hxxps://drive[.]google[.]com/file/d/1ZX_mgRgHjy0_TLdxi6myZQ_U74w9X80q/view

Analysis

max time kernel
300s
max time network
292s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
25/07/2024, 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ZX_mgRgHjy0_TLdxi6myZQ_U74w9X80q/view

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1744	SetupExitlagcrackv3.12.exe
2576	SetupExitlagcrackv3.12.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com
6	drive.google.com
14	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\7zOC0935288\SetupExitlagcrackv3.12.exe:Zone.Identifier	7zFM.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133663821183982793"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3766757357-1293853516-507035944-1000_Classes\Local Settings	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\SetupExitlagcrackv3.12.rar:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zOC0935288\SetupExitlagcrackv3.12.exe:Zone.Identifier	7zFM.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
1744	SetupExitlagcrackv3.12.exe
2316	7zFM.exe
2316	7zFM.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
2576	SetupExitlagcrackv3.12.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2316	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
2316	7zFM.exe
2316	7zFM.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
1184	7zG.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1744	SetupExitlagcrackv3.12.exe
2576	SetupExitlagcrackv3.12.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 4796	5072	chrome.exe	81
PID 5072 wrote to memory of 4796	5072	chrome.exe	81
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 456	5072	chrome.exe	82
PID 5072 wrote to memory of 1556	5072	chrome.exe	83
PID 5072 wrote to memory of 1556	5072	chrome.exe	83
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84
PID 5072 wrote to memory of 1244	5072	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1ZX_mgRgHjy0_TLdxi6myZQ_U74w9X80q/view
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc18bcc40,0x7fffc18bcc4c,0x7fffc18bcc58
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,11422875570241105645,17812218915752057059,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,11422875570241105645,17812218915752057059,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,11422875570241105645,17812218915752057059,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,11422875570241105645,17812218915752057059,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,11422875570241105645,17812218915752057059,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4636,i,11422875570241105645,17812218915752057059,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,11422875570241105645,17812218915752057059,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4252,i,11422875570241105645,17812218915752057059,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5024,i,11422875570241105645,17812218915752057059,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4020

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4924

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4820

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:888

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\SetupExitlagcrackv3.12.rar"
1⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2316
- C:\Users\Admin\AppData\Local\Temp\7zOC0935288\SetupExitlagcrackv3.12.exe
  "C:\Users\Admin\AppData\Local\Temp\7zOC0935288\SetupExitlagcrackv3.12.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1744

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:4780

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap27482:106:7zEvent30752
1⤵
- Suspicious use of FindShellTrayWindow
PID:1184

C:\Users\Admin\Downloads\SetupExitlagcrackv3.12.exe
"C:\Users\Admin\Downloads\SetupExitlagcrackv3.12.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
23ffd75a8186cf6179a51706a2737d0e

SHA1
ae3ca1854f82239715d8a9819e5a4b94118f9743

SHA256
82a3968c0ca819dc044fa46c7074af7e217b66d5f2368b2330178a6c5e2eda0c

SHA512
b0dedae183c69edd92535a7942c982ba3c4b42a41e519a55ee603f3143c3401f83461829be0bfdd6db19f2471191b9b180ea0208aff2b8f3dbb51bae44ac0ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
c85bb251346940603e51ab65849ef2bc

SHA1
84f7e96bd25bd3d826be605d9806827731ba79ef

SHA256
7696aeeb8974dfdc27ac746e9b8a40fd3ce709821b29be486fd2ea20b8458a2b

SHA512
b0e667faa792c72cd31b4d37df63fbe96bc5c2c9936757ffb08bef005a7642efb2a70d575aee84af162358a8160a7a04ac150f2268770e31f8405b95ec813dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9acd0d1b-59f0-4d9d-bc48-e9e92d88f0ae.tmp

Filesize
1KB

MD5
6ee881144af329691f5ccb5c48c352a6

SHA1
3b042270bbddaf88b19eab44d24ba0dc85753b07

SHA256
d9b00f7ad87bab3ab9599101a7300895337a65f68b79df7eed4a0cb6b33106a6

SHA512
2b33f1967043cbb30e8e80b3d0cc8bb2c2dac56941c10dbf06818fd6615f0389a2d668c65864d983bd0908f375baac9cb43cb632427dad610fae5fac4131f80b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
94425b5f53c400fd79e391f65efa1857

