69cc2a01c58024d4636306daa5aeb3ae73ed828f0db0cded3f445927490677e9

Analysis

max time kernel
149s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
11-07-2024 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm v5.6 Edition Cracked/FastColoredTextBox.dll
Size

333KB
MD5

b746707265772b362c0ba18d8d630061
SHA1

4b185e5f68c00bef441adb737d0955646d4e569a
SHA256

3701b19ccdac79b880b197756a972027e2ac609ebed36753bd989367ea4ef519
SHA512

fd67f6c55940509e8060da53693cb5fbac574eb1e79d5bd8f9bbd43edbd05f68d5f73994798a0eed676d3e583e1c6cde608b54c03604b3818520fa18ad19aec8
SSDEEP

6144:4FErOIif3RzSHh+20lXs1TzCeBcQeDbNlz7:eEeR52bmeh0n

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	discord.com
29	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651692189116506"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3766757357-1293853516-507035944-1000\{BA79E42A-81EC-499F-893F-74D749DFAD98}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe
Token: SeShutdownPrivilege	3096	chrome.exe
Token: SeCreatePagefilePrivilege	3096	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe
3096	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 1048	3096	chrome.exe	81
PID 3096 wrote to memory of 1048	3096	chrome.exe	81
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 3336	3096	chrome.exe	82
PID 3096 wrote to memory of 1896	3096	chrome.exe	83
PID 3096 wrote to memory of 1896	3096	chrome.exe	83
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84
PID 3096 wrote to memory of 4372	3096	chrome.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm v5.6 Edition Cracked\FastColoredTextBox.dll",#1
1⤵
PID:480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffc23b7cc40,0x7ffc23b7cc4c,0x7ffc23b7cc58
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4376,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4860,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3452,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4932,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4404 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5220,i,8915287409811355599,8138633214148461609,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1552

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4548

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4464

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004C4
1⤵
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c29cf15aea6ce5ec39c48ae42f4c82d4

SHA1
45b062f43a286b7c23bb47f810f23fb1f52a498b

SHA256
777495b008d564ddf0485a9682bb18714adadc83ac0ccc05d26c55de839a73bf

SHA512
b0f43bb01f9037e3b1283492a38081b839195cd099ac812b10db7dd2372cbc0239d61c506088cfc52e1673febbde42c6570c1645d6a903f832ffa721d9826e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
640d43b1114560d15cb22b853b542397

SHA1
2d89631202e116300f847d02af589bc475813157

SHA256
fcb4288ca0cb19efc06606749389d91369e650dbb57b7676e1ee01e731832e1b

SHA512
95d1440f3f56a8ccd03c785e48c91ba5491d5a23188fdbc3c5b096666d2972e6f0fa14c16835f500c13adcb2ef02ce947cf269ee9f8dedf83e318d0a211a79b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9cb1e75c7bc3fd53c848436c1cb31ab0

SHA1
99767dc2355e7e8e0e38db056dd3d183dd4b2be4

SHA256
be95f40c2a2de93c073784fffe0b1ee212199111d9db045f5bc066df8ab780cb

SHA512
54e2c618ddcf23452b39c873f3bec432cdcadccb7c6d7b4c7e4d2d53ec9f0adf835c5e69f659dbf619421260039287e6e0de4c44265f34694b0d68768016cd1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
615cebd8c00808f8a80b78839ba5cfd6

SHA1
543d1d0af7028ad193026cca3c2d94b8747d7f43

SHA256
45d9161680f7dd28bfa395da57dc420c5ffa0dc30edba9bba113e0ede7bb36d1

SHA512
e10408e28b3498b0c2ee987bb2aa9292ae08541e9abaf86a9212e82ff8e29b794d41f8d51e31088b42b40ce02a6b40761f5065ed3bcd1bfcfa6d59733028c2dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c2821eb72e02e2d862fbbcaa598608cd

