shurk | hxxps://github[.]com/AstralProgram2023/Valorant/releases/download/Valorant/Install[.]zip

Analysis

max time kernel
108s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2023 21:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/AstralProgram2023/Valorant/releases/download/Valorant/Install.zip

Score

10^/10

shurk infostealer spyware

Malware Config

Signatures

Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
infostealer shurk

Shurk Stealer payload 1 IoCs

resource	yara_rule
behavioral1/memory/5752-294-0x000000007EAF0000-0x000000007F2DA000-memory.dmp	shurk_stealer

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
279	checkip.amazonaws.com

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
5980	WMIC.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

GoLang User-Agent 2 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	280	Go-http-client/1.1
HTTP User-Agent header	283	Go-http-client/1.1

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133464578267169922"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 5036	4372	chrome.exe	51
PID 4372 wrote to memory of 5036	4372	chrome.exe	51
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 1100	4372	chrome.exe	89
PID 4372 wrote to memory of 4720	4372	chrome.exe	90
PID 4372 wrote to memory of 4720	4372	chrome.exe	90
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91
PID 4372 wrote to memory of 5092	4372	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/AstralProgram2023/Valorant/releases/download/Valorant/Install.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ff9213c9758,0x7ff9213c9768,0x7ff9213c9778
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:2
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3748 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5624 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5460 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3876 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5956 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5480 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6124 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1720 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3820 --field-trial-handle=1888,i,5268670350801506879,1332829938505707164,131072 /prefetch:8
  2⤵
  PID:5732

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4576

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5356

C:\Users\Admin\Desktop\Install.exe
"C:\Users\Admin\Desktop\Install.exe"
1⤵
PID:5752
- C:\Windows\SysWOW64\cmd.exe
  cmd /C "wmic path win32_VideoController get name"
  2⤵
  PID:5972
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic path win32_VideoController get name
    3⤵
    - Detects videocard installed
    PID:5980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
29accad7138fcc4c1500112f2eca95f7

SHA1
a0455210c86f5dc08cd74c914a17c0094764789f

SHA256
c52a7a556475472d9baec0def1fa906f14fd12dd06a33d00946370d7b3741129

SHA512
c9f639c561a85d4cc2b9b6aae13a4415341c9a02d1302aa6a5243cea6a1de7e4ef0a164a1fdd033f69d0af3530411b4b08843a2aa77171d11016579681d9d3d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
17704d9c9ffed293fa09ea1ee7b65fef

SHA1
65279e059dfc5abccb8d343d70687969ae043bf4

SHA256
62a64ebc099bc3377cc26d24cc90a1282c69af882eb76366751f3aa33ab08307

SHA512
9113cd70ebe86c9abc05f27bd82e8444453dcae17aa13ac186a584e9f8a3abe3b1e539b707d1d99f8976dd5b5fae317a14124c6bdecbd5f476f74840799945ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
21ba904102aeb65db5af262619ea1572

SHA1
46f59d9380d39012abc5eea3727ff6f2e333bd7b

SHA256
8e75dd52f99a3110c3a76b342a52f59753d8a1c17faad2ca8b0ea2949a56f88d

SHA512
77e4437ca0cdfd9a93c1adbe103bcdc9fccd7716d3d64d9c9af8b010be430226228a2c6308e2a4c101d5a0d6c86f03f2abd4bfa2406b46b11ad914504c601957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
39b6ccfaac765a56b3c3762f3d6b2390

SHA1
411af5ce04c16e316daa5c292a2d7482b9002772

SHA256
1dcae62f02edd7b251dfe25ba661effff70b21e31408c25d4707be94760f7102

SHA512
12c06ad9cfce697f5b881989f68ce503bac5e58a5e540a7532b480c4f3e48ed117b368686cf45b59ef96672f58e4ffad71643d255f46c43730dba1f0335f6a90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
534B