SHA1
f6cc6688f3651b57b0234338fba5fd3bea0c00c1

SHA256
7e2886b76ede223fd1d044d08f40e1f2bba224dd118f30188d1f00d60bdf0f7f

SHA512
bfb0b4429433f4c729a72b04c9019288d24190ee20332c5df426d204f03f9b5b196b81222cdc0910119a9c01960fbb015f9eb02bb5b04f56220056fb04408e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
79e42df7ce798fb76a8d353e08360d10

SHA1
f5af7a228665351fca8cd0ae52f9932fe769343d

SHA256
8a8a855bfa2adc1fb95ba7a399c177067a3ba106b060d4c477813c372808ba27

SHA512
3dedd4737bbc3b90556b304552d4a113eebb9192a2e7e8f275d18b3e0bfbc531117b2ab87ee0896923518bea8b3ab0e1e6b809039adcf400944b71828060f75b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa1485303d0be0ff7d1c0f26be76022e

SHA1
d53c3b8d2247456529b3a7aa26848967e8e6b1c3

SHA256
e5f9ecd79362fc02d1cdcdf8aca2e0391a438983be3cfc119a2091ef451b0335

SHA512
9d4035a9bd4501e3482aaee7d74292757e4c7c3d6ecda9a6d561abee64bf3a4da28778f493ef862d8e1b734a3243594a61376f588c65399b8129a6044de400a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a03fa58d2e640c1080426b027bd626a9

SHA1
fa5c2995bbbc5922e4bf9c638b30f513137a35f7

SHA256
84939989c330b67c5b3b12a48bccfbaf9d2b49179a6abd3ac5270fe8a4fc7e0b

SHA512
5ae4e86b96d3ed64f0abdd0d5263f6237074023c931259a877fdb5a9b0ce3d7c298f7407aec6f06bb56ce190ecc62eec619efa7d1df5c9d219c145af24c84adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
938596901b531cec9de9f1363e112b67

SHA1
6f9b337f62ac6c6e9a6574762d55cec243733145

SHA256
b85e6d85287cf6eb247086039dd12225db8438163b91fbdcd7f6ca0ce2dcbf2b

SHA512
e9b5610b5cbe62eced79b63b573d71110cc5de118bffcca6632717ed444275221d5adf7cfe403321248c86d8ea24667de8b4de5f8550ab0cf5ea4cc53d354d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
40eea593d9a1c00f61a5c2184509e024

SHA1
428771981d252ca9d09ea6c66d5d9f53aaa9e68a

SHA256
b47e6bfafcfd789cdf1c8f6c2059d2148f13c3999226ecf68a3db6e8ce9e652d

SHA512
befd504b4f4cde9b787ff6d040f553a716fc32cb67afbe76f9b45559955d9d6524fbb2c6e43741a6195844d981d072f87c04d5cbb55433a19a8b049398d0d5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dac29c53ceb016003c91db6fbff3a2d2

SHA1
53125c1dc82949126a740503cc6331cbed861e26

SHA256
7aa1d8628dfa104778471b791f6017b0317abfe6c26449d6c9c94dc41684235d

SHA512
68f7fee092f02cf835dc914be757ab2b16c912257c9a00f4c983290a6ce6d4f1e767849776f96c64634da7ef5af4b81660198e0261b0aa2e8cfc03c324ab52af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dea61b45e0c3d24bc34251af9570caca

SHA1
e5d67e0005141d508e485514dda831469c3451ba

SHA256
a9a57288073477bdaf587c3091e3b706fef8c703d19329f1c6573c32a80e575d

SHA512
9b21e3ab0bd28546c9f8147970ecf2819ba9790f629e0f8ddb78dc76243b5f4836b19e89063c76b712941b9507c99650f5addf6327788c2a385e67083599c366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a418f31f3e2ed8c8eb8572483d0fb04

SHA1
54d898ede8789d2bee463256094c54a2e0e55b9c

SHA256
f92f6d4e486373667fac8fc79f18949765891226668acdeb47ee218343819afa

SHA512
2ab91d0b9b1ca3ea5b576d1e27a6e0a3d6ef2123ef1128fe0027bc56134f382b07b4a903f18e8ad14e9dc56f7a99c5cc747c70bc6f0b0126577d3bc362ecea6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20809abadc05072ed60f29fbe96d3d0f

SHA1
ded3c048be2317b23a0e76b10afee3100cad7f78

SHA256
ffc268deed13fb64a75757953cead5efb849340e40bba3b50bea25dca68900bb

SHA512
45b1f67f621044aab9a42f5c3ca47b245bc0ab7c2f4cc5e03bf9e5a9ae09827be65ecc248a5c29ea30a32b49a978e805879b47f05a04cc4d8d61afd477194091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca1232ba5c6dfc2b4f05361e2f5d7dec

