6b22c7ccde965a7107eeb3dbecf9ded53726db512eae4b6c48b814ee4ce465b9

Analysis

max time kernel
199s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download.html
Size

2KB
MD5

d1a5462a7480fc1ccd1695ff8e19ed83
SHA1

000beebad594602d18db4dfcfa9f7354c7c4132f
SHA256

6b22c7ccde965a7107eeb3dbecf9ded53726db512eae4b6c48b814ee4ce465b9
SHA512

bedcd5711ec4e31501e5fde8fcbe3c9519e15e9dd78e48bda022fa8da93ff3cab5bb7b808ccae09bda5d937a26ecb29c9ba95a7c442fb43d847838a04b2c25fd

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
3520	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe
2440	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
2708	Serum_x64.exe
4500	Serum.exe

Loads dropped DLL 2 IoCs

pid	Process
2708	Serum_x64.exe
4500	Serum.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 55 IoCs

description	ioc	Process
File created	C:\Program Files\Vstplugins\Xfer\is-MIL1G.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\Serum.vst3\Contents\Resources\Snapshots\is-5KMNP.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files (x86)\Vstplugins\Xfer\is-Q7UTC.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\is-C98V7.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files (x86)\Vstplugins\Xfer\SerumFX.dll	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\Contents\is-NOD76.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files (x86)\Vstplugins\Xfer\is-12J6S.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\is-7K2RA.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Common Files\VST3\Xfer\Serum.vst3	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\Contents\Resources\Snapshots\is-CB1OF.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\is-BGJVF.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Vstplugins\Xfer\is-EVLGT.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Xfer Records\Serum\unins000.dat	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\is-60QDN.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\is-GR1A1.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\Serum.aaxplugin\is-S9MGE.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files (x86)\Vstplugins\Xfer\Serum.dll	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Vstplugins\Xfer	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\SerumFX.aaxplugin\is-0NT56.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Xfer Records\is-C3P5J.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\Serum.vst3\Contents\x86_64-win\is-0G8G0.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files (x86)\Vstplugins\Xfer\Serum.exe	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files (x86)\Vstplugins\Xfer	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Xfer Records\Serum\unins000.dat	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\SerumFX.aaxplugin\is-Q1C0O.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files (x86)\Vstplugins\Xfer\is-P48BV.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\Serum.vst3\Contents\is-G48RL.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files (x86)\Vstplugins\Xfer\is-GVC38.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Xfer Records\is-006R1.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files (x86)\Vstplugins\Xfer\is-T9BEP.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Vstplugins\Xfer\SerumFX_x64.dll	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\Contents\x86_64-win\is-7BHKB.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Common Files\VST3\Xfer	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\Contents\Resources\Snapshots\is-FSS0B.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\Serum.aaxplugin	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Xfer Records\Serum	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Xfer Records\Serum\is-LQFPF.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\Serum.vst3\Contents\Resources\Snapshots\is-M1Q2K.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\Serum.vst3\is-NUB9L.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Vstplugins\Xfer\is-OKH09.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\Serum.vst3\is-31K78.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Xfer Records\Serum\is-MR2A9.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Vstplugins\Xfer\Serum_x64.dll	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Vstplugins\Xfer\Serum_x64.exe	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Vstplugins\Xfer\is-PC87G.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\Serum.aaxplugin\Contents\x64\is-OP8FR.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\is-4DNRS.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Xfer Records\Serum\is-N4P8C.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\SerumFX.aaxplugin	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Xfer Records	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\SerumFX.aaxplugin\Contents\x64\is-VE8AK.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Vstplugins\Xfer\is-CPSTC.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\Serum.aaxplugin\is-57OKK.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Serum.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msinfo32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733273593630624"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4528	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
3436	chrome.exe
2440	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
2440	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
392	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
2708	Serum_x64.exe
2708	Serum_x64.exe
2708	Serum_x64.exe
2708	Serum_x64.exe
2708	Serum_x64.exe
4500	Serum.exe
4500	Serum.exe
4500	Serum.exe
4500	Serum.exe
4500	Serum.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 2356	4104	chrome.exe	83
PID 4104 wrote to memory of 2356	4104	chrome.exe	83
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 4304	4104	chrome.exe	84
PID 4104 wrote to memory of 3552	4104	chrome.exe	85
PID 4104 wrote to memory of 3552	4104	chrome.exe	85
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86
PID 4104 wrote to memory of 3516	4104	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\download.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd8759cc40,0x7ffd8759cc4c,0x7ffd8759cc58
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,15519858186287741533,8266795759259791086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,15519858186287741533,8266795759259791086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,15519858186287741533,8266795759259791086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,15519858186287741533,8266795759259791086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,15519858186287741533,8266795759259791086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4312,i,15519858186287741533,8266795759259791086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4456,i,15519858186287741533,8266795759259791086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4316,i,15519858186287741533,8266795759259791086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5156,i,15519858186287741533,8266795759259791086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4056

