hxxps://ninja-muffin24[.]itch[.]io/funkin/purchase

Analysis

max time kernel
178s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ninja-muffin24.itch.io/funkin/purchase

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655884455617710"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe
Token: SeShutdownPrivilege	1516	chrome.exe
Token: SeCreatePagefilePrivilege	1516	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2028	Funkin.exe
964	Funkin.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 3340	1516	chrome.exe	83
PID 1516 wrote to memory of 3340	1516	chrome.exe	83
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 1416	1516	chrome.exe	85
PID 1516 wrote to memory of 4480	1516	chrome.exe	86
PID 1516 wrote to memory of 4480	1516	chrome.exe	86
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87
PID 1516 wrote to memory of 4044	1516	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ninja-muffin24.itch.io/funkin/purchase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae6d2cc40,0x7ffae6d2cc4c,0x7ffae6d2cc58
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,15929449018814618139,2376914796645262921,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1788,i,15929449018814618139,2376914796645262921,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2128,i,15929449018814618139,2376914796645262921,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,15929449018814618139,2376914796645262921,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,15929449018814618139,2376914796645262921,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4620,i,15929449018814618139,2376914796645262921,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,15929449018814618139,2376914796645262921,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,15929449018814618139,2376914796645262921,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5148,i,15929449018814618139,2376914796645262921,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5168,i,15929449018814618139,2376914796645262921,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5716,i,15929449018814618139,2376914796645262921,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1268

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4748

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1752

C:\Users\Admin\Downloads\funkin-windows-64bit\Funkin.exe
"C:\Users\Admin\Downloads\funkin-windows-64bit\Funkin.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:964

C:\Users\Admin\Downloads\funkin-windows-64bit\Funkin.exe
"C:\Users\Admin\Downloads\funkin-windows-64bit\Funkin.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x2ec
1⤵
PID:4088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
959891c04d692e6cd7aaa930b52943f1

SHA1
843f2f50e7ebeb0a688a766adaf2dd563d899282

SHA256
f56b6029147f67818b3ea95b14d236bae7f90e92bbbe9e9dbb9cebcb8710c8bd

SHA512
f1fb94b36f5d7a64e6384a606ae51c821b159d5bce7f137fe69c256fd716308152a18440a21491b0ff1a5d912820de2fe515ea0d2c846b3b6052b8afe730ec1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
cfff2a1888223dea5190820f32b9ad42

SHA1
e15f3f25f78ed6b489cfb87ef89acf8c7d25c45c

SHA256
00ef4734070cd3a0b3900e028c28255b9f99572f834766b4dc40b2bbd1181480

SHA512
c09572c8090e3bea20206083896faf1d25568f3a449d60d94ba7b79e022d6cf8775303fcb9da8b1a38e6007c4f0a0f7edab755e7f0b9fea61b650f5a1a40c6ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
992e2c2128bff015cc0aa5eac3e941b7

SHA1
08b8c2242860462b955463489df82361e1683714

SHA256
00fa7096e056471e51044caefb225ae38bd5ee5d0174106cdde34ab7c8802353

SHA512
878d52781665e0be2d9fa05452d32b1a82ec4a32ada8eb851fe2d96a4fac39f54e1c3856a5f882d49fab368200300439473088c42299ce5d115c4df79db5ff2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
01938c85fb57f4b58b99146db1a737f6

SHA1
f63bea42c240913bf71d0ce1dcb0daf536fdc960

SHA256
cce3c79ddb2ce81f8bbbae1a0e9146b1d5ce1bda7179107403f3424fd511eb6f

SHA512
10f1df3599d528f434d02da9c5721ea9c352eb6f63641d474faef46181ffaad6d9cca8053123d9ad8df6a57a63b755932d586664a488c824fef827e01e748a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
accbec0d76a968d1b8c2d72e1f013b88

SHA1
2fe56100d00cc7997cb5181f682571665e4bcd00

SHA256
ec9225e0a0f6fe6d36f631a1e57954027bf3c3b5947cd015af87319a98ddad6e

SHA512
1655bfa6653cf51a498732683b939e3620d3c9600af3e995e4c33fce374bc7372babcb0c708d3aec6a83672cba86b23453623de86870b6fdcf4be1b6b3cd8fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74a66ed473e5a36d60f242089faf14f1