SHA1
015322b5be8dff1e662fd6a1b5913e1c2cef51fc

SHA256
4bd9fa6db92f683f6c0e0fdddbf86e869260013b7e4454b5f7b4c9d3019b244f

SHA512
53de3e1b14d3b1e32fe49954a6923a12da714dc98e3074864139ca1f531581fd5df50d5d29b799c50f4bfc18c7ed5ac08d2d145836811fa7bc02064f89568a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73baa10a771369f7535d53c536c1008c

SHA1
0cdee6d04b2ba8e9f33c95e2bd32eca7eb30f4de

SHA256
8182c43583503eb5756d180f014757ad21008092e173b5d3ce6a4e0f5b0ad052

SHA512
3f041e1df3d6a8d9def68fdaffeec2fa1f7945474098c7c2e442c9e7e63f5d4643d09c6780212220b1b9edb9e52c2d307b4a88b48559593b381c922bfd86d042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c30ea2616ddfe15578bd34e7acf8d8b3

SHA1
b6aaadb5c5f8e38b99cc6a3370fa0b74789250e9

SHA256
f38271fb0891f20073ee7979efe91cc84b2f8db53ea62e647991f1054d93025b

SHA512
edb464afebaf2528087e7d8b10a2906642616624adf897f773ce44fddf8be6e33dc41e2938d059350c42a11f30d89816196ec201c17907d49fd42d4ac49ad4f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32096bab7c4c0ad9e890922157a87522

SHA1
708a2c6ba6fb7726b87fadf7dde4618627c08fc0

SHA256
37d9cdfe07b3a134275047b65de058362402603c62c0f58d98a31e52e12ceeca

SHA512
3851188a09e6e9a7397d7ff4b33a0aca6530ec586e9303fba9951a82c9c1a63441d3630ae8754ae31e828c107187ae67ef0b92a54e6cf2daa2757e11e6c5a616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f441a41a28a6e6b29b61ba14e9e7a66

SHA1
03099d18f684beeb5b9f1ba7188aa9f2af19b4d9

SHA256
a000a682d75a55eb2181a6b108fd06336487d4527b673c9c491b847c0757438c

SHA512
dc0b11f72b25e6e374f2c186865c80d2929b2fb5a4c732fc5302213721966ebdbb5deb82c847c914d5b099be1111cec64fd3be8a8d984f1b8d4b3fbb8386ef8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4dffd976ac64e21fb231988f26eb070c

SHA1
1e34a18084f75ed48b5dbf38e25d4f23c4a5cb83

SHA256
c68fd37dc778e616d295655e91abf0642779d371ceedb1e3e248a29b2b4f6f91

SHA512
f7ab6c493f209e47ee7e8cf340239d7ecd80ec02b0991c0d54b9907d10bd13db4fb3947a90560017af8ccad86b1de6f502f1fa4876ca9c79574ea5d3360fea48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
396fdfac358ac08d1020e1c4ab974138

SHA1
86eeb0dc6edf99ab9fdce35855223319196e826c

SHA256
93820acbbfd0430a3b7208cdb005286b1295034317685ad15bf7c4e395cbfb41

SHA512
d1c67d995b768eaf445cd9827b36bfc95807f83ee62291eb208cc102d63fce21fe901d97e78a0bca782218c5a90c6f42f9c9863cfe89ad5a9659b288167e1bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0220bd314f64d3fd7272701aed10c41

SHA1
5395d5ba3f53d05477aeb8939f9069992deed6af

SHA256
e50566b45f9a8aca94f6eed87bfd364ad9c4b2d557dc783312b6fded0bbb04d8

SHA512
c7ac88973f92bbde6ab490da2277a06ade5de8afdca144b2debceed937031dc57d380619764c7375431b6ca2954b299766e94f7145bb1085757b04b330eafa3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27a951d518597a8cd40d2bd9ebfc65bd

SHA1
e2a6a1bbc6a5e68ca056ca030e7561a47677aa19

SHA256
c7953131cc529f8e7ab64b6c106cf91d7de07ccf69b398bf0bbdf43d8f1e3b6d

SHA512
a1d11fc374fddc5f4cc08044799334a14865cb41c0650cf32363262db91d43eadbeb5080001dab3510018b698fcba07df25f6aa5734ef7331d0439fce144a256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c6cc1b1c9061500c8bfc1730da0330d