MD5
7f43164725673dbaa0a1c5eda8142bf9

SHA1
fd42b92b67b5cf7ab5aee86ddf9f369d07adf0bf

SHA256
d6e37cfa351cd6d959894cb8d64e6620eb02b6399ce245f90dd8db7164e843e2

SHA512
e6c00fa1d2bd93843154e8e3b039b8935250c4d3a061a986ff5494b874c5a2c187cba6949fdf9734f49587eb965ac4efab0ab71ef2b90ce4c85e5951e8dfc217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
00f126e74899d6bd76b2440ccb4fc85a

SHA1
2f5ddf1455ae3a55d6d1093e273c53112cbeac45

SHA256
aaf8aa290096a53f0bc3413d9ca6674daa1d33fd1da8a34810b8504f1e45696f

SHA512
d2f678cb93c43d70a44d83f7fd648948c0856eb83536a83964c280a454a9517f667873a8038d5fa8a337a6abf3c0bf0d83d8333f15a7c8e0118d4875d0c221a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cd4d099590959c8f6ad9b0ee65dcf6e6

SHA1
36f56bcf7029186fc5c02419b0cf721f6cf9da79

SHA256
a98856732f6c1871450e384a38820e8748fa897f40995819028ed36de6c3f3c4

SHA512
3067e4784d107285a7ad619a3148a9f3af0dddc89a82e7aca3fcf04b04e2c92722d2526097021338cf9305e5dc3537f6eef9602585af6a48f59a134c41ef7862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7c91f08995a5e7794f8c6567c8ca3fbc

SHA1
aa4fe7b3bb1b3906e61b1edbca12adf0e58d66a5

SHA256
a5ef5dd67e2584a476f19e3588c4abbd63644c4bd9744fbfec7ea20e8afa698f

SHA512
c67ea46a97f9ac42bb2244ec681057ab7b1a62ae214b68334bc7a60abd177dc1ee514cce6fc28c7e2ecbac2e13fb2d4cd4cab91873e07851b7c5f34554e9299d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
51c24aa19f7e101135c31fae923aae62

SHA1
5c4f01cd7afb98b19170b3169922c4a46941a657

SHA256
068bf05de74a158ea201d6f037bd86871bb4d66c46d3b7e4ca4683e721d340a2

SHA512
7fa19cfcdfe4d444f3333a82b4c7988a43b701c6da2b7d9e00da6626092f3605a6c637d44686847415444e59125433a1a68dce90948b95e4fb69d4fcdfb10a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b88de453fafc3111a806bb05bdf941ab

SHA1
10516dd273cf0ac7b66dad9add3f13e9a12e0e49

SHA256
f01854bdf039c60432efb20c8e1c212cc84ef346734ff1858f743d11ee794fc9

SHA512
dd6f110c0a3ea25d518d59cff2f28bb1ef31daed90c9a7dc6930223562c2d89db05c6531bbc70d9737669dd065fbe7668ae28a885adab912f8dfe2b98c82d8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5856e5.TMP

Filesize
48B

MD5
3d30d20db31882880626ed458192bf52

SHA1
4558b7f476c3f253e1ea2d09027a988837e277df

SHA256
a2a361b814007657aafc08583f7b78ab4a2fa79feb75d462d3850bf401ee0a1a

SHA512
d63976d401e5c43cc7eb21848d1ea61b9113aa472f23369de45c3a1d171f7b3f9cfa821d7366dbe1fb3d1ea6458ec3311f8a102818f312342ac2429276c98eae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
2e96806ecbb7ebac02f238ae6941c251

SHA1
18b21ffbfa47d068fc80bb28a5aa524270cc1f1b

SHA256
57ad6765e89b664ef2918746536e2167ded97864da9a7b17cb575ac13c256679

SHA512
97f4f1665d8d3e4325383e1458690d76e72b6ceacd44b85ccdc45f1854099dce00b8433fac6d311e4e7bd82a0dc926314047b44aa2f8c8de360bf253d46e46f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
db47d1ca05a40f84d0d355a80815a03a

