hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

26/12/2023, 14:24

231226-rq4mhagcd9 6

26/12/2023, 14:21

231226-rny91aechq 6

Analysis

max time kernel
130s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 14:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133480741053776359"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 4716	1460	chrome.exe	14
PID 1460 wrote to memory of 4716	1460	chrome.exe	14
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 4476	1460	chrome.exe	31
PID 1460 wrote to memory of 720	1460	chrome.exe	30
PID 1460 wrote to memory of 720	1460	chrome.exe	30
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26
PID 1460 wrote to memory of 3448	1460	chrome.exe	26

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bcbb9758,0x7ff9bcbb9768,0x7ff9bcbb9778
1⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5784 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2816 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 --field-trial-handle=1880,i,4505725430424013814,12818496116279340575,131072 /prefetch:8
  2⤵
  PID:4788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4168

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\82619bb9-7855-4532-b09a-784bb37af0b0.tmp

Filesize
98KB

MD5
67a76a7904b32245c84d85c7965138c9

SHA1
8ded3213444e80323e6cce5506b19de001b517f8

SHA256
0d46a59cdc26b45b3f9a03111b5309c85966334c19a419b1327574d56eb30bcb

SHA512
32467b101621354ada1854387684dc07dcfff2f8c56178af5acd9138925bf2c9aa633c359425e759dbc05eb872e716d197737d6b17f83ed8cfd55fead39229ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
55dd536a8c513c90cffae758229a30af

SHA1
a79d347e53213ad7737285d0c3ef4617b30854fb

SHA256
765edce92584ecf79193d8afd29937199fd21596535f03f3cbdda5183ad36d61

SHA512
c9c72518772f90186cfc7ba6b86bcf5af55e00ebef749e648292e35edf88512cff2fb3a1609d38ee7f03c2a79e5783d5059ee17646257d1a0e246c0589c743f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
366b8018f90650fa2f3e88324efc6332

SHA1
e73e4bc7f80ac4c5df231133325249702afd50ef

SHA256
235b27020e9cc5a750a0ef8df8515f8c9e1fce12ee4972b3ce88803481dabe6d

SHA512
3fe7ce1a0f9509fe89c649394bb5de8567a298cfafa8787f9323ee9679fe421789301c4a029a2f9d203456e376bf07d16d138656836fb0d37e3cf1f0b93f342e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5ffa0164-0333-40e2-a1ee-77e28adffe2d.tmp

Filesize
2KB

MD5
e3009a0afe6bbead51709f56b60b8de1

SHA1
7710c85c62d295733e7078ea3ab1a1deb20aaa91

SHA256
a5514d60f515e08b1e20c4026d0c1282a6cc5063fd04840d70b8ecdb516d6e6e

SHA512
d5d23359babf2928f1cabfad99a65e42f4eb22ca4f22e2b3cd6b1e1c8da8c0872bfec84ff602d0e7359e6ee8a4536e886e5bfec30ade1038297fb8c649ad102c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c1a88e8b709d0c17fb3a45a8d8639e99

SHA1
b8f03530dfb65ef355f145210286cf1b2f7b73a2

SHA256
1ed026870ed751b29737b76eaf51b0fe66496cf04e43c6f2b039277708b2038f

SHA512
692b377721b1bcdf5e0860ee99c50c0225d3203f6e8ae7dd4fc5d65aed3723e08553fac8155b902c7062f8b4643cf6e9eb6326ab36e179c3e1d649047760e63f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
22b80877883ed3055f78dd424c9a1312

SHA1
f500e0daa95c3ae642bfdc8235be91ab0f4bb6bd

SHA256
6cdaa30c2768b61ffef11a189475d43668b7d4415801990a22f2c13ddf4f6aed

SHA512
1fb3b66814f66bfa8cf4fa5492a92636340c5de14def3c5c852ea25db7b94c7b4611159461775582ea8c3c12a8a1357e6cb4d3d2dba32fc2f1c87dfce29f1525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8226c101dab8b4a8873ef41849721a00

SHA1
a58eadce63b41f6e09fab8cfc19aeb7583e813e2

SHA256
d2fe168398f59901ce138f34da4745369bee5db38b0b324e0f8d6472c19d95b5

SHA512
ae9c23f09f48f1a0cdd5c102ee4ad44b0b6a0e392b03a00b9862bb769849f1583b094426a4ec081d009889e5321f3daa1a4554e6af74b93c6b43d35af9ff326c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
edb24c6e0fee30de58b97d5e12011694

