eternity | hxxps://github[.]com/Testabots22/Bloxflip

Analysis

max time kernel
75s
max time network
76s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Testabots22/Bloxflip

Score

10^/10

eternity stealer

Malware Config

Signatures

Detects Eternity stealer 1 IoCs

stealer

resource	yara_rule
behavioral1/memory/4372-213-0x0000000000300000-0x00000000003E6000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Loader.exe	Loader.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Loader.exe	Loader.exe

Executes dropped EXE 1 IoCs

pid	Process
880	dcd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529482871934449"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4148	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5108	chrome.exe
5108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe
Token: SeShutdownPrivilege	5108	chrome.exe
Token: SeCreatePagefilePrivilege	5108	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe
5108	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe
4148	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 4664	5108	chrome.exe	86
PID 5108 wrote to memory of 4664	5108	chrome.exe	86
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 1752	5108	chrome.exe	88
PID 5108 wrote to memory of 640	5108	chrome.exe	90
PID 5108 wrote to memory of 640	5108	chrome.exe	90
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89
PID 5108 wrote to memory of 1980	5108	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Testabots22/Bloxflip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7a7f9758,0x7ffc7a7f9768,0x7ffc7a7f9778
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1908,i,4521416935234826416,6887594743337406404,131072 /prefetch:2
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1908,i,4521416935234826416,6887594743337406404,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1908,i,4521416935234826416,6887594743337406404,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1908,i,4521416935234826416,6887594743337406404,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1908,i,4521416935234826416,6887594743337406404,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1908,i,4521416935234826416,6887594743337406404,131072 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1908,i,4521416935234826416,6887594743337406404,131072 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1908,i,4521416935234826416,6887594743337406404,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1908,i,4521416935234826416,6887594743337406404,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1908,i,4521416935234826416,6887594743337406404,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1908,i,4521416935234826416,6887594743337406404,131072 /prefetch:8
  2⤵
  PID:3628

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4724

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1344

C:\Users\Admin\Downloads\Bloxflip-main\Bloxflip-main\Loader.exe
"C:\Users\Admin\Downloads\Bloxflip-main\Bloxflip-main\Loader.exe"
1⤵
- Drops startup file
PID:4372
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4148
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Bloxflip-main\Bloxflip-main\README.md
  2⤵
  PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
50ed9bf5f2e08b068624ffd0ee30e095

SHA1
3e90de18f7414716244f2a2769c030728d786351

SHA256
b6116194c29b59a30827785f9a1a9ffc0356f9f4ec1d858247bbcbffd420eee0

SHA512
8a8bfefd54594d5245ac6712744f82354d1c6c0677f986ff1ffc0b43c3ceeceb0e17bb5d6e915cd7d072c8d8f46896b904c63bc74ee90abe1e2009f2c245051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f8d7e2204e6710a97f188febb22bf2d5

SHA1
2e9e3aff42af51d8dca859bcb8d1181b2374cd72

SHA256
f501021e0c59e90e853baa889d7917a3c7442f7c65c8c6e1aa75e4b0cddfada4

SHA512
2dbf2628cce6868e6c6b511a60bbe0f0f76626b46e46631a9ebca04295804ecd58da13f07bfc7582fdb8650194ac7f882a6c6a5ee8163d075fe5305c0bac16f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
88877170dfa83010cd308de418b8be9f

SHA1
b8d35b89acd4f949e225d411bc12028a0c2d2f86

SHA256
fe420b7f57f56e019236d6d4aaf6cfdea42cb07f1175da1787bd925a25c236b5

SHA512
7aaf4ef208639e8b30c0177f70a4f2e04fee612850df53e548882d7f1f5426e42a37cc26f3b29e72241e85095113dddea570e8d59e6d4519da4fa374ec311b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa08bc779ec0353d54b3be86de897983

