discordrat | a000d5b242c287ec8b1897e4e6dda734cc4615e2b7ff3a50440c753d78ce47bc

Analysis

max time kernel
117s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2025, 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roblox executor.exe
Size

78KB
MD5

d4492c91b127b304f924edabe3213cec
SHA1

33569c0c910c1738873bea8cdb2652aa4335ac43
SHA256

f975182341f7800acdb358b504cf753c9bb54d9055b22e7a423ce04a7e583a98
SHA512

b25d18814f69098d70a9d6532f41b2e108821281aff4466a2b9e1bab533a13dd21a3cb168688a905425c19cfe5d3994d5bc14d6c7345ddb53c8c9ab7496948c2
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+fPIC:5Zv5PDwbjNrmAE+nIC

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM2MjQ4NDQ3NDg1OTc1MzU3Mg.G6F0XN.VLF6L9woFXrcJqvnK2pSc21C4w5iXBv79eVBjs
server_id
1362170836378845274

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
76	api.gofile.io
78	api.gofile.io

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133893975227124690"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3404	Roblox executor.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe
Token: SeCreatePagefilePrivilege	2672	chrome.exe
Token: SeShutdownPrivilege	2672	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 4404	2672	chrome.exe	89
PID 2672 wrote to memory of 4404	2672	chrome.exe	89
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 2336	2672	chrome.exe	90
PID 2672 wrote to memory of 5132	2672	chrome.exe	91
PID 2672 wrote to memory of 5132	2672	chrome.exe	91
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92
PID 2672 wrote to memory of 4968	2672	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\Roblox executor.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox executor.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff1372dcf8,0x7fff1372dd04,0x7fff1372dd10
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2040,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1628,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2448,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3244,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4324,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4352 /prefetch:2
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4724,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5360,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5404,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=240,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5488,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5708,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4312,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5460,i,1108796218421527209,3154577395087818368,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5404

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2568

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e4883ac0c7bd43fe3d8a21e00ebae287

SHA1
863148d6550a409f4dcd7548080c83b78213f7fc

SHA256
2a949a7b1b79d9bac36c46a45582b8038736e18bdeca23b2a0ebc0c51d2e9ef0

SHA512
709e04f6240caa2329216e5c31c0a5d174500bae991bc425b9180497e1fcfd85ef360aee6b2b96759db4532a8ba93a91c1aa598c73b4d0d65b32f56fa5531905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
0b6114663b19c16afba89b141abe2ec9

SHA1
55db1e2681b2c2148067fbfa2c5305017669681c

SHA256
a9d8c3fe068373145c8150c1fff1bab4f82df871aa8b39e13be8688a33b5c419

SHA512
464543a851c466da6747703968e96ee37c81f7936488e4cc12ce869dc8e23e2c0eeac603f3e0e6634d8f4c10be627742d0aa5d2dad2fb03f6af36fe4c7f071d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5ed7b547490b7849cff3a525ed728358

SHA1
d45d84f1f1bf7ddf97ffa593df8c1c0552f03b70

SHA256
caa3dcc86339dbfce70b55911888fa9259b77ceacbf9bd7e1d4afa1c16c07ad7

SHA512
f436fcf260c3ff2ef3971f13a41b4aea6a2ba7ec7d1d38fcd853124517cbf9b4a4db6880475a2332a1ab495b23906ac044af21c6a2e40666609f0ec5c4facda7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
11be9ab536b56d194457836324a269e6

SHA1
486260c3c363d94e0b9d1fd5b3dbbd42c884190b

SHA256
9af86c179699ec169c8c78cda8392d2492c84dafd955f7730f94f017611b1fe3

SHA512
9204571852034f64d0765c3c51db9a9338af1d194bb553bc87f9663108dfb598e5d8adaaae5e5b82590591be45a430f2c396022dee13ef4f71dcf389c7a6b51d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed9a3b8950b9459059450266377b070f

SHA1
cca0d1812cb35f5ed4392b1fb0cf453035108a41

SHA256
d29c47116e67916fc5da7128d8d7b689066fce9f42f7136e6ade480501754492

SHA512
5d4559bfcd0ee5c92e9ccbe61da4a2965232c973f28cd40926a4f630ca74a49abb692e2810e12cd0b273e4fda7f99d458d201c04f98ddefdf03ec49c5186c196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2b2c0dd7b9de4062228554de865e5645

SHA1
937b1094df002faa46d4767eb58259c484370824

SHA256
c4d497e10cab34ed6589befb07041d080fdfcb031d0e7ac501e8d0a8b20e7d32

SHA512
b518cdf7cb85c3231fd2a03b87918a6136387273c4de451da8ce710a4433eab79335ef86f27d48ada0fcacfa314767c5387068d8078e0cdd53afa02275818b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
38934e2f510813b61ab902b984411329

