discordrat | hxxps://github[.]com/moozecracked/mooze[.]cc-cracked/releases/tag/moozecracked

Analysis

max time kernel
115s
max time network
111s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14-01-2025 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moozecracked/mooze.cc-cracked/releases/tag/moozecracked

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyODc0OTIyNTI0NDIzMzc4OA.GTQG4n.rjIoknX3A2xtPv0eEvsFIY5bNNBPbP_4CLs0rY
server_id
1328749313618346094

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs

Web Service

T1102

flow	ioc
28	discord.com
30	discord.com
32	discord.com
61	discord.com
73	discord.com
7	discord.com
7	raw.githubusercontent.com
34	discord.com
38	raw.githubusercontent.com
59	raw.githubusercontent.com
60	discord.com
63	discord.com
62	discord.com
71	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133813528404578217"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\mooze.cc-cracked-moozecracked.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 3404	3368	chrome.exe	78
PID 3368 wrote to memory of 3404	3368	chrome.exe	78
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 424	3368	chrome.exe	79
PID 3368 wrote to memory of 2596	3368	chrome.exe	80
PID 3368 wrote to memory of 2596	3368	chrome.exe	80
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81
PID 3368 wrote to memory of 72	3368	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/moozecracked/mooze.cc-cracked/releases/tag/moozecracked
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9fe5cc40,0x7ffd9fe5cc4c,0x7ffd9fe5cc58
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,10831701672629832902,8305847100746483318,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1736,i,10831701672629832902,8305847100746483318,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2032,i,10831701672629832902,8305847100746483318,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,10831701672629832902,8305847100746483318,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,10831701672629832902,8305847100746483318,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4344,i,10831701672629832902,8305847100746483318,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,10831701672629832902,8305847100746483318,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3292

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1880

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1032

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3136

C:\Users\Admin\Downloads\mooze.cc-cracked-moozecracked\mooze.cc-cracked-moozecracked\mooze (cracked version)\mooze (cracked version)\mooze.cc.exe
"C:\Users\Admin\Downloads\mooze.cc-cracked-moozecracked\mooze.cc-cracked-moozecracked\mooze (cracked version)\mooze (cracked version)\mooze.cc.exe"
1⤵
PID:4000

C:\Users\Admin\Downloads\mooze.cc-cracked-moozecracked\mooze.cc-cracked-moozecracked\mooze (cracked version)\mooze (cracked version)\mooze.cc.exe
"C:\Users\Admin\Downloads\mooze.cc-cracked-moozecracked\mooze.cc-cracked-moozecracked\mooze (cracked version)\mooze (cracked version)\mooze.cc.exe"
1⤵
PID:484

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4280

C:\Users\Admin\Downloads\mooze.cc-cracked-moozecracked\mooze.cc-cracked-moozecracked\mooze (cracked version)\mooze (cracked version)\mooze.cc.exe
"C:\Users\Admin\Downloads\mooze.cc-cracked-moozecracked\mooze.cc-cracked-moozecracked\mooze (cracked version)\mooze (cracked version)\mooze.cc.exe"
1⤵
PID:984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
00daee81f1102460d868befcd17a6240

SHA1
dfe550516de8ffa196ec696b2636e7e7c48ed9fa

SHA256
71a4df8bfe5a6dd44e674367ea386af07a5f88332d758e32604cf704a888b086

SHA512
fcc777678f0a262982143807cd5e973ae1907cc60d50bf83f0d8d707c133ab65340f1d77e3a9f69d2879b7b99f8055b2b25ab1302354847112ecb5e879396e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f2ff2d7541aa2b88cd7bc758d46fa888

SHA1
5405ef28c6d900191eca2070858242e0f4a22e08

SHA256
6371b324ce9c17b761b46a3a52021b96872ddcf43e3f58ee2f0521114d3db2ce

SHA512
a9fddade1b0e45896cc559f1235ed6a8b1df4bc544b5e04b4d4a3d6e936a1ab7a559584ca2f5bf2f26bbb24f897524c3e713d8d9547312b7b84dca81726c5f94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8abd7bb7cb2ff2befe5498e1e728bf20

SHA1
32ab278e22d94ad3e5b31f41221b75f05a26c866

SHA256
f6a4d21bc2d7f1001a3d81e2389dbf99ba65868c5091aabc4a7a313fd05e0b25

SHA512
3489ebb872cffc3610930a5d77981ad72cdf2953dc6f719cc781203b129ecae3b68ccb23d86ce9d32721f9864381f6f9e92c6181b07b285d33e9913ee0fd7e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1b79ed6c9549cef6eafb30fb93d39d32

SHA1
cb1786262d1da29f670b12c5e4e2f9f2c3e4744e

SHA256
443bc1047f75952456ecc84c9b6ebf5e58463f228bb050b231e7ca01574d3054

SHA512
56de0db6f8f76457c7b4486c6679b9eee7e0a6e82d0d088d65707da7fbd85f5e521779e4fbd6f2a718388cd3c1cf1cfcf8a95c9869e6661c3cd4c08983d87faf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
33595306a5abaabb941825fcb8d5c711