SHA1
2018ce7131f9171516852d1866a4e7aeb51aa47b

SHA256
8c99e385e9811e40b930f071a085a0ef338b6f7ab8e36ac279d9728c6b7ef58a

SHA512
5f7a0238a6a173d164a0d6bc6c5d169345eb792e7aefeb8ab475f27882e3b931088d763c1c7b0e8c21d92c46570c53c3e72571fc82a081fe2f41a87db2463e8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6a026192421b30cdc5fe3a14aa24e685

SHA1
e2ab9d54ca336c95b20f621c26b92ac8a0603579

SHA256
d9ac0ec0c223cc15bb2dd51e25c8ca5b7b3f4215409b7219c1ca4de4518ac82f

SHA512
8e4ad04c70ef95b738d8c32e9a6dc2001341a194d1282ccfca4d18092830055ce15505b7b625aa536e2e73bb97f0ebed51ef362546b3fa074ab82af78ac61c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
826206a4e11c63cbf881aed5a2ac04e4

SHA1
b91ab4e18ab889155ac6b1643fd3d86e931171db

SHA256
5fd948bd60c4b928693b4b338d89e4bf5522f8dbc369efbd0ef83dd9d4d90004

SHA512
268eb786e592a1f1fdcb2b53e5770cc4be279f991e9a28bee2a9b0ab7406a8baf76b9e1e8c909a5f62ac2441b798090d5ba7b0f0034506e9c43c7cfeea1fd836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e8c695c526023daf65f2bac5c35b5c43

SHA1
58dc44d169b7ba53ba908be355b5b0cd6cb8279f

SHA256
a1df8b2e06934adfa01d145f40bed68bec15a05956575726e850da9c9ed07361

SHA512
aaacc41c895c0686fe5176cd119d5da372f536fd0258d19951e31abee0a5a8a51719ee4ace9f39136d0c3b55800a6d33c641d15ba9d4de44e076fa9f6f527dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06c5b03eed3f4cfeb6daf39caa0e028d

SHA1
51f0eda4916854ddf908b4b03e3783cd999b898d

SHA256
2c54a1a2af814fdfe9bfa95e308c331f5889da23d09dea54c7f7d3d7c5c2d31c

SHA512
3b2444c789076622cf8ac02e0bd668aa4bd1fa2cc40db58e3a2d338d6d1736b97803a17ef9f25310a2499fe4331ac1ab5cc015b5eda73db4167d3c338080f60f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21880cfc47c2da1747c549ba331d4a60

SHA1
569f08760883d76155c7dee5f0bfb09930c81540

SHA256
e3faa400012a033bee837e9e13b3f9de1f693c3e1eb58fd3ae368b2cd8a37c43

SHA512
6e0615f3fa3394843cf6c4d70e87bf4c331585918ee08b1cb0ee9d3dece6c4f6e0a1dd2c5ee72ac466419e71e9be5504a8d8e843574ee5a85490ebb612d5a207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5dca76bbbc87c62a19df3e31d460f1f0

SHA1
8c6cbad56b9c47f36163bad416668c1d942f671e

SHA256
be6388a319eed07dddc919b150573550591f2645907ba45bbd730c0d7709f665

SHA512
95f72ec4f8b94e33f5f88dd1a5830567b53e55aa5ea2799cbb448b5e772865d2f4a773c693f02d4acb7e3c35012b60a1d7cac5119c4ada26576a54708ec2b416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1cb7decfb97fffb639ddd50c584100a

SHA1
219134c6c84bafa2e669b421a1662c0dc311b862

SHA256
a0fb13780087f4a05cd3a81debc280da1b1ac617ba64b26f25f56d359d706ba2

SHA512
48c060bc05811f8fab08b7f600a902abc7f29cac702aa50e87da489fd74188f32928858d1ef3e59638ae3fe1690f731333586431235a62f7b81bba9ae2c8c57a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
13f276ec2fd26b973b04641e4dd87c8d

SHA1
d21dec3717a5dc14d0b0503c3182770992a661c2

SHA256
7b875676039a933514b9906aa553cdc7671f35cfc94e9b96aee0f098e1b1e66e

SHA512
d4a7a8f633a3fcefa851caf52160eaf7b19c380b0d83a994d7e71c127515f3bf0179242513c9dd1399ef34ce197cd06ab95130af75e611baced765a63a6ba6e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d43eaeeb54f4cc6543e1e84d5fd7aa9d