SHA1
86fe1512a1fce43596d1df3266afe8339778317c

SHA256
a1a91168995fee8dc90ea141ea13da54d67c3525867da36f1c293ee7589eefe4

SHA512
81ae549ed50db56c2c05b1e017f46f984802b6a385bd84effdc3bc9d803a4cedb9063f10312b7bace940a28791239f1e472862ef6e559757861b7c436f213ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
ae20118ca9ea8d0afb33460f71de779d

SHA1
9762bb18143eb44abe085f19b6a8dd11f75802c6

SHA256
ac7347e4dc257e95710fdccc237bf0c115761823418dd20bed30029a9bd385c2

SHA512
fc76b550bf48c21a78655b8ff5a3962720f37ff7b96c9f70510bd4f307b8544219fca3fd2c308de7cc45b7e269669a42d3bfb7ec0f8645ac32938d3497d9d793

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
ae20118ca9ea8d0afb33460f71de779d

SHA1
9762bb18143eb44abe085f19b6a8dd11f75802c6

SHA256
ac7347e4dc257e95710fdccc237bf0c115761823418dd20bed30029a9bd385c2

SHA512
fc76b550bf48c21a78655b8ff5a3962720f37ff7b96c9f70510bd4f307b8544219fca3fd2c308de7cc45b7e269669a42d3bfb7ec0f8645ac32938d3497d9d793

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
5979e2a763968c5d18a707654bb31b05

SHA1
51ca37c0ed6f5c0dd263a71b57a31bc3aa056308

SHA256
54c8de28cc9754e5e2577d732f1bbce38518fee365e5079fe9d8dcccbbbb52fb

SHA512
98fff85cf23ec069535dc849c544d9d6661a22d26223001a9d76fd3cd18ece0917a9a0f89fa0ab175135062d39bcb07ed239252d537195771f42b77cd6ecc8ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
a552109eadfce7b6a8c8fed014dcc330

SHA1
5b806a2ec328a4e4fd9c1415c08a962fe8460540

SHA256
c2c522fe09ae258d48165322da0634364b6c0f6d5a4d61cc862b6c49f187da92

SHA512
7e09f3acf73dda010c87ebf7c806c70023fa9b59eba56c1e2494e748352a0aa2a48eb1ae67bcd4d56656c3ec48551b5cdef1a30d86cbe53aae25b3a2c7821290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582546.TMP

Filesize
103KB

MD5
2497184cd2360ea3cc7b9aa2121839f1

SHA1
29624f75cfdac4245ff94ada774b55a0c3c4f394

SHA256
9954e460f911de9c0decae89dc692403cb54df3c7d4087066ff0414072b9e71f

SHA512
da2fabf131ec0589891fcb9914b2a4f1d233c8297e981e92e308ed115047f7ed9b838649b37a9e6c1687916a548f1589f68ad8aa5dd5151492fa828e3eea892d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Install.zip.crdownload

Filesize
20.7MB

MD5
ea8b51aa8006867f71f944e9b4c7f1bd

SHA1
84ef91f1990bbeb1b6f06c44880a602bf4560f93

SHA256
b2e7575825637669fcb6d69dbf7a61bca06a8c0856e7c0f9cd7777da3f69690f

SHA512
35788f18e2aa50032bdb46b00a862a2d3f9a72c6cf6cfb711e3d88494e63b8a78a19b044bd5a257307eb31c41809c7000e52f27f11acd9fae12fddbd28ef6107

Download Submit
memory/5752-293-0x0000000006700000-0x0000000006EB2000-memory.dmp

Filesize
7.7MB

Download
memory/5752-289-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-294-0x000000007EAF0000-0x000000007F2DA000-memory.dmp

Filesize
7.9MB

Download
memory/5752-288-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-286-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-285-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-292-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-291-0x00000000041C0000-0x00000000041D0000-memory.dmp

Filesize
64KB

Download
memory/5752-290-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-287-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-428-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-429-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-430-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-431-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-432-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-433-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-434-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-435-0x0000000076DC0000-0x0000000076EB0000-memory.dmp

Filesize
960KB

Download
memory/5752-436-0x0000000006700000-0x0000000006EB2000-memory.dmp

Filesize
7.7MB

Download