SHA1
a09a1ed7e8be1e5f02a04057142523c4b7f41bfa

SHA256
46cc4d020a407d20bf30fb667ce29b39071de01a48fcecedde0b39854a4cb6a7

SHA512
08fc69fb7fadef73d1d6142e787f2b96d5b25bd133c265db9a7c52d95df3b1dcbd361b6b9f1be19cb64cc3acfb23b7a2d700469bd2e35c8af1a9ca2b7e2ebd46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15cc46d59c571106afb341a86fd73b71

SHA1
f6bb161f698a172183f60b3e86768ee0bfc8b953

SHA256
e45af8eee3abb55dfaedba688f301b422322a6d0f3aabf197e899e073b5f967a

SHA512
279105e255bfda7427942f75627ff8d6c70b87fc37e7df490e608ed86f52ccea7b162bd9a4eb7ff2bfedbf492d73d11c4ae24f0209254ed4b045b53fc2e2e10c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74047431877cf9df5bf4ae0ca8a3ef40

SHA1
e8ea51365f146816a5d29dfc9077a8e2345053b3

SHA256
0e0fd09ff486f9eb86210e3abcf8b958675b78f3522a2c08dff04c98baf6e3f6

SHA512
49b9f7c26c2a1f3412f6679fe2b5c3be3b5656a538c8b3164304b958bb7d25e8c8e06be028bfbeef2c8737a866be4c9c94ddbc5fca50feed656e1cab64efff18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
190efc8ec8937d5dae5dada5b9ec1dae

SHA1
9ff78a26c4312ddf1644ce2c19437320554c60bd

SHA256
644eb81fc1bc84f19f64e6c1cb3de942288c90c183bb00d41be15c6911ee5315

SHA512
1fe0100031553eac1d1c9824eda20141a38954a5d09c9832e49b014f88395facf7fb5ee8fdbd3f65effea6cd746d23ebe4773a6c7471bd01c779bbfbcb78e545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1c31df401429d05a70e869dc474dcfa

SHA1
4b6d9a633b05dfd63ae6c4d89003b932f5ba9944

SHA256
6d7abe3fd3fedaec1c4d6cf46453711c719a6d95e3ba78e35143d2165137c205

SHA512
253ac4fd7f7f3f7afdace4bb6021b2c822d3743b6684774a39dfc9a1ec0a331c4fb0c87512ad7ff95cae5b168438177cc3fe47ea2afea0693cfb97ceee30f151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c433b00b427778ce8c78315f428c297

SHA1
1572b824e0762a9db9ed8ff9188e74db20a7b847

SHA256
c2b05aa493f4f73e6d2b0ddde7ae550406c0767a7d23eb15ef562a7f0c3b2fa8

SHA512
c48502cef322e20a4b06ce04f8b99fbca5fb7c1d6d3669882e2aca70fe0a6690355c29f4e546242561083ba219dd6abeca864eb60005040a940de216d80b6e4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05c832c06e37a0a129e86994cd45e55b

SHA1
9489fbc08beddc6df52594caa49d8c5d17ff28ef

SHA256
72c743ece239b57238c627e967d260d00667ce261b2e89b5848550faca6f7eba

SHA512
ad4c423ac0dd0cc964441081e263d2c243a7396be8682e33fe2232b15fad2dc3688126e1e72671142ff66af520f771afb7bc9bb346bd0f8e706648c4a3fc9358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf5da0dc7559aabb51bec82bd0529097

SHA1
367cd31580f75b833b26dca37c45a79ed5126072

SHA256
fe5eecf986cbdabfcde41f211d2d0278bbd6ba10fb9c6775beed8b3370c27c87

SHA512
cb1a4c7fb97793d37b933f2ce2b6a18c7cff91cd1b4ed61a8aeb7942e69e93096a4d107d34a0f852a599a39323a87e9db747a13855d0c39a6675780c2987ae62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2a9bc9b455ae4a9a0507ea7a5484c97