SHA1
dc30f4bffac36b93ede03300f6da17c047372ce3

SHA256
95daa0dfe3fdee6310e10fd56a0d5b01af51ec58fdfd90ffdf3024de55dc9b0f

SHA512
b46a856d2d7e1e52018617c08a5433adae41bee1ff3413d91b389a0032c9a73966879c64fd789083424c92205ac6bac5a95e933f9347f200c91aa34353161277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0b354254a4739d92912cb3c5edac2cf

SHA1
f1c5224dcea12b3ed425eb0c12f00727f0a3736b

SHA256
89ffab793ff3b7e32d791ef65dc07919d3345b93dc59ce4f85ddc89812f8a846

SHA512
37ee239566623e52c6bd791e48c84783d1ba0dc7c8cde98720d29ae1f2496224b7a3d9166ba459545efb43e25f78a3a33a5ebf4c4ccf16608b53e2e737dfcc4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82ffa7c78bd03fe8ad12125a24cccd2a

SHA1
86a5c4440f026f92689267817bcf35b1f8c274e1

SHA256
26c6d68ed51ab24119084a31cb2f67afc14b9063be4397a98d5cbde620921e24

SHA512
c933265eb631cffb503ef28b47a57dae30157c5a77d3ff14a06922320f0d99f6ba31672a2a49f9159771e7d92a03c8da62ca7ddcab150592504c597d1a2822f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
7b04ad689f88c94147ba3d3737404477

SHA1
7a884e157171fa7d8bbb9f5de9f18a798dc57fb5

SHA256
cff79ee64db22f3e4695143bb1152e03707bb1b581676603ad5caa8a49e5974a

SHA512
4da2678325efdc909faa745b020d8907e9dcdff331718343aade78448a1acecb6d03b8a48a57b850de4a4ebaee5483b06188aa2898493f22f1e974737b64bba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
06a64e0ce293c9600b1dcdfef4c11897

SHA1
c2d29272232941a403ecd33d8dca3c83ad8c92da

SHA256
2756b703d059d95634bf51aae7d9cc57ff887f8f37b5b49b774571fc85ed34d6

SHA512
30c720e5a768b191e28d0434bde9c0c99cbba626d1cbd584dfdf436d43da15df3829f5a6bddee8ce1571028d1f8ca180a485e07ffe72c7b1a0d9f1fff25e3f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
bd4d39a030656d34fb171a6b180740fb

SHA1
4bb7587c008d13202ddfd6f81dad275c88baedf2

SHA256
aa0589a465754c9ccfb9eb5d585259f06d54fdb93fc070d9dfd7341802047fc4

SHA512
0e4ef879f272e09b717bb3cee4bb35be508ffc76ff0d2cbc502b6f5be298688d5202e301cf3b58562c833f9ddd5a01e9cbfdd765cde8a75ccec50d3a3cdc4573

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC0935288\SetupExitlagcrackv3.12.exe

Filesize
2.7MB

MD5
72a6b9761489f09d37caf0514be2ae6c

SHA1
e73f3f0b1be9a67c0774f8e34a332a6943ca72b2

SHA256
2fc9b003bd366cf7c6899e244851ba2a6a9c2d53024025c77d55e54ad19174f0

SHA512
7d742b2edb6280c450d3184d7956e473cec5201b05730ef41cc0311b9c93e80d84fc59a252b8026aa3eb69dd8673469cd47ef5a620e8971fa1ad0cc5b46aecaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC0935288\SetupExitlagcrackv3.12.exe:Zone.Identifier

Filesize
173B

MD5
43aad700f64735fa9c7bb02d30c4a0d7

SHA1
a6222196ed66a26d87377d24dec956ba7f57bcc6

SHA256
5ab76e9bad75db84582a3fc9d0bcaafe2d083a90011f11dd38e14eae8dad8964

SHA512
3585b4e8e55141bff1b36060a65c0923209bae75612918818486d9db511f2a0364bd1900651d862e81abad73ae32838223c6e2a6eedfe97b7422e3b062bc1b7b

Download Submit
C:\Users\Admin\Downloads\SetupExitlagcrackv3.12.rar

Filesize
931KB

MD5
f2b6c8019b909d70f25b946bc7968df4

SHA1
22b8b7b0730b527beb6a40dfbbd530a8c1fd901e

SHA256
ff34367a9da352fa052f218087b11e5f8d48d09bbc4cc69caf14eea1c0fcfa7d

SHA512
eae40d8b5c50082fab3df92bea168b40bbf34691f694a4f293682e1e6b652c6af3b6e1d3b5f3c8f36b5121151f5043d37b240741667a0c26eca58fda6675cce5

Download Submit
C:\Users\Admin\Downloads\SetupExitlagcrackv3.12.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit