hxxps://flappybirdremake[.]com/

Analysis

max time kernel
149s
max time network
145s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/08/2024, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://flappybirdremake.com/

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
2	discord.com
22	discord.com
23	discord.com
31	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Flappy Bird Remake (PC Ray-Tracing).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Flappy Bird Remake (PC Ray-Tracing).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Flappy Bird Remake (PC Ray-Tracing).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Flappy Bird Remake.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe
Token: SeShutdownPrivilege	3288	chrome.exe
Token: SeCreatePagefilePrivilege	3288	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe
3288	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3288 wrote to memory of 3760	3288	chrome.exe	80
PID 3288 wrote to memory of 3760	3288	chrome.exe	80
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 4764	3288	chrome.exe	81
PID 3288 wrote to memory of 3552	3288	chrome.exe	82
PID 3288 wrote to memory of 3552	3288	chrome.exe	82
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83
PID 3288 wrote to memory of 3248	3288	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://flappybirdremake.com/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93ed3cc40,0x7ff93ed3cc4c,0x7ff93ed3cc58
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,1677222476134425926,11708855663524301888,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1368,i,1677222476134425926,11708855663524301888,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,1677222476134425926,11708855663524301888,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,1677222476134425926,11708855663524301888,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,1677222476134425926,11708855663524301888,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3464,i,1677222476134425926,11708855663524301888,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5100,i,1677222476134425926,11708855663524301888,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5040,i,1677222476134425926,11708855663524301888,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3184 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,1677222476134425926,11708855663524301888,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5028,i,1677222476134425926,11708855663524301888,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3728,i,1677222476134425926,11708855663524301888,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3012

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2252

C:\Users\Admin\Downloads\Flappy Bird Remake\Flappy Bird Remake (PC Ray-Tracing).exe
"C:\Users\Admin\Downloads\Flappy Bird Remake\Flappy Bird Remake (PC Ray-Tracing).exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3340

C:\Users\Admin\Downloads\Flappy Bird Remake\Flappy Bird Remake (PC Ray-Tracing).exe
"C:\Users\Admin\Downloads\Flappy Bird Remake\Flappy Bird Remake (PC Ray-Tracing).exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3280

C:\Users\Admin\Downloads\Flappy Bird Remake\Flappy Bird Remake (PC Ray-Tracing).exe
"C:\Users\Admin\Downloads\Flappy Bird Remake\Flappy Bird Remake (PC Ray-Tracing).exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
1022KB

MD5
0f6d4340db2865aba017f47439ddeb4c

SHA1
4a0167e30410694133ec4c21237bac542e711dba

SHA256
1534bcc4d3dd3ecd400354e4b499bd8bed884ec6b40ece0b5358431d07b091e3

SHA512
46ef5e6bc42cda65b5dd50fc3f468088c09bc7a96e70774ce65e31c85086c3f922e2c2e4518293246858831773cfa1fc23bb1b41180f35e27f2b3dbe267b0b15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
7dacb03028b2d23ed02359776df9876f

SHA1
787c02729758adfad9b9b31aef64b4f16ca95e1a

SHA256
a390566689d3c14f3014742c684f2401e70328b8ecaa4d26a3c4ecfeba8a6e1f

SHA512
905cfd4e9c2a137f5671013e30653fe13737d9ce740f031dc0e421d8a66690710b2c119ab4f52f00bfade7f1bdde727c63963862722643f3edec460afbd88944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
07240e0e43b84d504495bfdf0e8ad83b

SHA1
1577ef30145b4ae3d287ab80e0031070c9da93c9

SHA256
9268ee78a3d8f87a50925e6253b923c47f6465298836740a704934d88204cef6

SHA512
48cbbdf45e9e4ebb19cf42b24ef7badefbcf0ae8a4e86001a50c9e63589e3e03d32afce4e8b21a51be6f5d066aef8004ff510b3a4483ac89044ee84dae92a1a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a0e3cd2d4f5199838151411ebde30f63

