hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

06/12/2024, 19:50

241206-ykaksszqap 7

06/12/2024, 19:45

24/06/2024, 15:32

24/06/2024, 15:21

24/06/2024, 15:11

24/06/2024, 15:02

28/05/2024, 18:25

28/05/2024, 17:33

Analysis

max time kernel
415s
max time network
388s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1960	[email protected]
2632	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
25	camo.githubusercontent.com
58	raw.githubusercontent.com
59	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619907993925132"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe
616	chrome.exe
616	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2840	7zFM.exe
752	7zFM.exe
2632	[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe
Token: SeShutdownPrivilege	1896	chrome.exe
Token: SeCreatePagefilePrivilege	1896	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1764	7zG.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
548	7zG.exe
752	7zFM.exe
752	7zFM.exe
1960	[email protected]
1960	[email protected]
1960	[email protected]
1960	[email protected]
1960	[email protected]
1960	[email protected]
1960	[email protected]
1960	[email protected]

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2648	1896	chrome.exe	82
PID 1896 wrote to memory of 2648	1896	chrome.exe	82
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 428	1896	chrome.exe	84
PID 1896 wrote to memory of 780	1896	chrome.exe	85
PID 1896 wrote to memory of 780	1896	chrome.exe	85
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86
PID 1896 wrote to memory of 4416	1896	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd1d6ab58,0x7ffbd1d6ab68,0x7ffbd1d6ab78
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1880,i,16305908548578948580,4285725033560107008,131072 /prefetch:2
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1880,i,16305908548578948580,4285725033560107008,131072 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1880,i,16305908548578948580,4285725033560107008,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1880,i,16305908548578948580,4285725033560107008,131072 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2828 --field-trial-handle=1880,i,16305908548578948580,4285725033560107008,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1880,i,16305908548578948580,4285725033560107008,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=1880,i,16305908548578948580,4285725033560107008,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1880,i,16305908548578948580,4285725033560107008,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1880,i,16305908548578948580,4285725033560107008,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=1880,i,16305908548578948580,4285725033560107008,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 --field-trial-handle=1880,i,16305908548578948580,4285725033560107008,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:616

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1860

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2840
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Documents\CookieClickerHack\" -ad -an -ai#7zMap17664:96:7zEvent4037
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:1764

C:\Users\Admin\Documents\CookieClickerHack\[email protected]
"C:\Users\Admin\Documents\CookieClickerHack\[email protected]"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:1960

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:752
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Documents\DesktopBoom\" -ad -an -ai#7zMap8592:84:7zEvent119
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:548

C:\Users\Admin\Documents\[email protected]
"C:\Users\Admin\Documents\[email protected]"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9e1f660f-d557-4c5b-b16b-c239ff553576.tmp

Filesize
7KB

MD5
a77b2ec9f6960b0d0697ab305cb6ed72

SHA1
e6ab780c1864087e121ea5532c4c11b9d80b8177

SHA256
e6c516d0103f623bf67ea720f8828f3fd83dce546624e8a846618af089c5fb14

SHA512
049f10b47360e87b572d4f5dc19e790fdffe0f4343124f0e2b74272a4f5ac8c0cec1f522e0f7348b8589c1a0a6d4503d6be16e08528fa8cf8b6724a7395fbb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b2698d22560fe50b869177dbd62e6050

SHA1
40eaaaa33cc51613cf7d76262f0df40fa95a1b09

SHA256
fd2d5c957cfa91bf587c823a57d7825b143a430e40b2f48bc5ba602b80341076

SHA512
759cb9f4b534085ebfc0fb736596c6d1a4c4056b98c3499933d09b3e7cce204d0c62e623fc0bba57083dde0cadeb21f1ed30126983bd63dc943410ff83615dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
acb1484fce9a502b092ef62b2bbad00c

SHA1
140170dedd9a40aec7c10feff55e266ad9e5259b

SHA256
ee14c61d12b498570fc4629a0601365105fc1da28ea9c4df40754723a67db5a6

SHA512
1b7a7f353e09198ed157ee5fe5872dee8b97678fb0e67bb1c704f9238f222131480d2fe51dafa84edb5a35e13d801aa5713601890b9178eba13301f621a8487d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
77f71c9350afc78a4cfaf07d27e1f931

SHA1
9e9863fe8d72113a498ea57b23556ee20e67f870

SHA256
14d341718b80219801fc76e86153eab379ef6f73ec5113b05ec82d4400330009

SHA512
55eca67f304291e620c142d8b8d90aa96ea864e67f8f598fbadb3647d2623ecacbd3b7446143cd1855e970d0100073ecffbd3fd6358d16bbcd0a74b315a1d64d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd88c715072ff7cad7f43b273cf7b348

SHA1
bb4c643c6a94b4c4bc16a6ef1aac4c318b3e1ca5

SHA256
9b31e9ae4e4e8d65dd6e9edba52ce63cd6d6b54f34a7e7b3282a7137eac5694e

SHA512
4668d89cc0ff986e0ec9281db297a267e2ab38c2769def7e3707ac6a3363b4b2359851e23b7c66c708588c36342fbfc53b4e9413ad5efd149ceed456d710ee77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a821621409ca1fa4d8a5418533af9b57

SHA1
ff1ca669326ec952084dc60381c9c32fed641be9

SHA256
6456dcf020e428b81bc9d79ef9148d9632b0ee105df0b0db439fef90d61c62ad

SHA512
7dd3a68dfd3701e238918edfd5f38f32f7d75692ddb831c8a78a93c483f56e8840488af8e575aa57b80a073f24ee2236da1e1442dfd03f45cd0d8fffcadb240a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3105bcb16514a84805c56cac856a7e8b