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2788

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XferRecordsSerumv1.368.q.taiwebs.com\" -spe -an -ai#7zMap15500:134:7zEvent25361
1⤵
PID:4544

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Downloads\XferRecordsSerumv1.368.q.taiwebs.com\Xfer Records Serum v1.368\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.nfo"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
PID:4468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:392
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\XferRecordsSerumv1.368.q.taiwebs.com\Xfer Records Serum v1.368\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.nfo
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4528

C:\Users\Admin\Downloads\XferRecordsSerumv1.368.q.taiwebs.com\Xfer Records Serum v1.368\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe
"C:\Users\Admin\Downloads\XferRecordsSerumv1.368.q.taiwebs.com\Xfer Records Serum v1.368\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3520
- C:\Users\Admin\AppData\Local\Temp\is-3THMG.tmp\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-3THMG.tmp\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp" /SL5="$702B8,202760713,792576,C:\Users\Admin\Downloads\XferRecordsSerumv1.368.q.taiwebs.com\Xfer Records Serum v1.368\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- - C:\Program Files\Vstplugins\Xfer\Serum_x64.exe
    "C:\Program Files\Vstplugins\Xfer\Serum_x64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x50c
1⤵
PID:3260

C:\Program Files (x86)\Vstplugins\Xfer\Serum.exe
"C:\Program Files (x86)\Vstplugins\Xfer\Serum.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\SerumFX.aaxplugin\Serum.ico

Filesize
16KB

MD5
fd339f6494134dfbbd63a832bb740273

SHA1
a378c6f06093d3a899e280d7c95a188a81856971

SHA256
7c029fa4527da5f1ee584ff39c26f74776a30711678225ed2684ddb1dfc2227c

SHA512
b0ddd3134010508ae8204aeabdc3245eb1ecf3e4a0aef865722fb9c885e8f9245280259da370430f3ec1383c29968dcceec114f3181192496c6b1d7a0c8c469e

Download Submit
C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\desktop.ini

Filesize
45B

MD5
219983e644a372ec539e04b7da6a1562

SHA1
ea6b6fde11fe7dbad780d1c8f8462e5751ccda9f

SHA256
0e6e526114de654c25e3759d2db54a58ae73b642a92a54dce9993a3300e42797

SHA512
f9f8a63a158096706a2731bf007ebf89013e8513529811d5519e980b344e8bbfb404c2e25d8a24e01c2874f1f1e5f711f53acf796fbbfb66016f53e81810b52c

Download Submit
C:\Program Files\Common Files\VST3\Xfer\Serum.ico

Filesize
16KB

MD5
94a0e05982477cc34ef1a1f3620f8ee0

SHA1
0f6210cf69b71a507cec8d7dee5238d206ffdf5a

SHA256
9bba3ffde88cf5b931e5efe69071f8c7a8714c02ae2737337a51196d67de4ba6

SHA512
7bc3cf1d7f9477064e25c7adea56ac59ccd6dd24586da6f52e40547a7f208b5cadcb315574e42c9f4d39abe050a89805e31d8f897a21c72ccc773ffa42e13d10

Download Submit
C:\Program Files\Vstplugins\Xfer\Serum_x64.dll

Filesize
7.7MB

MD5
2448edd1a85b9fac716b4811dc061cf6

SHA1
7fc5be918d39a422beb2f636e55c0c8b0798bfe0

SHA256
3236ad6a9a848c5e1b6091505398e98ba8686e2c9fbf586535bfe59d7c453f69

SHA512
727b7a2678b5e92a9696a8f3ddda486071145c496dd0d2c51b69f7bc8e14d02d2d21788d724e6c3ead9a8179214c1721c638e732eef63ef2281e54f7c61dc973