SHA1
140a66a4bcb6504bed245d952f2633fe99e9ab5c

SHA256
09f538d7e36bd38c1e33916ed4a480c9e51bf3ad950398901028c2aa4071ef0a

SHA512
14ab09324e0e946967843d92c396fc79f352a66c49801c179e07da19950471826a19830029bf2b03fc24e942e6de03e9d47bb4242828b1bfcf8eb6269cda83ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b721bab2242208bcc2dcdeaef665cf15

SHA1
c532bb30a2d16242e44f7bbb49ec53a23fb18af6

SHA256
956ce00dc86e7d559c6519226a6f37013dc299437a2c52f0e8f519691bd676c4

SHA512
3b8a5d6880763e0c04a23457ea387508f9b1e6fda168df71dcf5012c0b4ed5eac8bd3161d1a2e4a3bc712c6d921a34807182c74c4787fbb050443511523abcbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c58fa5ae503dd04b7ef5de88ddefa55c

SHA1
3b9aebece1b563df7a3a63e57f1a6b35a95e7761

SHA256
7713ab9b8d43f619b0804025b46e2e5b88861d769ce33d1b261559a3da6532e8

SHA512
c1212fab0ba76ee992273fa725dc94b2f1e363a72f946d1980d59bf01a80cbc72ce5bd32ff7e9eeb885a51ed8597b2fcf00444b0d6828ff95ca67c54bf867f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8b533d2bbd53ed9284be7867d3198b8f

SHA1
1031f495552d645c647e454581117bbf1c4f1a27

SHA256
7f7240fc23528576c72233698ac8c29eb04e25c1a9547028a2a53f24c04c9342

SHA512
c39ff63a505bc945b65dee9dbe2bcc1bb78a6122cd149305f3285a3af6745aed07e4a11e455f90ca51c2a2d20c61069f7d931d4d73d3d9e27d3ea4f7b7a637ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a1809b8d68d8cf1fc02dcd73a2935822

SHA1
5e3e30d8656a0f475e6e703480b2373bb505c749

SHA256
152937b98b77f981c4b388585f21325933c6b84a1c4bd90672e799566013dc84

SHA512
1daa4f6a48effe7057b56b68e2f2ddf1c8a811359a9031ea98a9272dd5807df66c8e81936743270c9831032be68a04c640851aad62012f13e3ef80ac200569d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a08ecef2ccd4eafdb6302d201410268a

SHA1
d4de023a0e37cd4fd5b630c57f3c6a600c182157

SHA256
6121383599ae83ae0717f95da39045f07f627fd3dd45074c3522d65b5d480780

SHA512
5ccde651736aaf75942a2c797d10b1eb8ee4841b9fc341d553c5db58cc51c6c368a11d0688b70569b7a31480aef879e08f24b80f863f24bf9c4ea425373268e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
80c2b081ecedc3cae66be150c6ce1a68

SHA1
22bcc0c9570468b9c08ad17cc90a125ddf3d8c57

SHA256
c59f6a05442097f6f5e8c1069a8c9f674723e1a58eb14dc4dd813e2a79d9ccac

SHA512
5ba463f2606255c97ffd80a5ed69c3e4964167b602f5a77fb3553a1773f24c58e035647c1f4cbd793806644390e70e8c5055d280e54fe189a348cd0e8182cda3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
71a1d5c5d8f3bae3f80a3943a7bf75bc

SHA1
c874dd915c4c13e206607d4a95e3ec9ab5954a7e

SHA256
6bc46c70b5cebda196660506877ebb31e4cf0b2de059da0957904abcbe3da8f3

SHA512
c7f1a208326b5ac640606e6dd71d94b301b3f161a83450c2d60c8b661c287472df828757abca59955fef95471d5300da6fb739cddc898b14412fc7c3b7e4f7c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
11d5ae046d454b26119c6c5b80329f0c