SHA1
09eba7f0e7d5b057812ad0c2e58f99ce1ab9e801

SHA256
a91427bb466aab48b0e825c38d14c8dbf1eda18c738035d13ccc3c989c8d743e

SHA512
9b8e94cbb3cd7c937d2e0e8aa733d64ba11216b75259080331382cf1b1a1a876db1aebacdf72b1c5be0b80e2ad268d266e622a69f4d73e86c9adf5b7472a4a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
31443cf865b27352442a190fefe120ac

SHA1
b111cdd5f4aded88eac0052950f02304d2583e1d

SHA256
181200c1cf0d0a3f60cd40b599ca9219041e4bbc61ccd2ed8dc2919a03d88815

SHA512
3ee55357889192c91c727c8d0c97fc8dc7e7341a747a39135939051e353e3851389c6818590b5161bce25284f416ce836867de767e322543aceb4046250ed50a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d4f829b46c3290f6b85eefbc0dd8fb95

SHA1
3c93ee05e5b856c5ec6151e596b57616b7456803

SHA256
2289d92c5b4bf97ba0df7fde72c7b0ba165109ef05de5d1c550667edaedd29bb

SHA512
63e1ab31fd8a1455e7f07c0299cdc7c8214ed2028da0ed3466a6192e6ee06e0ec9fb3c7fc4314db2f1f47f390f9b4c3d33daa8647a4ea004fae25f6fab3453ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1ab29a58a309f9158fbb41f65719c626

SHA1
f881bfd8a0a59acec5399df880be1d7247d61032

SHA256
d5f790ea59238fb06af00eef43f6ac403fa1de3334e867f76216543d1b74d8be

SHA512
776b4022a658742480f6ba75da854846e36314ea64113b11c399e2c6dc31d72dfaa6ad0c3ae4db1b3eea5ff8edfd2a7f70fa6a41bebce90b841c8d0b1f95f7e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
537c9780e41fa7c70822cea8a304f07b

SHA1
38e958270001cc77738312d0cca6de4d267cb911

SHA256
d1182add8851efa047b108d044c32ae3018fae9cdb459151203a4756a3596cc4

SHA512
ff5f87c22695d42ef7a7c772879655f194c40ff7a761890bae8ee6dbd2982f8aace08597bf25ff148441f6233977011ff84eb67c72f77c086a5e57a76f2f1196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
e11c6015b4bf442263034726e28595fa

SHA1
4c910fe26b0961f2fceef88f30c78c9174a322b3

SHA256
c064fa40b74461e00d0dc2aeeb92028beb228bdaa65e8035f95fdb12323a0148

SHA512
da18f418a6aa965def90ef0f936ef03d6f57200180109ff74ff559c76ef3422308a5e60e8a5b687c2820ff1f47ec5a37306b85e500ad0889cdc7f060e724888e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\Downloads\Bloxflip-main.zip

Filesize
571KB

MD5
898714e7103594c0511becfb1cbada62

SHA1
00d963bb7a8b77a56c69d5e22b41704f8c67c752

SHA256
36ead37b11484956e85478a58b8c4c012c0c70808c0d97c1ed9ce6bcf9dacd12

SHA512
6c660694494f099d4ef053452aecf1fb678789adb667d781c560c21130adc55031cb5a93c274a579de261339ccfecf46e77430edc47e6282e4a72c0919e5e73a

Download Submit
memory/4372-213-0x0000000000300000-0x00000000003E6000-memory.dmp

Filesize
920KB

Download
memory/4372-217-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4372-218-0x000000001AE70000-0x000000001AE80000-memory.dmp

Filesize
64KB

Download
memory/4372-219-0x000000001B240000-0x000000001B27E000-memory.dmp

Filesize
248KB

Download
memory/4372-216-0x00007FFC666B0000-0x00007FFC67171000-memory.dmp

Filesize
10.8MB

Download
memory/4372-226-0x00007FFC666B0000-0x00007FFC67171000-memory.dmp

Filesize
10.8MB

Download
memory/4372-215-0x000000001AED0000-0x000000001AF20000-memory.dmp

Filesize
320KB

Download
memory/4372-214-0x00007FFC666B0000-0x00007FFC67171000-memory.dmp

Filesize
10.8MB

Download