SHA1
d9dfe04b637940e04332f116117292208255d786

SHA256
d7133af21df4d57e7554d229d6ef81369422c11748456688edbb1dd5cf583e6e

SHA512
0a2bb8d8337e911cb918e0d62f9472e262e641a193adbfb5fcdbf76cbf7576953d09521280febd239bd2fa4cbdc809a4c585c08dbcf88902d7c62c7525b75a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7708302775eae587a066699762d6346a

SHA1
3f5fe962b3c2e35dac706db67b391920b323956d

SHA256
43044d90a0cb3f6144ecb4a07e42cdfbea4ee2088e435d1e0efcbab10a1077d7

SHA512
258351c1db5667ac77bc8ac7ddee5bc501255c144fc0595e69f1be7055be0d3325e030dcf0594728c673bdb2e0ef4945bad0e533913b41c1e7efc3948116feb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4d5fa1bad8ae3d71d2a6e3c4c281b95e

SHA1
04f6c961315e1d69252fb3d2866201e3322c8b88

SHA256
07657869b6ebdbfe333ea6b1e3a00e43ff5c3c8fbf2d26d44e308963545ea9cc

SHA512
e7f61c13b56942b2a74826e625399c878396939d45706c2702612bb2e43970bfe36ec23f57f690fbbc4e605ad96051ef73efbce63a1036e8a2b249f05c1cc75c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5991943f5e1cb3c3228f3c20e5021b58

SHA1
8a3f687c7e83e1de678ba0c977408bf51218e60b

SHA256
5d8b5894247e7806947ad00f20d582f2bb34c241c65c830533420623d4e35337

SHA512
accfdbef7e717848d4d9cb80d976b7b1a6a6f8892ac77175135e47b904283211d36fbc0a70c3527242ee7d9dc18079c05fe2f3f6956a4f2199e5d57e30cf4709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5be9e74c1f42e32cb78ec412bbe8b905

SHA1
624c9a9aafa670611cc3571fee8221102797c6e9

SHA256
ef2e975caf824f8f0bf447c74114f9a5f47f445b1a16162982458030fc36871a

SHA512
06ced94b16041af911e9a2ed3328778dc4f17c6264aca9610cf38ce423d3112b8020eb96de635f690021c353ca1e3802a964aa5af409c5d4f30c00b9ba2d2a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
7ba5c1c95e1630ac53674bf86d56bc98

SHA1
7b406db0406a1f50764649b209dd1f77407e56e9

SHA256
d6968722438497f1b5d776f80691b98fecbf3e614528474fb23db832ba07b617

SHA512
68b51b08aad9a8c74a8dae1451f997cc01a1fe52852046827bcc05d06d804db83a1570ed89cb43921f5e7325da02d6681658ef736f84fee46480d25440952eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e781.TMP

Filesize
88KB

MD5
b2a25b203a174de7012d7ac1bf43709a

SHA1
99232f42d4fd79bbacfbad325e6663b61c5101c3

SHA256
bdc75b1477aec2142529eacfb20f3ad226d17fb47579f84ff2c47949b379d4a0

SHA512
87aca38f2c4b372e87671d6f1aa29cc83dc58d5de6612c00928150a8fad83284e3c5f50a6767071032e71521bf20ff9b9094a2721f6e4d75f492652a81e67c6e

Download Submit
C:\Users\Admin\Documents\CookieClickerHack\[email protected]

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\Documents\[email protected]

Filesize
1.1MB

MD5
f0a661d33aac3a3ce0c38c89bec52f89

SHA1
709d6465793675208f22f779f9e070ed31d81e61

SHA256
c20e78ce9028299d566684d35b1230d055e5ea0e9b94d0aff58f650e0468778a

SHA512
57cdb3c38f2e90d03e6dc1f9d8d1131d40d3919f390bb1783343c82465461319e70483dc3cd3efdbd9a62dfc88d74fc706f05d760ffd8506b16fd7686e414443

Download Submit
C:\Users\Admin\Downloads\CookieClickerHack.zip.crdownload

Filesize
20KB

MD5
a7bcca47b5413eb92250a45f86d1ab75

SHA1
915ad4c18ae188da9ab338ced6862c4efb670091

SHA256
b7f82523253c3a1f18de5c649a96132820d89274cdf7a8c5cd3f47a79e76ed39

SHA512
4a666fe25bbaf41ff217a07bdd19fd9e2f57dba228511d9ae92d3ee75adaeb952fd91d4d4472e0c73babfb86806d54ddbe3d603ae124545b89ebdf570db19d87

Download Submit
C:\Users\Admin\Downloads\DesktopBoom.zip.crdownload

Filesize
513KB

MD5
14e716c9e9a4e370ccafbfbba4c657ca

SHA1
0aef4c04766d1a39925917e46fc011ddf36786fb

SHA256
666bdf8c339fc5f924f4d31e1ed57e6ce3f63c487cfb218a9b4d7a087938d5d7

SHA512
3ab23f8dc84b39e8444d3b85ecf0e1b882786dd17578e0fed34d43994506101e6034f5e95f6e88b494c989f40ecb3052ec695adbb457662c1864d97c9255eace

Download Submit
memory/1960-290-0x000000001BDB0000-0x000000001BDB8000-memory.dmp

Filesize
32KB

Download
memory/1960-291-0x000000001C070000-0x000000001C0BC000-memory.dmp

Filesize
304KB

Download
memory/1960-289-0x000000001BF10000-0x000000001BFAC000-memory.dmp

Filesize
624KB

Download
memory/1960-288-0x000000001B8E0000-0x000000001BDAE000-memory.dmp

Filesize
4.8MB

Download
memory/1960-287-0x000000001B330000-0x000000001B3D6000-memory.dmp

Filesize
664KB

Download