SHA1
17ebea446f4c44c8f0e66c53d0e17d290bb97156

SHA256
4d65d2f78584efd8e321efb1804a9980c3ec199a5c62b9feb60e5f714b24b7f9

SHA512
c704559fa3ac7ba580c1437b822dc0e94fdc28e3d07f031f33493738c5d0bfe2492ddc0df4078d2f02044af338350219f8d5c45b782b7c8b008ab60b180467df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f4fa44413b602affbf65d5c5c13170b9

SHA1
e0c40445a85c49dd0ecbdc73261e6809c09fc4b7

SHA256
891e866e40263046afaadeeea38df17507ae4d36d724937fcabda1dcd55987df

SHA512
48c2c27e41ed7d4edfbc897b9affb3004a6892a91d2874008cea81584f805fd1f9a9c129f31af26e0615445f3795fab51a3527881acf5ee9bd1bd718f6053b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c1b28ca051fe20f3ed2e9cecac48f656

SHA1
86cc1c55bf245951b88416fad51ef616e18fd916

SHA256
91b7a8b560731552e1624658f2bc8bf5259e3e52795fffc67f910b732c937385

SHA512
cd7e0a506a505a616d41bda6776e0284914b87e404ce34bc2174cb9d52ec84fd66e51e9fecc2e965767402c7a32b88c1aa5b2c02ef3dc9d9882c3983d8836ff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63917839e807da36a540a5fbff169148

SHA1
aea12e54b8d7917d5b65a99f99a155705287beda

SHA256
3bc0243fc28f3ef3e0198269101cb547f070331f2b87662c8b78cf5967cf8946

SHA512
39221485b7d847d75f33dab1a7f3dba537d35eb42d65e3304d3074a9be40f09e0d0ff2ad341ce1cde35c8ef4fab2bd9797cb659b8b8d01d0ba7980e5f9733a51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fe6ff596bf1bf51feb635610b32d316d

SHA1
3b77791cbc7966441a977a1edf36abc2883a6ceb

SHA256
0c5718e8ec4cac045193962547fff5fae6641a0f29b318252dddc9efd688cbfd

SHA512
5779f3cdbca2c9253fe271958d9d86ae958c39271227bba6a9ea889fd286f67ef2b6291b017434a31ce47260e8d2e01aa96900e7caf4b7c1d27cc8441d028789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
06452dbddda8258d3fe256d99403571b

SHA1
96f9871cb9485fb8c3771bf5f4152f4d07da8ce6

SHA256
005e67da1eda28f729905e3fd71474a6f4c6fae6b663d579926335e17804ec8f

SHA512
9eaa024efccb7d30e58d7f3088f169a3a911e6401ba2d83b19d4bf310026ec0b46470940471c7d1b642583ffe58a8370bdb2f947e5bed143b4f52c2222797dc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
6c3135dbf84f469bf209cba92bbc4a77

SHA1
402f8da8f3834f24b67bf56fbab1da4a2e17e935

SHA256
80cf8494e80a6aa698eee89372d3f1d3968b1ae6c4c7688c92382818f8c8e72b

SHA512
f9a38cbabf929fadb78beb3ad2ed22ef34dadf52923c27fdd211ef37a043997bd551187975cbbca08bfc9b4a80bc7bccc5038f07bea70e1406b05dab7d308b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
181KB

MD5
f7ae6e11fb200009c2cd7b015bc51a23

SHA1
7e2d7d395fe08cb7a781fcc8146a1ade8e5faadc

SHA256
6008ad6e87af3b62484938921a6c973c5c5e4d34f39a1461fc48dfe27b086c8b

SHA512
b8b5561a3da0b919cccaca3309882ad58a54e3f00a79c5df1ddd82e844392cdf381b303ab02b54e4f98dc2e16c91b23b3050d491cefad224605915b02e9a4c19

Download Submit