hxxps://cdn[.]discordapp[.]com/attachments/1023358212193394740/1168352986246959134/Alfoxerizidonine[.]exe?ex=65517482&is=653eff82&hm=7bc1e8fe88c81d83337f486fdd3826b4061d73c683e686da3ce269d5b0fcc98a&

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2023, 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1023358212193394740/1168352986246959134/Alfoxerizidonine.exe?ex=65517482&is=653eff82&hm=7bc1e8fe88c81d83337f486fdd3826b4061d73c683e686da3ce269d5b0fcc98a&

Score

8^/10

evasion

Malware Config

Signatures

Blocks application from running via registry modification 1 IoCs

Adds application to list of disallowed applications.

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun = "0"	Alfoxerizidonine.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3600	Alfoxerizidonine.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133431011140144215"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\AllUsers\{56041F0A-F958-4487-9DC7-AFDB957D8715}	svchost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe
3600	Alfoxerizidonine.exe
3600	Alfoxerizidonine.exe
3228	chrome.exe
3228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeDebugPrivilege	3600	Alfoxerizidonine.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 3120	3480	chrome.exe	80
PID 3480 wrote to memory of 3120	3480	chrome.exe	80
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4520	3480	chrome.exe	88
PID 3480 wrote to memory of 4616	3480	chrome.exe	90
PID 3480 wrote to memory of 4616	3480	chrome.exe	90
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89
PID 3480 wrote to memory of 1400	3480	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1023358212193394740/1168352986246959134/Alfoxerizidonine.exe?ex=65517482&is=653eff82&hm=7bc1e8fe88c81d83337f486fdd3826b4061d73c683e686da3ce269d5b0fcc98a&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd299c9758,0x7ffd299c9768,0x7ffd299c9778
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=364 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:2
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2764 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2756 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5236 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5256 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4884 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Users\Admin\Downloads\Alfoxerizidonine.exe
  "C:\Users\Admin\Downloads\Alfoxerizidonine.exe"
  2⤵
  - Blocks application from running via registry modification
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5244 --field-trial-handle=1824,i,12640886313375045563,1034891496508899974,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4760

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
1⤵
- Modifies registry class
PID:3460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a6f0c304456044d92a86155c345300a4

SHA1
c94f3787d628c5aea7a98fc0c746dc6e98e8e7af

SHA256
a1cd1bdece74981d4ae423b49dcd56796e7dbf11fa18f38ff50897184e5cd351

SHA512
f9a67b34992cd32704542bfaa89f20870b174539f2e8bdc5e2c231d8d65717b05d097c8942a006f57578a66b11a8b7652f0d6487f5e060bde276074abf2288c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6abe01cac942b56ae53a2aa2c2b4511f

SHA1
169a5393db0f1da5d777be304c3d47b47bba75a0

SHA256
116c5781ee088ddd0295ecc207729d3c1091804de7779febdf153adc1722afc0

SHA512
d4c5f79f8af07d2b0112e7142f5c41f83a3b1ee539b26b95e5c5c6a62da5135548a9ed27c3859ac22eaaaabc3d6ba7718c936c4ad2310c7b8c5e312b9ef70c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aea56c3093725466dbd73d5376a2b474

SHA1
bed0ce08098d611a1976727a0795c72453da8b9a

SHA256
1fa1028b89f653b34baf95d18a2831d05aa0950b0bcafff1b34984e0ee88af8b

SHA512
6cc3a2579abbc50cb51ffd3d1997316c3fef014a2228e1c26c9ccf3e6a8d62f447c1b9b5726d54ec9aa2bc57de2d302eb4004d5fca3587970a7b89139fea95d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
cb9ba3abbc881b58c33ef719ecc1ef9d

SHA1
1f88e8587f762c947b138fe3375c1321a4626d3f

SHA256
021ccaf608d7b3fd916017a264617775f5e861b2bcbced7fee636baf462016c4

SHA512
c5970eeb8a5edc231952d4ec78b8d99423128ef792b315e05d5fa69cf44c577336b5f1f2dc36b3cb100dde588ff523d9f912ea8423b4179f454e5ec0b9825ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Alfoxerizidonine.exe

Filesize
179KB

MD5
f36cee2e0656a446eda92b255c65fefe

SHA1
13da03ca7f4fc966c2d6269b799a12849f479a4f

SHA256
b205f93640ec2ad3012d5f71d5189f72a9b7cafac774e85bb3d1a53b7c6b289e

SHA512
c0fa2339430ee3bca1756fb4813d3eed2e56166335fadec2fbf39524efb23c5ab89941a271eaf439e392e77f8f744091b85e1ff9084c2210c279608c909222ab

Download Submit
C:\Users\Admin\Downloads\Alfoxerizidonine.exe

Filesize
179KB

MD5
f36cee2e0656a446eda92b255c65fefe

SHA1
13da03ca7f4fc966c2d6269b799a12849f479a4f

SHA256
b205f93640ec2ad3012d5f71d5189f72a9b7cafac774e85bb3d1a53b7c6b289e

SHA512
c0fa2339430ee3bca1756fb4813d3eed2e56166335fadec2fbf39524efb23c5ab89941a271eaf439e392e77f8f744091b85e1ff9084c2210c279608c909222ab

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 941624.crdownload

Filesize
179KB

MD5
f36cee2e0656a446eda92b255c65fefe

SHA1
13da03ca7f4fc966c2d6269b799a12849f479a4f

SHA256
b205f93640ec2ad3012d5f71d5189f72a9b7cafac774e85bb3d1a53b7c6b289e

SHA512
c0fa2339430ee3bca1756fb4813d3eed2e56166335fadec2fbf39524efb23c5ab89941a271eaf439e392e77f8f744091b85e1ff9084c2210c279608c909222ab

Download Submit
memory/3600-49-0x0000000005770000-0x0000000005802000-memory.dmp

Filesize
584KB

Download
memory/3600-48-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/3600-47-0x0000000000D80000-0x0000000000DB2000-memory.dmp

Filesize
200KB

Download
memory/3600-60-0x0000000005DC0000-0x0000000006364000-memory.dmp

Filesize
5.6MB

Download
memory/3600-61-0x0000000005750000-0x0000000005760000-memory.dmp

Filesize
64KB

Download
memory/3600-66-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/3600-67-0x0000000005750000-0x0000000005760000-memory.dmp

Filesize
64KB

Download