SHA1
828ae1dc25b822c0642f1bbf7f82b23808c52c4c

SHA256
ac880996a65add269bf9034e11e9131d4a199cf4b1c1017eafbf150df84aff32

SHA512
90f41c169b221605e7659d2106fa84113e1d705c804f92a374361996f3582b628dad10996bee0f8e984c50d2b6e5511730bee2abf447b070491449b3d1801804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
06d322ef6bdfae0768d515aef7a8f27a

SHA1
3028895e9a0d4fd7bf6e882c4c258cc4d456c7a5

SHA256
0ca5e17faab26908c9e58eab8e4c947aed398313229d52e27fb67625c8f15e74

SHA512
e549dfe4e439e9e89c7fdbf2eb4036bad93c6c9dc039a50f2f38324a9a5a9e83585b26d330751020044982175ba8f818aef742eb96c9b3130f9685cf75d98556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9000d85f317858e33fe97490e10babd8

SHA1
ed81131ed17c2273cbe46714f3c507bb2b6c9443

SHA256
dcf0fbd0e80f15b57393c7be4d9ac4f9b483209e0da7ec8d453196e9f123c228

SHA512
f6814bc0552b70127c819978e4b2c266901f4d2eb217f5964c1fb2a3dbceac63be55f5432f236fadfa65e189bf891c13ffb78ef8dbf502723bbd3580b53c3452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d0b46abec03471cf2b7b012c70217d64

SHA1
d11cf30607a27af68b199dffafe7b4ebf0f6aaab

SHA256
efebc8f9d32c6ca6536fbe7b6c469fb250c97526eab2184eb6f2492da98ab477

SHA512
b05668ff4b697eff4965082cd76c05a19376670b571510c59ac2a8b09df427c3e23da0a2a41e459ceb6ed5c7cf5e053d4b95f7ef71627dddb37fd56a8b82fee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
146b7c87ad4bffe55cec7e790e429612

SHA1
761598cb3d0e5e7d81c95060e979f47ee40bbd66

SHA256
a6e902e07959fe5349253e0feb0b115f0efac43bccd123e733db6f8b70449df8

SHA512
9da8841295c865047ca2ecc91091385dd49c233a7c127ab8e02436075befde54534cfa381246bf80e65f1a64427e15db51719def0756f521af2fa95ba90feb9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
164ef647fae8fb909949c01fcd7dc134

SHA1
040f23cc1aa6a55bbd9e8f6c3bad84eb0cd8b141

SHA256
40b2386e8ef3529d48a1a3ab1c34a53c8057462c646c245d60c5ebdec1a5133c

SHA512
a78b04d3745a5f91bc75106d4f2d00694ed7d32396f96c3a276e3ec9450d64e54d77281ef3d94a2125779c6c5f524252e5ade962910c8cbf4de7d8372f82eb79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f30344e4d7105e1b0f7ff85e82f3f6b3

SHA1
18fb46fc37c34c59d0d135997f63e5bf9ab710be

SHA256
2ef130a97eca2145e23fd1d635fd74655baefb9a820b978fa432011735c091c9

SHA512
75d1ec038dafba7200b5f382454c70010a6879b5493569470158d73a71f6b5f3616807a0118d8916e96c852b0f94696f9e3e471fe891f1298b2f195e8bb58ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74b5c5d636176cf5a749fc5e4593d68b

SHA1
59d283c60e32486b87ce268d5f2dbbc13c261363

SHA256
a241d26b43ccc03f2a3ed95e9751c299c2b612804005fe3f6e6ca14d75c459ea

SHA512
f83fd240106a8aa9ad7712955fb0cf4c67569b9fc1a83e20d5c08dd905891fac139a9f11891ae441ee2f02896a1ea165063ac32bb096e0974cc5203ad87cd14d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
52b42173a520fdc6aa40122ab76dffd4

SHA1
8fe1bc07dbead4f4a59d39d12c449fa489a1c9ff

SHA256
0ad86a11105b3d7cf10b3775ca235129d0b8d3bd5ac2086db2386745ec14aa31

SHA512
1d1a8ef58d521f72e1d7f5bf0517f97a83d3ddba82486756c004335095e4c206dc5d8b8f73ba15bea6e7d0ea77078b6f2229acdce345f159ff88f4b0ee2aad84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
48f270ae696442d8d76b9e9545c891ab

SHA1
df0b667b42b56701b53806ba7516625f01a4427f

SHA256
c5c17fb7cb7cf7d6a2e54a77f87cba1117d4642a59b690f1928509e06dd99a9d

SHA512
bcbe2a6a4b7b72d0e775e9453ecf4197cd6e75ea57e2c897a7de2377371fbb681c4e492c1b54d845c99828bfcf05e5f40ea56b8cef8629e990870c20cab7fbc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
69daebfcf1e74ede534513f13869c9f1