SHA1
3390d3a00107ad51f9a7b5e17b3dd0d9f24f5359

SHA256
2e5ac6f2d8c9d58e944873f6e03031ffe0e897cc610934af9c9f9d2b7ee46b71

SHA512
16a80f3cd135aa4f6268bf70bf4051b28131ef2cf61da1a4b370438f4fac3007c9d651f31c4d9085c69b3474866dcd94e32c79c2a504d729bcf0480841a386a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
84d2bf88f976fad8e845dcf6388994e6

SHA1
6a6787d9d18bbab9ea309626b5899241422d18d8

SHA256
b681faeb8571d777d7dbd00fb9842d8740ff2374be56efe49c40c11d6ebdb3f2

SHA512
0d078825e910bc1a7997f7181504758f7d2c0c1e43b9f08480a4be856ae90bb4e2cd53bf4116f9e2e3f4ff1ad990376745c20585205610d56d9b4bb4e23d82ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
05ce21bc75069b985c95ae297626b798

SHA1
9af2e872a3ff68175ef397100320c9571c181bfe

SHA256
cd4fd0464c6d729c7a968b8cadae32616708f581de065a0ae2e0977bfb07b34f

SHA512
24d11a2d2e8b4e09834c65214b62bd62bf7b3d224c8e4d459e0e920c4e13b874719f6ce60a8a8fb71b7badf756c97989407b4ec78544076cb0e64a2b3bea14d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
390f72e3d4be48a707db3d97b5c60452

SHA1
354d284167daa92cada8e427fb22d2d89573935b

SHA256
c18ce63a4844bf5e267d9481bc7cf8a0cdd1a560d180708911453e63ce6d011a

SHA512
3e6c1401862dd63f923ba17174a2f8ac3a9859dba11d5de6475a7c8b36f20d78c1c5fce8274ef4ce56621327e7009cf304131dd07b0d9b07a08da9e175bf03a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0098da73a1899a5a21859914ad4799af

SHA1
770be102f82fa9caeac9befbbba8f017c99ce869

SHA256
6bd18ddf284702895b6207074abd8d875d73426fa20931d93b29a85a31ba7a7c

SHA512
9d98f98169e3a178d732e2bce8dcba4ac8b3b58994b17461edfd1e02561b35dde8616c7ab05336dbefaabea0b8120972b137b4647965e5ba387a78615ccdd03b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
34c3ff1a8ef8b7d79b71af4f2b2eb528

SHA1
4c6e4255b1ecea87cb8f8a373b66cd5c39265b8c

SHA256
60ae5542a93dadbcff1df7c1ea277d14154bdbd86c44ad91a964d3dfe1579f6b

SHA512
a1404aa6a50266ec0d3e7a746d1a5f7c02f9c1c00e8648cd3166d38ac7afe7d6e1cff7a42a1175f87755325af0db648776fe025f78743372d55adf7d71802700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a4c1703d85d6706b862d0b094781f01

SHA1
9682fe20f7d0587d576e77dde3c4a5059209c82c

SHA256
bcd2f8729a84b8e1434c4b177878a2dc1db93450c348d8cec088e448be5d93ab

SHA512
0a7c3f1e66e6bd8b7a48d2a040741ea85ddde7621e69e2a672177b6b6c5a76f15d7fedc0b7e97da5367fc4f459aa2e274f75b538d1db0754462c6dfebfc9bea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e4201d6ae15c4438e8c279df0c382395

SHA1
e3381f3b3ea50a02c5d31f5cb3cab64641f0a688

SHA256
9fa40b2669be076481064604d1cfb6fa2f82fe455544afce7939a18b3961dbbd

SHA512
4dfb37faf12735ed42d1994bd82aeadbf77bbbb25af3eb5b9cdb6943b180ce9d8575e3498460b6849345d5f0908a077ab3583921080ad0b463be454e70dd0df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ede29e114ac95aa7b3579ebb8e2304f

SHA1
be4453695a22185da2a421a11ccbe3a2b7512a88

SHA256
25ab1e8fcec518a1959004cdf8bc171ec2b5c276e06b85ce1c37fa302f8e893e

SHA512
07ca9dfda36120c8945f88903025219afd509913e905ed9bebb5dd58b26863f4e48b1cb6fcacf18d80b642e8f3d22dd1d7e91bd26bc7607b5e63f8e544af3455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
25f8183b4ddaa863bb4c60719512123b

SHA1
56a50474fda23f63542f0d6df2cb2fe41919a8ae

SHA256
e974a0904f1c74e52603be17abd3f57479a8679f035bcfb42086895daa3ee6e6

SHA512
680cae596c5d6d1dcc4c868ce4092c8f9e3a0285d002f565c3aa5cef9c9719882187bdf7163cbed662dc774adafb05771eafb029b82fcaa9f9f0968d8bb67102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b68cf067533f3fe5d5acdc6f0189a92f