SHA1
2775fd7c5df31637dde477950e88aca811ced9d6

SHA256
70828aa4e63646cc06d3767171a0641ce1b5c9698154578b8487dcd44661b583

SHA512
4772cd8b9ce62a2fe6f29eb782a77f6c87ebb0d4b756e64dc181feed2233525af71109029d57123926cb0930d075070fe9c8f0e2e1ccdbcd74d8dd0360f3a2f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c38ceea4d99a42004535546ca4634357

SHA1
1c37d47381d575bd242bc8cc3c5a501b9c11ecb8

SHA256
43453cb5a2db59e87a324d70bffcb291326c963d74e57ee4c6a1efbd0f0576b2

SHA512
31432fb2d9764e579cd888bc4a00585a096b4fcb8b9a1dcbcea426036e8d41564d06694521211a224bcb5281894ac80bd90a4cf6b477a7dc2c7efeb557af4ca5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e3f7c9afb078230f2de0f147996056ac

SHA1
2d0b246e5d8cb71b38be7917cd561e0681485e0d

SHA256
7272e2d3534bbd1900cf7fe9243c92e08ef3d348abec63dfd103d82ec495f232

SHA512
174a5041107563e5c915d44672797a388d65998334132b650d219413238c6fe420fb489ce1984f12f4bf6893a711053e08a3f4e7a0c911e53ba0f5cf52e1954a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c760ff5a71aac993134ac54be4eccc1e

SHA1
43a1ddada2d19eae6628899fc5583097804466c5

SHA256
3bd1f174de28d6e1264aaafad8eb7771ec0a9f873dc2cfb2b9331a1f64299dd8

SHA512
dc8935400ad1883107b468029330479d8dfae05d8d39fe4c9dec3a82de96ce1724bc2e18716e9df22045a3c8edc6f5eb4199108e2144398938aa6908b6b6a673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580a5b.TMP

Filesize
48B

MD5
a8ffbb101af89e051925538bb6be382d

SHA1
e32bb2129536b769325fd11c94301f3a4c153b1b

SHA256
3c6d1298ae637926a1175bd4d82c27d13802446fe0a29b7b89e5616ea95a3ecd

SHA512
396d2d523a7ca8ae9f9c083e6e58faba903225760b128de89b7223c89b4fde709970b5c9f5a1674c8e60fbfcad31a3a5afd4007c033ed292a863646bbb8c9bfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
7a3f5a85e325737a9d841adfc488056c

SHA1
3fcc9d716eec4bcb6d4bfe295a48c42480779027

SHA256
f1527223c375c02aa82b9d464b4511614b2f6e32758c68b2ed6092756fd99e19

SHA512
d474cda0f2adcd69b634cfbbab03a6af550098a457abd48e0778ebd65e0d00c465997e3f495aeca007d97c4c576f584877e50c0f5aece8875dc426f26b43a07d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
c969d003aad24d6c14623ca6120f0fa3

SHA1
efe5890aa7331662a9da07dcc6e6777ffeb6450f

SHA256
c5552c95872baf5b21de283d1c5830b19d55c997f88a780b84083f75dd16ea02

SHA512
f7926261a178a1ac604a86214920fb13d3cc648f947c2e63efe0c7f56420be67cfd59520d5021584a5c0cfa370accb568b56284cb5286a7074fc80933537595e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
b46355399a0b422f93b22e49aae3c746

SHA1
accfd37ceaa3aa083c92b41b62c599733bb726f5

SHA256
d8de416690e2d5392502a31e8c79772c7534205f8222534543195a5d9b4eb52d

SHA512
629e2ab09b43cf92790ca5b1d448c1f60a1eb8a45bfa2307f4d916d837da7ab8fa86d74c56dc3f9053227a9f0b8f3481f3f25830333e5e88afe05addd1381a15

Download Submit
memory/3404-0-0x00007FFF04223000-0x00007FFF04225000-memory.dmp

Filesize
8KB

Download
memory/3404-5-0x00007FFF04220000-0x00007FFF04CE1000-memory.dmp

Filesize
10.8MB

Download
memory/3404-4-0x000001F0E5120000-0x000001F0E5648000-memory.dmp

Filesize
5.2MB

Download
memory/3404-3-0x00007FFF04220000-0x00007FFF04CE1000-memory.dmp

Filesize
10.8MB

Download
memory/3404-2-0x000001F0E4920000-0x000001F0E4AE2000-memory.dmp

Filesize
1.8MB

Download
memory/3404-1-0x000001F0CA1D0000-0x000001F0CA1E8000-memory.dmp

Filesize
96KB

Download