SHA1
5a7b80b80faf9c9924268a7e5dcf5defe9c6d5b6

SHA256
6be3372ff2d0bcd41ccaa842dc20e504745c17bf01807ce8945eea283b628bd6

SHA512
a0dd484f4e66e1dcb0b7bbef07379088d110b4439da96cfbb02016c06e5924177b26712156265c6241277bb4abb4f412ba22871f37054d7753f9b6e41cc64f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66c0d19803136311fa21d015198b6a7a

SHA1
85b9b0c9e1b147e049a2bd56b47be43db9d7e227

SHA256
c3be2627524ccdc8ebd98f3e97a97bad255e15f895bf2d40922a9ecf53011e68

SHA512
cbe9cc138182cc8271bbeaa7756882f1b4d4b04fd17868e5a3d1a2ec324b833b62b9312c3f7cb334c0938e8b12cda69b757e4248ac7463a6b300390716aaa426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f67b204c3e020ebc49239856e8fcc4b4

SHA1
f49226e1d44be51b5bd99c918bc8372c3385245e

SHA256
e04f18918609102a5511ee183cb0c2d80b4c69feaf90f2e8d784751915888808

SHA512
f6cdf16dde2d5ce0f981d574d02c7fe63dfd6acf354993e3f2daa2c70a8ec6bc9917d2d98161421b4c34e0161a9e4e103b0cb01d731df3d672f21f410dc0ff78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
d937bf41dd0e379ccee0b584408e6076

SHA1
522dbc5adc1239250a41cbb2124173f7e6c2f33b

SHA256
a75ae38376da4f9b93c3cfd3af3ac201306f893a0c94990949914d63124a684c

SHA512
67d5fde3039e9e8e27182428969c839f4bf65b8a4c70a477804689d9024185ec60b5dac3986436e85c95310d3f6542d029be4a5f374435252f31467c551f35fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
6f5b3d58537acebc58ee916d52193ab1

SHA1
6d35369e196e4231e76abd9593e97f50cea2c0ba

SHA256
64cbd55cb4f1c5b61ec0dc84da83414039e614a484e08b00ec170427d8bbc33c

SHA512
34ccf8dd5c4105f588699b25f88243ca3416509a9c45e793f1ddccb762e747df80ca37f830a84b4fc509ebefb690c88c03060cc7c0ea5ea08167cf91960b3159

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\aefac0c4-ba33-4dc0-9d41-029ffb27eaf4.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\Downloads\mooze.cc-cracked-moozecracked.zip.crdownload

Filesize
28KB

MD5
053adee23c350cff6c68a030b7f98c6c

SHA1
d5c01941f955fe8e2cfdcb6af7a56ec2b86400ed

SHA256
1f35f845abf6fc7a7f3cf6dfcc6f6ebba9702446a91b546908164cdb94b595c7

SHA512
fa7f862533d450400c14274c47c1630a3fb4176b800815c75ffb24950242a514a53d50cdb69551241151e952c0082d8be975b4e021fbea457819941af9c3bf99

Download Submit
C:\Users\Admin\Downloads\mooze.cc-cracked-moozecracked.zip:Zone.Identifier

Filesize
114B

MD5
2cd9173c76f3f66745a0b8bc9b9e8a76

SHA1
60d9eda6aabaa7c424ae40d3debe6a10fc99efdc

SHA256
580ae50a6e26aba41be9593fb4ec87279afc79fa39612a3a471427c676564bd9

SHA512
d417a9a39eefda4b2d58f4c20fc44c7f2b7134e87966104e6074ba3edb16ca29465b440bae9f053dd7e23732367304172f9a3e7b1cc6f7007cbd552874bbe785

Download Submit
memory/484-253-0x000002D2427A0000-0x000002D242A6A000-memory.dmp

Filesize
2.8MB

Download
memory/4000-216-0x00007FFD89D00000-0x00007FFD8A7C2000-memory.dmp

Filesize
10.8MB

Download
memory/4000-209-0x00007FFD89D03000-0x00007FFD89D05000-memory.dmp

Filesize
8KB

Download
memory/4000-215-0x00007FFD89D03000-0x00007FFD89D05000-memory.dmp

Filesize
8KB

Download
memory/4000-213-0x000001FB7E420000-0x000001FB7E948000-memory.dmp

Filesize
5.2MB

Download
memory/4000-212-0x00007FFD89D00000-0x00007FFD8A7C2000-memory.dmp

Filesize
10.8MB

Download
memory/4000-210-0x000001FB7B480000-0x000001FB7B498000-memory.dmp

Filesize
96KB

Download
memory/4000-211-0x000001FB7DBD0000-0x000001FB7DD92000-memory.dmp

Filesize
1.8MB

Download