hxxp://cdn[.]directdl[.]xyz/getfile?id=64915

Analysis

max time kernel
189s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cdn.directdl.xyz/getfile?id=64915

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Evon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Evon.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133701763563876403"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
3888	NOTEPAD.EXE

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 5016	2404	chrome.exe	83
PID 2404 wrote to memory of 5016	2404	chrome.exe	83
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3588	2404	chrome.exe	84
PID 2404 wrote to memory of 3772	2404	chrome.exe	85
PID 2404 wrote to memory of 3772	2404	chrome.exe	85
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86
PID 2404 wrote to memory of 908	2404	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://cdn.directdl.xyz/getfile?id=64915
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff90e1ecc40,0x7ff90e1ecc4c,0x7ff90e1ecc58
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2220,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1980,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2100,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2988,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2980,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4268,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3008,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3320,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5152,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4756,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3256,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3032 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3800 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3264,i,6788902297899247239,6658127490435514609,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3724

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3228

C:\Users\Admin\Downloads\Evon\Evon\Evon.exe
"C:\Users\Admin\Downloads\Evon\Evon\Evon.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1572

C:\Users\Admin\Downloads\Evon\Evon\Evon.exe
"C:\Users\Admin\Downloads\Evon\Evon\Evon.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1288

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Evon\Evon\version - Copy.txt
1⤵
- Suspicious use of FindShellTrayWindow
PID:3888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\811bec6b-00b5-45c2-990e-5d22c4a28529.tmp

Filesize
10KB

MD5
c298bad89383b03578c96b8b29bd467f

SHA1
8a6986752715671f98712ba8003aec76c790117b

SHA256
ce8c8c2e36b3a283291a9b64e0734fa454a488618fe5a29214ddf2033953581d

SHA512
c135736a06ddec50e49e8e4870084746159cbae8a9e90410609f5438f777df2a8148e3b40e518ee016607da92d9cabfabbe08177e9102a04313cb04ca706dc07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e1dc2de5ff7b3e6fd97dcb5c4bdba3ce

SHA1
4ef52e381bb09cee214f99eb59b793ce13c29377

SHA256
4f17444afab7c1fb5d30228ff76d22f9392897572f263d208f1601eac7fe43e4

SHA512
b564150eb0ad42d6c1079efa6705683fe7b9744b7b24d8f98c63bb6f51c1d73d3b484309a2084e284d7bfaeea14b410e15a0204e7d3015fe6b3bbb4d96e0d7f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
fe4de074c437421bd54a570b3295c51f

SHA1
7babf90c903048242f4d43d52d54b41ea658b973

SHA256
daf5e5228226b3cecc210bdda2d5de19573fee98192588f6398e5c06eb225707

SHA512
da3333bb45d4d210771d19fa2b6d211e3664f7b44ff2e1d536950b1ca9250945038bb048cd24b89f6447fbd1e1a352e84120c9dfd47219c5444188514a0e26e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
6750898fc1fe4622ac24e9cb71725b50

SHA1
8dcd6c325158b4b84c6321676fc160b67ae007ec

SHA256
1dcf2231504e2e71d42008c65f2efdbb241fc94fbeae50b5c012f1116c0c14c6

SHA512
161cfe9558dd4e8b320fe8dfa0c55b044e9502776f556d4a49a5955489fd5ab6be3a68b95bdc6b5743ffc3f8b32927f1056c3fc028c31032c1ded0189e379008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
e6db101319c2cf8c6afbf5fdeabf4698

SHA1
0e67e4270483672b8424022fb119b337ce08f46c

SHA256
5395879c6d0051ea33116081951dc4b80643f1b701085e0dbb5d6469880d45f7

SHA512
d44affc593a6cbcc8c1897dd07fcb8ae0a63f2311609e3a8ce1ef1d453e9726ceea9e62f2a32e682689bfacf84e85fa1af3514e43e55434a3ec4014667de55c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d574d553-a8c1-4a5c-ae87-e597bb7f2bc3.tmp

Filesize
4KB

MD5
94e8813f00b8a8c1c59c505ea56f74df

SHA1
79cabccea47eda259ae2eca632602e179a85a19b

SHA256
49cbb3e9274ac1ea230ce7107aee38e0cb0fd1d40dca18ba0d66989eda7c489c

SHA512
55e69bb3cddb329a00e659c1af0ed98b9a67928828316095b7efeae33762129725276825cc2c92f85893867861c650e563ed36a3097dcbbd3dcb5077e3d68bb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f121a119-00af-4d98-b086-f49336c4cd75.tmp

Filesize
3KB

MD5
d7b142e1f6e673721c55a5c89d0f0e02

SHA1
bd454c71b1f28bb000c50c86f2aab422c6605e6a

SHA256
de723cfc64029bc9794b1fea52cb2a4f1b1523b31bbfa172171bd138206f9242

SHA512
0863d2dc8b8d75ec5252ae85ee54d93209ac8e32a8a5df063c1f6f995413e2b4d1c4b12ed61bda696e4421eb5e5261898f7dd0369727162415d8679fdaea46ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
49898fd419c76850cd2bf716bf9d56fb

SHA1
b5326ed4a3c4525c1a3631e8689197786beed5a5

SHA256
0b9e2be72839fa4bdd05e339dafd285b07260f34d75f67acba93c2383571ae58

SHA512
c15397496d68464cf4e3143d881ee3f94abe46e982b2f1b52b26ac6f63a21ebbec8082173b6b7586b64e1c576ce7a24373da6ff470b6e52b49c7ff50691ab74c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
addf253bfe806ffe4e952c4c9b4fcfbe

SHA1
4f962269501cf091f1290f64e9a950ddca6435d3

SHA256
7d76266e4aef8f0ca844be7a705101ee9597b92bcfe63c68245d5285a20a9486

SHA512
99ba054694ebda3c22fb971ed83da56a9930931f6ebf963d5e14fb63067180518d69282cbe9d638a823ca46029733824c3379bae3f5a3a056a7c1166ee5f8f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
42dcdf9c6bc11320bd6cfdfa39b19d13

SHA1
68f065ca6c74bb7d934b21d5d7c4aa51e778c5fa

SHA256
a45707f5f2c96051aba803282fd8c85feaa739b34487f6c2917a755f4758b26f

SHA512
a51041dac7d45cb54a85e8105a9e830656aa3de93a9fc5fe3185d9769d084693f3a1b4c27c0da950e24372e28b04f2ab87a9c63acd01cb9ad6a73875e159c314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba2d8939983d9c5b355af5768d554760

SHA1
8e42976f83729f54a14f31252f65f4f40775f678

SHA256
4f4c00b791e8e2cd7201f1b4692447cea467cfaeced65fb84b2638b9fc8836f4

SHA512
b9ef4c36cf9ab7f9b7469e236d974bcde9b5bfd4ac61ea4001ac7400837de3fdf29138456f201da87a897bb2e419d3f0232e6f104092680c6f08170c71a0d0c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcb20dd937e876c98cebc2ff3aa1ae69

SHA1
632d8ace01b7df3e5dfe9cfdb0d78d480b603a7a

SHA256
6cee58ea327975e952a6e8da9d7cb7a1201f07bf94fb698d02951ca908b2106a

SHA512
05c2594e9e3c90a4cb981036a952c12e5213ac346b7d701924e2f27b83362f0e0eb6e7fecffaab50f32575a474f32d81c744fba62d7a947b79e944f7debeae8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20f9179e0d78e7b46703aff7ff972592

SHA1
267c7dac19ae5c668bad58b806afd0f7aa1d5a63

SHA256
972b798a68771214abc24f416b99f7b2ea7638429d4ac9c6540d494acd08cb7d

SHA512
115651e4548ff89c3148ba078e25283be716acc4a99af74e769b68d8521335499beda16ff3ed58a22a433aae67eb67b5e6a7fb559d2c9aca5324bf6fb1f78d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9117c3cfcc10301d668e4ed30099cc7d

SHA1
a83c4727770515bfd579d5702ebf8a9bdcc1869e

SHA256
7eb9a509ad1d8abc2916cf60964ac8fcc1c4ccef9962fddabc9544db7e9b247a

SHA512
4d2c76d18ff72508f1ae5087fb319f2ba4dc0d8649d679c68eff5b17dcc5e9145511cd7c11f5e86f85cf2ac54c3018ffdfec50749e2a66b9e70ab9896faa02cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
71fb000b21a3ef1e438be9f3a95d0807

SHA1
a4ed2b02611b5c937d5ea515c13a0d9f8233e180

SHA256
522063901825ce61ed4e345bb8e1b6072cc44b1086cdec4e29cdec72f234ffa5

SHA512
03d4c5015a2a22f0acd5aa1c75c68acfc8a5313d115a093f6da61665dd376487430dea9b5bc4a4cc32130983ee34c3193f32df4e47fa039a332dcb56e1012877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6e69506857993b10b040862fd906bc5a

SHA1
b878b83a9b5e61aa0be554ce48d1e347d1907abe

SHA256
356f606dd3f51d7342d03784dfeed943d3911938e48bdf6deb33360e869f825f

SHA512
21fd46b9572bfbddb7437d73d1a5814f53d00bc29ef3680533eeeba1d2745c9a0b2c211b01d50592a2ce34b61abf8ed03543266eab810e5aa5b7e66fcec80358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3977afeb72575c169acfde9aeaff965

SHA1
937755f4a0045bf460c07c0db7d8ff827ec664a4

SHA256
515db549b0812586c46e5bedde255263e7b6ae08b16c6d36f0bce75d644bcd74

SHA512
c4d04469249094adf3e79d604ad4f8cc71dd5d40d9c4d7f80a560f566cbd34acea17278f3784b1842b39ebf5fd3351d5d73cbc66a77076cb8dc8938017fb0b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b63c6526-9b7c-4bb5-ac93-7e068be30418.tmp

Filesize
9KB

MD5
e9f1c3996e47fcfdd72724ccedd124b5

SHA1
cf2963cb8da2c51e6ef0bffe452f35a953b5c8be

SHA256
aa2b2a47ed568c8937ab25dabcd39edff7bfc9d5ad78e2d2579d1ea281c2a769

SHA512
3aedbf79874811b29ce8bac12836f9dc2e8dd57c808e60f02b801e89c871e74bcbb44fbc5fc5302bf69741d36f12f22904b3a58d481437af5598be3a8b269497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b24dbab498896ba225a9e825592df4d0

SHA1
87a86913db114fbdddcd0112550f88b5acfb0f28

SHA256
7e6141545e64ccda036f30a01900fc1a93f437fe0dd12a82fc2d13df619d7e48

SHA512
0565fe1b4b7eef23e8beaa34ea07aa33d5f0c57393535977ce77064ce2d9d7ed4a9b5c2a53e41a66bb787d9df8bb05f0e9c4204dabe75748ecfec3c39e380646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b60f9ca82e14d5f2656765fa5729f634

SHA1
f87ce9bc9aa37912485fb0ef31633cad47932ae1

SHA256
8b6202f5b20720d997fb90759299b97e20e68418e8eb14d12de87b536ecf120a

SHA512
df6940f58e3527d58e54ab78cf1bdfb34bd09223b4c54bf8054430ec5b6565834deb08b824fd15e300e169a3afb614d248c742f8d0a65bbd80c2ce5a4a8eb0ae

Download Submit
C:\Users\Admin\AppData\Roaming\settings.evon

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Evon.zip.crdownload

Filesize
11.5MB

MD5
bb3acc761ae796b558820b4be9a7dbca

SHA1
db33d16d7ae2d656bcaeef1af4fd069630e2bc07

SHA256
8c0dcd2a5bcc8f2b387c9695192508acab6023b8d82f587795aa44377fc55e12

SHA512
bfa9ed555fc884e1bbab3cc42a56c0d55c467fcbbcbeadd1c004da2186f9b1bdcbb95e5382eb88d0c97d98fca84b6ddd032c38dc43884d75dda2fe2df8f276fd

Download Submit
C:\Users\Admin\Downloads\Evon\Evon\bin\theme.evon

Filesize
129B

MD5
d6c7f9316b8b354ae41d240148df8a50

SHA1
e5964023d350b4c361e0e7b79b3e4ca2ec2b243f

SHA256
8ac1144f9077bc7c60437a9998ce03fce98b539f08723f33ad89da410c42004f

SHA512
3c975797f72754e3d6aa75296dc9710d55be67718ce4e76724bef58e92c7f1ac6645934430574c62538533027003e72f523ec658527452f0e469c12d1336fd76

Download Submit
memory/1572-213-0x0000000009080000-0x000000000908A000-memory.dmp

Filesize
40KB

Download
memory/1572-214-0x0000000009070000-0x000000000907A000-memory.dmp

Filesize
40KB

Download
memory/1572-215-0x0000000009150000-0x00000000091E2000-memory.dmp

Filesize
584KB

Download
memory/1572-216-0x0000000001CF0000-0x0000000001D36000-memory.dmp

Filesize
280KB

Download
memory/1572-212-0x0000000008CF0000-0x0000000008E2E000-memory.dmp

Filesize
1.2MB

Download
memory/1572-227-0x0000000009100000-0x0000000009126000-memory.dmp

Filesize
152KB

Download
memory/1572-228-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/1572-229-0x0000000009BB0000-0x0000000009C6A000-memory.dmp

Filesize
744KB

Download
memory/1572-230-0x0000000009340000-0x0000000009348000-memory.dmp

Filesize
32KB

Download
memory/1572-231-0x0000000009B30000-0x0000000009B68000-memory.dmp

Filesize
224KB

Download
memory/1572-232-0x0000000009AF0000-0x0000000009AFE000-memory.dmp

Filesize
56KB

Download
memory/1572-233-0x0000000009B70000-0x0000000009B98000-memory.dmp

Filesize
160KB

Download
memory/1572-234-0x0000000009CA0000-0x0000000009CC2000-memory.dmp

Filesize
136KB

Download
memory/1572-235-0x000000000A0C0000-0x000000000A414000-memory.dmp

Filesize
3.3MB

Download
memory/1572-238-0x0000000009D70000-0x0000000009D8E000-memory.dmp

Filesize
120KB

Download
memory/1572-243-0x000000000C3A0000-0x000000000C526000-memory.dmp

Filesize
1.5MB

Download
memory/1572-211-0x0000000008B30000-0x0000000008BA6000-memory.dmp

Filesize
472KB

Download
memory/1572-271-0x000000007493E000-0x000000007493F000-memory.dmp

Filesize
4KB

Download
memory/1572-272-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/1572-210-0x0000000008A80000-0x0000000008B30000-memory.dmp

Filesize
704KB

Download
memory/1572-209-0x0000000001CC0000-0x0000000001CCE000-memory.dmp

Filesize
56KB

Download
memory/1572-291-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/1572-208-0x0000000008120000-0x0000000008986000-memory.dmp

Filesize
8.4MB

Download
memory/1572-207-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/1572-206-0x0000000000CD0000-0x0000000001334000-memory.dmp

Filesize
6.4MB

Download
memory/1572-205-0x000000007493E000-0x000000007493F000-memory.dmp

Filesize
4KB

Download