199a684b5a37b7c7e2ca1501bd5ebcef1f4bae2a8e13dc26b71080f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
c1e54da030984b546de656f69ab84ac1

SHA1
ab43150c23d16d2c416d1c45d9321f23ebc9f904

SHA256
b55ea78828954f8b4c742e959cd8bc54633113837264d4f5839858ee64eb45b9

SHA512
959b1c36ff50aec01bf3fbfc0daa25258be49bc11b8db6b1622c6f0f2efe5ead5f224c08bbe5e3ea29092216bd7017c73c4065b97d93c2e98d7945016b3170e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
ac6c7a346a720d069ff4d63eeba469dd

SHA1
102e0182bd4168f9d2cafbffccc7dd517284ea26

SHA256
675e11e493d7944eed8a126b6752a6913f6c0706c5e6e126a5385d7827d23383

SHA512
f4578e9716122911c06accc6c70c4249ede0e2501b6dc1be642dbb753bb1d97a7c9813ac1a7977f9a70de3ceae0f7560b4dd7d0f2eb291edbacd9a3c790dcf85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a58dafc0bb36b515991fa45b79b8d24d

SHA1
2f74037a72d5f1fad64f15ece4fef9b7862d2fb5

SHA256
127b362e74cbba269158cf503e2d6c5e790fbe8862c7705898232817b1a7426c

SHA512
bfa47db32a276e6aa0ca2f85ad6a7a8e93acbbd622971211c3038ab0595fb57686020635d4902b7a67b4d06f5f66bcaf7b3982e93d65b07d365f44b3547bfe7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
83b6bbea7db906e9d41ef9a165543722

SHA1
a996bf941982ca98de78f4edb5001bf0218dc22d

SHA256
1cb07e80758f5afd81610b3846a08b9d7a1989729910df4c883cd5ee9a2d406e

SHA512
4eb23588d10415f4f7c222dfc3438ab52868279c35fef15e3d2b2a25d68dd77cce4c087b220edfa5bd03372dd86501c7e9a48b962b21a338ca7fda69ca0dbb15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a01da19e4bed0f9f419b8faf66ae46ad

SHA1
7022ad50be27998f2c22e1952c3c2e5048e8d95a

SHA256
eb05259e19a94172f2251c39fceb50d4e76ba8d2e78d1b08ad4efe504266c9c1

SHA512
25e0d759a776299b017bec193c2bdc4fd4829dd0554ebb3e5f8588a5483de27b8fadeb1a34bfb9ec0d1da6a487698a69a5322b7993a7e363e2e6826ae7df56b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d02fdb29b5c68b758ea7a7e84d61b76c

SHA1
34482d6648529d48f5085a4277eea33bc2b4a8ff

SHA256
d892603107923509949f4f63b1aa386b3a5d8d8d8b41b7e0ec8549f08efd149d

SHA512
f96ad928ad9f2cc7db5b514b71c2b26ab58609f9b3ceaed1db3c49cd156bc6abdcb1a1e5b44580ffdf301116dfeed6c0fb9d7a458054b681db2ff1fc7ae11bbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
41a3cd4ea4205f182e86afda50ee9c3c

SHA1
819d195d0e2443eab03290bdc29495901c4adfc8

SHA256
b9e1085b73902945ff3683fcacd324acd51975e77cbdeebb03b88b3eab5dd52f

SHA512
ce6122e124106b5c102e73c9574444656e8e9fafee90a3cc5b80e6b86f99bc036aa33c500e377cdd056362be024f8b374fad18f7c101ab965b673f72e43107f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd26b67771af2ab1da7096c2f523c0fb

SHA1
5d4b20b53e9502c2ccdca7a79c721ec851042190

SHA256
5238f92a13e92dccafd75c0e44eda516f738f3b79ffaab619236d7534adabfb0

SHA512
2fec7a4e3b71773010f69ccfcde6fce5d802792e40a64640ec3d75ef07270988b38e9d0deadc7017577dbff90c14c3a3f82cdff77a3b7845b516193197f62cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
150b991ced7d7972ec7062c4d7513e3a

SHA1
5f567ca302b3b3f8d7507e1dd83794c3eede69cc

SHA256
35637d866799dcae3684476c5f068f9ef21f0d8e5b8d5fab9c7cd963cbf02456

SHA512
02399c5e49efc3dc80220b525a442b02f81d2e84b74b7365440d7878c569aa3cea7d38b86fb7851fc2b21c8b47f0be5ee8a53b7abd04b553ceebd3207dfb2764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
367KB

MD5
550ffc500662a9b8c5122a021e824192

SHA1
241ad8730a81f3bbd67d98829905e7f2485843cb

SHA256
d15153d02a4c2c75f387fc03726109a957430759c5eb79b4983810ca55aaf23d

SHA512
f1df4c6b49e4f8280777f91a3957d88d495965f6b0c125a00dbbe1f166b34f974f919082f9ad615f83afd793341fe6a0bb11a59f22fa9529626300e40f83f59c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7E7A.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
memory/2740-2-0x000007FEF5260000-0x000007FEF5C4C000-memory.dmp

Filesize
9.9MB

Download
memory/2740-1-0x000000013F1A0000-0x000000013F1B8000-memory.dmp

Filesize
96KB

Download
memory/2740-3-0x000007FEF5260000-0x000007FEF5C4C000-memory.dmp

Filesize
9.9MB

Download
memory/2740-0-0x000007FEF5263000-0x000007FEF5264000-memory.dmp

Filesize
4KB

Download