SHA1
a7017d33974d554d0d1e3c1243b2b6917607082e

SHA256
4b9d1c1307f3c7f30f66ffcfa0ea6cdc8cda22f292e735911c625c70cd2cfb73

SHA512
ff26f20f36c63fccf329bd67448957daf6573f7dab011924f0d2cf7651e88ffce9351bb058e2e2154a65be6d2a92e6c765c315efbdce4306b63273307c3db82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
497d3b3cf7f40826b69ba724da424e9c

SHA1
1ea650b2f794b115a1ce800964c58c20a85feed2

SHA256
583fa526a0bd527fc16227700b88f016233fbe770816270ad93aa0ac2a0da2f4

SHA512
5931913d918c8465a098677f25be50acf729e76d7e60e6497e54d1e8186f26e99652eb3255e76e0e15072277662bbcc5b04b66eee11f115ff98412f6ccd61e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\2f7a426b-ab3d-4063-891d-9571af52ab5f\0

Filesize
446KB

MD5
93857ddb925d953198f5f72b5f4e9361

SHA1
3a34c73475866b616fd5341cf0bda0f70a490df9

SHA256
d0e94d0118ac8f5bf1b4df3f8991d33d2e5431ce4fb3e6e365a09955a035b097

SHA512
780e6c5a718cbe1b96ceea91cf67a787adb9b02ee3178fd4defb5934b74316b51f795044f7ca6d6fe9a59db65c6a7e975292171aa93f03318f148f3056ae538c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
32006bb5430692c54b551f832a98f307

SHA1
747ed586daea08afe2fde4aeab6570096f77335d

SHA256
b7abdb1a1fc9492381771bd189decd08b17bcb960441111ac5adc8e26c94647b

SHA512
0ee9c48dcdf76c93922bdb2939ffb7e461bc0df5cce04cc782c08aef068d39dc3e50044091a20739b3d322f1b23218544df590fd4ed9e7773714725fccba0d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
119e290c3f66e8a9bdecc431aeae5dc5

SHA1
20644647c689d261ecb809e425ad9570d98f025b

SHA256
9007226c1043309d1637b21ec87feb4502be7da20086749e48ffad1f0bba7959

SHA512
6a3ecbf6511364eae7ef3d01304d4830336589c474d0f28eff0f173dd61d4fb16fad7a48c87c0cc033502c9a5424448872968651219cb3629b5fb101815a4440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e85c.TMP

Filesize
96KB

MD5
681ab6817963dad646766d3b79e0f59c

SHA1
412b7ae523c0c5130a52fb7d94d2128359eb58e1

SHA256
0ad4669865aa1e7aef50e29f9d71fc0210411d184f45e5cced17329e8a8f07bc

SHA512
c8ae9fa698e50c2acc8bcc86c4a595428180e297c87a12a9179551093d9f9182bffdfc203b4331ce4c20034b6670792233d44443187c153cff7898c72446dd1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\AdAvenger.zip.crdownload

Filesize
179KB

MD5
901b2b350cf7d263c8ec0276ca30b233

SHA1
1e24fc0788741fe515cdc417920daee24574ed58

SHA256
8b66f1f3e3cd59e733b3b37f392cf191731b87022f9cde346c1427710275661e

SHA512
4169912ceb6148017b52ca62e2eaf663245fed9f90bac58125cde058dcc6dab9fac52fb0fc88e0ba7a17e8d39897de5dd580afbfe338a1178336694b2bf1ca9b

Download Submit
C:\Users\Admin\Downloads\Apple Alert.zip

Filesize
216KB

MD5
0c06e4411f6c6f472789f5ab64a439d7

SHA1
7b29eb40616a8731b0eb6e045957f12443086a07

SHA256
f8b40acfa83436933d9991c0a0e8647665ac99d0678584f539bc3f715262410a

SHA512
d4034aead48fbb37c0d5b219db2f97c19975fa6ac30340c1cf034bc4acd84fb53759b6b35422efc3c12a1b41a3c4a89a022b4da3919c45a3fce644fef62482f6

Download Submit
C:\Users\Admin\Downloads\ProgramOverflow.zip

Filesize
57KB

MD5
49d1489c6ac6cbfcd8136e0556128da2

SHA1
9463733db9748dfc4b4a69fd165e5fa96e8dede5

SHA256
37fac64c87edc1124b7def4df63269f007f74c82e7981c99f43b4447dc6a4b86

SHA512
ecb8a2965bf0c0cc6d082414e2827b93e1d04dbb413f00080542c0becb19fc056bedadd7e7fb36058610dcdbab575684ecd1bbf25b5ea2cae2347ffd7cd66f5a

Download Submit