SHA1
f0d2ab31096e16da69cf19ab392d600f25df70bc

SHA256
62329f35d6350c2b05db29086f82f3c22c63db2f1534a77b2a8f7d1f3dafa590

SHA512
693390f2f94794c8b1a3bd59d6ae6bb6e133c9c454eaffb615d80f55d9e75af8781f33854c5add1bb1980e165f60b6c356405e983ea1552d54791afc213d03ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91793fc7f3345e54409e41467533e1e5

SHA1
2306c6bbc89174cfda3a776ea18b1516b81baba6

SHA256
f25c68e88898a6b4443bcb1d7dd4f2432491bb5a95fdf3aaf89db473a092eae8

SHA512
be47b66e9e74d7a48c1de890bf0479445c3cb9a949820aa871d68cfb617c327cf542177363e74c0d99893778dbce150b840457c9fde0615ac844025765c49b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c3626a375d18e7587a726d30f011790

SHA1
932b735431b6289b8a10ff9273b1c80492935195

SHA256
0857184f4b5ec7a15f999b581e5a6587e30eb132b3c764cedcfb506f35ef73d6

SHA512
0c79600d1fec3a3aff86a7169fc28e5599291ba495e3a58f2c0c9765ce3746b5a4dfb206098944b06e2070dc422949c17543dda21ebcf5b9ad3a394922623c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0927ccf457eb97022139da2e99170103

SHA1
2acb8e45300668d4d13cc676e2e0725793685173

SHA256
8c89cab3e6a7b0d41a760f4029bbb24d3c0c616625f0f8e48e1e6552b7d8b641

SHA512
c35132fe28156f1d85a3293553f736d685189f4d9707d09f1c16cfec1fadfa604b2c2d5704917ac36d91dc526cc591fc47110af29c6065dc99de40d14e917efa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
20952f47e65bbe593009a02f1cc89387

SHA1
9ba221b86ce8aede2a8e6ea3efa71cd545fa028a

SHA256
eb6db416864bb2b6b02fd4e618bbf174d00483f1c92e2cfb538383e5d0d1edb3

SHA512
2d2652ffb4beae6ce0dd8e575145ac387b850b273fa56e387dee730bf1d1fdec1a334d6c6adc3be6ceaff5b9cf98d0b7c871850e5dd28f924f8466da90bcaefe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
85ec7c0a839258701a28f88fe66c78c0

SHA1
9ac54aacb85f90d6c4b7a78abad70659fce9899a

SHA256
2e984e6e0f48cc92e7cc0fd41ac5c23c3cb05b2b4c4605f6d7b8f6e556f9c697

SHA512
9774c4aac8d526ad4e5c33a4bd284447d4b224302f2ea40280d84910cbe52518689eae1940e8c969424941501b18d947a1e15ca71506ff79f678fdf8dd7741e1

Download Submit
C:\Users\Admin\AppData\Roaming\FunkinCrew\Funkin1.sol

Filesize
727B

MD5
aaefeb9257c9331d8ecae2a173dd1ab7

SHA1
0d6f3a849dc93ae6b0175ceb986901f9c61c835a

SHA256
47ea8760545fe73f2fe5141d177c5d33a6941ce7a34e724d92e429db57f29f6a

SHA512
8ae82ffcc6547df003e9e7f203e1830b61d07169235252084ff810330690d46b1b4660dc2397b379360e5d19f5e4028bff6cdb378579cbe42918fcd456c961f6

Download Submit
memory/964-272-0x00007FFAD3AA0000-0x00007FFAD3D55000-memory.dmp

Filesize
2.7MB

Download
memory/964-271-0x00007FFAEB150000-0x00007FFAEB184000-memory.dmp

Filesize
208KB

Download
memory/2028-274-0x00007FFAD3AA0000-0x00007FFAD3D55000-memory.dmp

Filesize
2.7MB

Download
memory/2028-273-0x00007FFAEB150000-0x00007FFAEB184000-memory.dmp

Filesize
208KB

Download