discordrat | hxxps://gofile[.]io/d/GnN5D2

Analysis

max time kernel
78s
max time network
78s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-02-2025 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/GnN5D2

Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI3Mzc4Nzg5NDkwMDk4MTc5MQ.GCIJ6i.wjxa0d-PsaNQMlrGyEMeNwT_U9GL--hKQpTPt0
server_id
1291277993951498240

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Downloads MZ/PE file 1 IoCs

flow	pid	Process
15	1752	chrome.exe

Executes dropped EXE 3 IoCs

pid	Process
4200	CASHAPP2024.exe
2884	CASHAPP2024.exe
2300	CASHAPP2024.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
29	discord.com
31	discord.com
33	discord.com
35	discord.com
3	discord.com
18	discord.com
20	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\CASHAPP2024.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133831069324210539"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\CASHAPP2024.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2636	chrome.exe
2636	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeDebugPrivilege	4200	CASHAPP2024.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 3240	2636	chrome.exe	77
PID 2636 wrote to memory of 3240	2636	chrome.exe	77
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1988	2636	chrome.exe	78
PID 2636 wrote to memory of 1752	2636	chrome.exe	79
PID 2636 wrote to memory of 1752	2636	chrome.exe	79
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80
PID 2636 wrote to memory of 4712	2636	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/GnN5D2
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd754cc40,0x7ffcd754cc4c,0x7ffcd754cc58
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,16506507106548906520,15247107699555247375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1780,i,16506507106548906520,15247107699555247375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1928,i,16506507106548906520,15247107699555247375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,16506507106548906520,15247107699555247375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,16506507106548906520,15247107699555247375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,16506507106548906520,15247107699555247375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3156,i,16506507106548906520,15247107699555247375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4572,i,16506507106548906520,15247107699555247375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3388,i,16506507106548906520,15247107699555247375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5036,i,16506507106548906520,15247107699555247375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5348,i,16506507106548906520,15247107699555247375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5044
- C:\Users\Admin\Downloads\CASHAPP2024.exe
  "C:\Users\Admin\Downloads\CASHAPP2024.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4200

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2784

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1056

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:2424

C:\Users\Admin\Downloads\CASHAPP2024.exe
"C:\Users\Admin\Downloads\CASHAPP2024.exe"
1⤵
- Executes dropped EXE
PID:2884

C:\Users\Admin\Downloads\CASHAPP2024.exe
"C:\Users\Admin\Downloads\CASHAPP2024.exe"
1⤵
- Executes dropped EXE
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
752875584a0b1c271ad62e54e2139f80

SHA1
c9921836ff8e0d607877bf44efabe2ef7d652399

SHA256
5698c6089b36eb431f62bf6f2019beb28eb60603e12ca4daa4253cb9d1155a83

SHA512
315f4f7da434fcd509ec1dd040481fdfb7c90620129101a60575162dfbf1bc2c6c83fc8f19ae4460fcb855a2de2cf7870113a527a56682d76b66b1bf9d772895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
fc9acfd5f955e2f51d0d5f3fd0e588af

SHA1
400f5dceb7171ecc50082aad77170d6bda836f4d

SHA256
d4a8d4d89d80401419e810468a86c8a6967e5d0069afdf92fd4947497b5b91a4

SHA512
e8230d9884b0b7fb15efd60052f5c2f238ccb6ef532c5946702e91434d2bb4cb56fb52c9c9612a3ed706b721bd58366348e618274e2a114469d831e8ca3edc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5a6539565f7583501223a36f420ab449

SHA1
a1f3838ad85685f41cdd6613f6734cbdc577a948

SHA256
3e89264f2aa44e7e2052d90906ab6f45e3c3214d7421d0ac6714b1f372738e80

SHA512
17071775bc886a0e13e8d8b2ebe49cf2fa825c7fd162b1d0fe4889a00d08a79a6353009ab70138b7d1d7843644d665750101e2b07cde78d7c71bb07b2dc139ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
222ebc0c38cdbd412ef2e3ad0f4fb909

SHA1
a8e124e23ec43a2a5380860447be3d786f9ce31e

SHA256
8bfb2c7344e10f96ad4685baacc7f625d097e90e6a15e5b61e936ccdbc962f2a

SHA512
d457eaa18d405ebf0dffa586666fb5e33c02fa67ec4f83dafe8e7f69c9c782a389fa76b7ae9616289343ff61802ec3145559848e95ce3acc36736653031fc9bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26060ffe504eea816698cb18832a5c36

SHA1
61cde58101a9fe953625e92cb7fcfd36e4d36574

SHA256
fc09ecd2e8ebc7bc3800779594c18f086d61c5245a19c871a96ea7a66f8b3c30

SHA512
6f0da49c2f2627edd430da8d30f77da2477ca7fb8eafbd5bf8bd46fdd57af40a73e1bc8ee0e64981a9377a3b6ff42c78fc4d5c435bdbb69d675a6f1bad0c6993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9588ed3ad1a461e36d89a6ca43d52b8b

SHA1
b30410d204c801842b6c0d2c99dd26f619f28f9a

SHA256
6cde890a5f188fc52a4ca2ea02cdd8383fac48be457351f7b6edd6ee272dd43d

SHA512
5be511d7ef1502931a6794fe11f2b5d03c08c810228b57254ef22eb256e6c88725a9c2d3d79031c17c3881d064879a482a9df15a58f11304a3ec802ee6ad0272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c35f445b6d94957a25215b0033dee5b0

SHA1
3fd9cbb6a1ee2f65abc5c88dab37fd85befdc963

SHA256
d457b2949cf6430600866491e9fd498cf1a82f38b35803c1b8773efa1c6cf818

SHA512
c59eba0ff3349f5c1f1875cb3d7813586d5a2575077c6ae23b11516970e3d6f63644496b5a3ca3f68e84c310873e8cf946674aa24d1e61ccb2da77b22de2a980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0192ab70b1c4f9e16798ecce7326a94c

SHA1
9a9c51e3ce5f1acff8df9a750e74ade4c763c46c

SHA256
ac1aedb75b2b6dbd7842ffaef18c055b4ad8857447b841dd2b44ca5fc379b9d0

SHA512
18c483b73584e6b312067dbe65c0ddde2dc30ac6c98b3ce020c94a83128925ec4ae378c37c3cf5e713bec0689e6b60c1693c154d48de8d20c2c5facb7242693e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e4dc3105-4659-4072-9e88-6ebff6338a1b.tmp

Filesize
9KB

MD5
5e1b9becede1f557564245035c03324a

SHA1
2b8e83259a65b52303ebf4e8c75644e1ec83d262

SHA256
72ee79148f5a6d9a17a3745a8f611f9c40b4d67aeb27a195d41f4f5a7b561d74

SHA512
388528ba378d27f622cf9806347bb11fb20b289f01c42973edbbbb6dc2ccafcb8efb2f263a87d2122567efd6b59acb7e4efda26316e7d3f1a3a6089888951465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
5f67f3469d31a9711d37006a099f3254

SHA1
5824e98dcf4e1ce3a17d5946ee80dd9278ad3c42

SHA256
ad67d2f40cd599352996bf5df61590719da4864430ec08bb062d32b0ba49a7c0

SHA512
a80a86955c07e8616bd5c14a77b90bf14cbfebb18497b31e83467bbc79e095df0ce52e5a9e243b15f89baa31f9a8bb7466356f0429b7e8c65fc3122ca6f8ca95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
73f01fe743fc3cdd4c8d32c866f5b5f0

SHA1
f09f979b96a8bb142eb9b9561800ad97a8efb154

SHA256
b2b78affb617d37ca70438fc63f58a755a75f8fa81a966abcdd770451b93e053

SHA512
31a56b83bd6129ecb604b6de5f1185f4dd261aec5e82fa74c383459d8c40205777c8c185da8fa5fb1e8e9ec1f01be3aa1f768115cf921640cd2a650ff00ea59f

Download Submit
C:\Users\Admin\Downloads\CASHAPP2024.exe:Zone.Identifier

Filesize
165B

MD5
59754914d3f670f04e15a1f5cf510249

SHA1
cd076024a1b226f001ac0e8cb57c5f745e9a9997

SHA256
3b28ed5cc618b816b1310276cabef6710f460ea7fd25ec328ef8bc40b2c83486

SHA512
57da916a7b90441a68928deb9da0c93aa96ebf47dc2011d44cf1e4e87ce03dce813a3eef157060a5a241fa0346e9475d348a5f55b91a1120669db92ec181bc50

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 83361.crdownload

Filesize
78KB

MD5
8e4cb02aa5f9f30762bd013ee7809083

SHA1
05d55b4df5ad96278d466a756ff86a696b0663bb

SHA256
a7e5cde6a7263e4a3dc850ef2145750a29c3c80a8167572c8aa40b081cd691b2

SHA512
d186204c3abbbb393d1eb1982facead35d8ced4de5409058faead55704a32d9e97f288f0409f71dfc1c63246f1cc64707a96d5ab31a8488f34eefa0b4c613581

Download Submit
memory/4200-81-0x00000234E7B60000-0x00000234E7D22000-memory.dmp

Filesize
1.8MB

Download
memory/4200-99-0x00007FFCC2750000-0x00007FFCC3212000-memory.dmp

Filesize
10.8MB

Download
memory/4200-98-0x00007FFCC2753000-0x00007FFCC2755000-memory.dmp

Filesize
8KB

Download
memory/4200-83-0x00000234E84B0000-0x00000234E89D8000-memory.dmp

Filesize
5.2MB

Download
memory/4200-82-0x00007FFCC2750000-0x00007FFCC3212000-memory.dmp

Filesize
10.8MB

Download
memory/4200-80-0x00000234CD530000-0x00000234CD548000-memory.dmp

Filesize
96KB

Download
memory/4200-79-0x00007FFCC2753000-0x00007FFCC2755000-memory.dmp

Filesize
8KB

Download