SHA1
247907394a6b0ab0558a1b00d0af26528389c6f9

SHA256
b751ae4b4a51057628c4d73d8ceeb01f8fee8ed704db1eccdd7582ecef2900d3

SHA512
c1d8c39d3b656eabf7f6f0b8731f2a3bad5b0737376b7eb801bec7ae32a8a940a0aad61bac79c88878be7810191e4d9b46599f1b1b47c43f3f9fbcb9691d9689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
71ba887e722f2e84629522556653a385

SHA1
c17411200977cae904f67fc24d42e4595230a51c

SHA256
73af569a35f3dffd1e8af6dafe1d50156bd2885febdd89e703653d962aba32ec

SHA512
63cebcd9f656227b95c1612156ee67162b30fb66b5199be17421960d6c031321a65b50450198bf495d343fe714c41c39e21b863957cc4039658d5864e47dd30d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
6ec66f8c96bd97ca28b4c3cee85a26e8

SHA1
63186eff8962cdf7c415e4b67774fb9b54ac4c0b

SHA256
c581e6f88985eba5040b62c1a61ddf08bb8945d0f294d79eb7dca7eef1e9fc2c

SHA512
a21505b51bd534b4ea24e633cc50bfe70bfb373a1884299e09eb292c91d69f079f287601d24122ca97ca73fabeae784d095ba010ae18002e5ee09aa55a0c3ea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
b662e12caaa66ee386d1ca5682b08bd3

SHA1
663baf6c5b59790dcceb94881dbb3be57add79a2

SHA256
5ab0ae4d9aa59ec12b14fd4ff7972f0f96e623fe73bed76c15356e9a56047498

SHA512
afa78815dfdebc2e59d7ac58252835c3258c69c6d238677840a8077c0c8fc77f8b667bb803fb11364198f8b350267a274892f086ffc27f551a5b96556fd643b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
c62a478dee3dd05519d21b987eb082f1

SHA1
2b314bf0e1800acaab1d21d73c6c4a4aae388b54

SHA256
5fe718c576a63ce8d5c21fbd722792252b7b9ab3f898694cf30407e2b716cf81

SHA512
90f27a21be4e00f3d5c76fe507c11deabbbb7082dd8d4ed3da38d22ae7b1e1a0e03d7b9f98858d821a6e095d58b9e59602f0358a55ea246e783f82d87c086168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
a594b341294af09093bb011382717873

SHA1
84295146ed907b67b0fc360da46f9c757633fd61

SHA256
00c1fbd48ddbc63318bc2892b4e0d7ee03adfaaf6aa7fc058f44e310b2e370ea

SHA512
99d15b925a4f44c55300f4cc2d0addde425bdfdc01d5cb739a760b617d204597982d29b90e658ee50c2e1b0428158c4505cc55420f174c6c0b6dc9d76cab9b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ce6574a4-3e3c-4d75-b791-a0a4ceb2c441.tmp

Filesize
101KB

MD5
892a57c5e254ae2d88bf17890a3feeb1

SHA1
a2721071aeefe25931ab1bf266d74e67ac6b07b5

SHA256
81cc67b21e302e532c5a10c45b5488f29716688501eba50f130952374fe098ab

SHA512
2cc060c6afb54d33e9afa5efc7db17f1158efcac3fe03f1da6b94aae09c54c66ab144abed37a86f3b47e7eeaf457b3f3063f43428bb5002ad73f78eac048fc86

Download Submit
C:\Users\Admin\Downloads\Flappy Bird Remake.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3280-127-0x000000000B0B1000-0x000000000B0B5000-memory.dmp

Filesize
16KB

Download
memory/3280-128-0x000000000CE41000-0x000000000CE43000-memory.dmp

Filesize
8KB

Download
memory/3340-106-0x000000000D7B1000-0x000000000D7B3000-memory.dmp

Filesize
8KB

Download
memory/3340-105-0x000000000BA21000-0x000000000BA25000-memory.dmp

Filesize
16KB

Download
memory/4192-172-0x000000000CE71000-0x000000000CE73000-memory.dmp

Filesize
8KB

Download
memory/4192-171-0x000000000B0E1000-0x000000000B0E5000-memory.dmp

Filesize
16KB

Download