hxxps://www[.]gameloop[.]com/mx/game/entertainment/com[.]NeighborModsForMCPE[.]JennyMod

Analysis

max time kernel
903s
max time network
1590s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
24/05/2023, 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.gameloop.com/mx/game/entertainment/com.NeighborModsForMCPE.JennyMod

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3540	GLP_installer_900223150_market.exe

Loads dropped DLL 1 IoCs

pid	Process
3540	GLP_installer_900223150_market.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	GLP_installer_900223150_market.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133293801350149292"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
3540	GLP_installer_900223150_market.exe
3540	GLP_installer_900223150_market.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe
Token: SeShutdownPrivilege	4220	chrome.exe
Token: SeCreatePagefilePrivilege	4220	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe
4220	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3540	GLP_installer_900223150_market.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 4228	4220	chrome.exe	67
PID 4220 wrote to memory of 4228	4220	chrome.exe	67
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 4276	4220	chrome.exe	70
PID 4220 wrote to memory of 2112	4220	chrome.exe	69
PID 4220 wrote to memory of 2112	4220	chrome.exe	69
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71
PID 4220 wrote to memory of 4776	4220	chrome.exe	71

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.gameloop.com/mx/game/entertainment/com.NeighborModsForMCPE.JennyMod
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe95be9758,0x7ffe95be9768,0x7ffe95be9778
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:2
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5232 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:8
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5516 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:8
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5332 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=928 --field-trial-handle=1748,i,5425388400884300616,5777739803756056058,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe
  "C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1532

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
9259691781d789967b431e02e086119d

SHA1
0f0efb8c095fe9eaa4e35b6033fe8ad8e5c63b1b

SHA256
b06b9ff68602c1079a2f7d93ab4bc07eea1a1b06fd2438cbd1c7e286a05eb192

SHA512
bcdd96a155f9fbc0d6393552a15400c7ec76d77479aa6a71f4f307b4ae1debccb58cf9df04f9ebda5c08de4e0485c8a56b8db02ac179082da3387dbd759f4f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
b944c4e40204c60fac728feccea409ac

SHA1
b89621071fcd8671037a39ad2521d4544302c45b

SHA256
4c19899c6dac5f1e195bfebafa5d9b7af2daab3ebc04a1c32e20806c88500475

SHA512
53adbec22ef6b392c9b34feb825cb3e81da316161243c7f986a7a967d43227697c17f937da035074cdaa217eb9676d5ab7c6db4b0fd0837a60b91c856cd8bea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6819d85ea236d44b06a12c5b423303d2

SHA1
46439daa610fffa9db22ba48bb5c0dce76bbfc9c

SHA256
ec4fe96d0ffa428bcc0d537c6971f0d624a4ddeaeb59658b2c0916f3889aa98d

SHA512
d1ba68c7cd08ea464da3c3848167d57d4551a73a83e12a41376087bec7392d044298d7c5ebe4c85fb5dc133405c47d64ccb65a611ff7cd531bf5f8584e5701d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5ec41bca77b2a23652f5a6683a602ec2

SHA1
2644e09dea23392b7d4330edb2a498b2055b16ab

SHA256
94f86599c53575045d99cc49f8c4c9dfee667e29736a233046572004d07ab5d4

SHA512
37b5dd030f92a62bab8bb2d0a3d99703c28ab42e1951cf4f29cc8f14914fcc6d252cacfa71317dca518a7a27c680c30804e83adf528269a8225d4d1612caef4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9caff32515ca19129e77d471fab3e0f

SHA1
f5edecd661450a28fdcd3d429bdb86a9abbf15b7

SHA256
b7679881e37896206fac42d43f2f4b35576e92974f18dbe9a7275b599fb2637d

SHA512
5a4957259026c9229382e1b765ba5f6d73fdeb1b2d8c5fec16201d87e55ed15e2460d454904e78d4125ad0e861cc80cadfd013a7bbb81379d431fd873720141d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2cdb6990b7d198b4d3640648f6fbc774

SHA1
b17c3db1a257939438d51936b00b54b5e7a2219a

SHA256
8242d26fe0d153f3956787bac57bb73d3a3cad7c2e0a19b5fcfc9277ae908bc8

SHA512
2e1e5752207a46df2456880f03e6f9607f4936187f2100416b1a0095316d033ec3b7aea18a392b777d9908f6593eeb242a7111323517a826b3f649cd05651515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0d8cbd9639674d9fe0f9c60951613805

SHA1
24f1e4f20b717be0dccc90b511763c4a7ed4f8c8

SHA256
8a25aac388926c5fe6d79c73340ba3a7e645aadf093b9cffc1634226def19b82

SHA512
7af986291e2123532203f273def68df62af054d4bcf1aa20acb2f9bce1b76f3b6f086a072456da442e744e4ccdc09b43ee0990ca3978869f707064a617247353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2cd3e5c2f0299cf87649f9e83ab97a72

SHA1
a397b1209e08798faa1d458ea0c111cba07a1db9

SHA256
7a14cebdf59e587b97c600c93d03731859377093073a039b20ac32df8dfaf048

SHA512
cc95595c72fbc0820d37b69666df52f0b7ea08865c2da406f1d147a570678cd0389188171ab85f1c6fd3075e60d8b246f8a6b6fcb779cee2a2148a704945f4d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d0d9394f12094c3143417c0f7019997a

SHA1
a5642f75515b319eeb0f49cd3b90913ef8f9d722

SHA256
7f1b8eb596e051ede0d0d0a148f7a45606b685d5f27cc55a43f71616df42190c

SHA512
7e78628970c5998f667e124cfac2a2664cc2a4983bd46790b47e16c006a83d6d50806010ca48c9f8e2dbc32fd5e60c3828caa8139bb1f78f51bede37a6c65f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a3121a6a16c952a4eb9f1b3cd4976d76

SHA1
7979025969903fedf97f7fccde6da60e86509ad1

SHA256
63fc91756717df2d54e6a2ae06accfc7676054f897ccfa7769c4be74963d5fcf

SHA512
47c91d19a08107fca5ec30ed8e257d845134a3f31d67d90acaf7efae84d4589c1057024d17062ce18a6c7bc2c45290449b053ed7488aca2b764dca1ec4ebf2a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
ecfa1dfc719f1af20910e68eb3486e2e

SHA1
854c1b0768f8fd7f497936ce17d6e2122b879c5d

SHA256
1b0fea0d5e8aecba5b12695877d0edadf09b2b7791ed36e15e4d051f7f4e6ec1

SHA512
c92580c47f3322abcc8ebdb08564df6987f03fdb2d3fd3b0f4e4a6e4c6db5a1cbfe81376ce29fd5226cc664b71d6f893dcdfd3f074f265173045920efbe0618f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
daa9f2dd01033f67a1830d1b195511c7

SHA1
d5afbc1f5905c06131990c778542e9a34f1f0710

SHA256
93f3ebcd2c8c59745308867daf24d4b9ee6829957a4ca2deb6cb76245ed64238

SHA512
eb346914343be9e656ec0c634cffec30a81b0248f23dd76d560b94bd0400d83c3425e7c52079a240dd909eda9bdc16f5b2dd7d5700636743540a3a6758f33785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
5c6cd4567bf24edab7afcccf3b726dde

SHA1
ef48630a093c304dd0856decc9069aad44a9f4fc

SHA256
8914acc50ae181758068fee6bf4312b953429ffd016f61c6e5772aed04a81b71

SHA512
1d190c40cd5c33e2662a1486582294d98d9172c2620431a1dcebf0a2ceb20cb0474983e4f4c9492c81c907c9995a0cbc021a1b07822edaa2cefd7bf4a6e77ca5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
cf06fdbe49da3125db30f21bb21f98f7

SHA1
df44e17ae0882b9a9ad02fac1a773a8ae0ef6b0b

SHA256
5f6e31d145fea3e85188c368913699cb7c9cc1cd71dee996a19414b9d5851f8d

SHA512
1a0c3c3af140869240382c43588e6d856a33a7aab637cd0462423f95e7776e838e9909e92e04887c98570549402d7cf00a0c1a4ae21ed16db4f0b6e9a28b7ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe573b53.TMP

Filesize
100KB

MD5
c2de61669a272d23c3e66adc98a1b71e

SHA1
27e5865cc02cb47e83be8db23db83643e0bece59

SHA256
5c806f13b3dda0787d295f3c7fde898ba3b1d82a32ac91958cf3661c9befa8f5

SHA512
d07dbd9a5bfc8c9364ebb1d1d4b21953686d1fb3d0ffcc8150c5d89ab4b8aac3ac268536a08f070127cd79d5be83bb05eaa944cdecce4c7ee248a60edadc4384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe

Filesize
3.6MB

MD5
0ac1fd602f5ec2d2231fe311777791e8

SHA1
52ca6ccd121faf4f3aad9e7760ee1a519b323d83

SHA256
bb68113cfaba1def162b8a0df4b1d41b83ea34ce4fd5b23e0a0b75b259b62bfc

SHA512
10fb445ccf904c20b1b3736d02f53bc43a3b9161465c6915c89a06e978be9e988342f40d4c895acbfdabf236fbdbaa87c8470577626cbc2ba1838dba48e57623

Download Submit
C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe

Filesize
3.6MB

MD5
0ac1fd602f5ec2d2231fe311777791e8

SHA1
52ca6ccd121faf4f3aad9e7760ee1a519b323d83

SHA256
bb68113cfaba1def162b8a0df4b1d41b83ea34ce4fd5b23e0a0b75b259b62bfc

SHA512
10fb445ccf904c20b1b3736d02f53bc43a3b9161465c6915c89a06e978be9e988342f40d4c895acbfdabf236fbdbaa87c8470577626cbc2ba1838dba48e57623

Download Submit
C:\Users\Admin\Downloads\GLP_installer_900223150_market.exe

Filesize
3.6MB

MD5
0ac1fd602f5ec2d2231fe311777791e8

SHA1
52ca6ccd121faf4f3aad9e7760ee1a519b323d83

SHA256
bb68113cfaba1def162b8a0df4b1d41b83ea34ce4fd5b23e0a0b75b259b62bfc

SHA512
10fb445ccf904c20b1b3736d02f53bc43a3b9161465c6915c89a06e978be9e988342f40d4c895acbfdabf236fbdbaa87c8470577626cbc2ba1838dba48e57623

Download Submit
\Users\Admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dll

Filesize
74KB

MD5
2814acbd607ba47bdbcdf6ac3076ee95

SHA1
50ab892071bed2bb2365ca1d4bf5594e71c6b13b

SHA256
5904a7e4d97eeac939662c3638a0e145f64ff3dd0198f895c4bf0337595c6a67

SHA512
34c73014ffc8d38d6dd29f4f84c8f4f9ea971bc131f665f65b277f453504d5efc2d483a792cdea610c5e0544bf3997b132dcdbe37224912c5234c15cdb89d498

Download Submit