Download Submit
C:\Program Files\Vstplugins\Xfer\Serum_x64.exe

Filesize
3.7MB

MD5
69c521c8c68e7d7da15f0cafec8a3072

SHA1
a9f4ef0836c4ab6a798ede59ad3e9b6e6d5aa3da

SHA256
a86787531cb4b017f5843c93ab8ee6f9d9ba13bd29d8d9e7e8af5ff9cba993d8

SHA512
7341f6868a033ce97fc53ef0669acd78222893b3fb849a8a834072d533a1cc107a73ae49d1103e7fb16911952f193bb1f44336ff55843552fbab0e5dea0b8628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1f90b38b-150e-4b7d-9cfb-ce7d9c02a490.tmp

Filesize
116KB

MD5
2034d112d1f984e722ad32e38917e54b

SHA1
a4ae8a0c68f86e22379374d7b976acd78b09606b

SHA256
2d74ebb5ec98e3322dd43d0e5b19a6c25a69c2a70d6ceeea5bc63c42aecaab98

SHA512
3257046348cbdc97edbebc5af02d064764ae026886ba50650ff715e4ffbb4709878b091554f7f0a5522f7fd304dbd97fb7036bca315a1a33cffe93ed1a23bab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e806699a-6c9f-49f2-bfde-9d433100cedd.tmp

Filesize
2KB

MD5
be24849067eee866c32b6895d72fa0f8

SHA1
abab50e5f380b5e5deec273f38c844961b3ab815

SHA256
069463976e229ac2198d7ffca02429e30ccc371cdebc335f40f403bda410bdb0

SHA512
35bc43ce0f5375570568318a2ca5b8dce09c996f44699befa92d277207e429b1f5b682a8d7fca663ded0e535819f729b4c3a8ba14ea287827c334bbc119bab4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2f0a2bb41de099a63fca98fd8795e67e

SHA1
070b795f90e0220dfe8c634e6ae7a020472c0d75

SHA256
4d6cb629e516415a8c3e6b6e4a187fb762fe7436c5d8aba3604e89806d3d731c

SHA512
34059d49423fbf4effcfef9e0a6937ac1966415935d0c9547f4c963fd4a8e95c4f257e7e8e2732dda37e5166b784df4835cfdd58b35561edc1d4ef7432db8ed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8f3168ad1170e5998186596df1ea8157

SHA1
8c65a8709adfa62e2c3dc712a5ce011c49603784

SHA256
5f337fc5da945278a754c6126f014bb8823c891f256494a3c76f426ff4c72c42

SHA512
74aa046b84aaea238566b8d7daf46b53021616054b94547784e505c2278272227acf0759b6c85370dd90d917a7b5fca6844019273beae00c411ceeccc27b424f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7afe6e6da2fafd163ed2e8b81628e29d

SHA1
752e659fec4fc005628919f9cd9c3f6152ee6cd3

SHA256
3d57e9ddb84cd62e6cdfc784155635f3d187cbf14641fa73a4ae9d5b3d6ea41f

SHA512
c67208547c8f7900c360cef05b0e4f79c0ca9f3a133a5590bcb5b8aa1fc265b269e3753b9e406a7737fb34741ee43f7bf2a6f6b70269c92361ce579ef5807cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ea231fe5ef3555443297f0ad801078c7

SHA1
664bc2e9751ecd914b5074c682ff5e16f558fe7c

SHA256
36451f797383a50540c5e0fc14fd73dd0383e4f08cfca32bc4daff52103b7cac

SHA512
3205f36b1de1d48e6133a37958d9ac17a3de73ae1590082e4ce1ddf840d29084ede034581fa214bc7ac7cb1ceb3fe80edf1e9808d9da3e6a743c22988a615142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a220412b3d04b4f3714765a60c77a4e4

SHA1
abe36189018268d01104bc6e4d7a6869ad70075e

SHA256
440f4e2642cd6bac77d968afe712bc391125bf5252b957157e103cca21d26603

SHA512
131c83f71dcb6a4b669c9fc0886bcc4422e5e6cc7e935a733f76b8bec86439db5360d6a0ebd2b0c243801491a62ec6423d458c26db8e89c97e58324168ca7ed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
60bd8de47688231d4578779775a7ab59

SHA1
2359bca43ab89113e03dd515dd1a18fdd8cc3a1d

SHA256
5eb261234dc442db449cb8f535840cd80f4847645d2389ef50681f6149af2329

SHA512
8e777989d35d186b17d19f915b57a9966063bdcc6b794315387c6d5145a435b784135b9872dac801b591c400e4d2ff5b025cdd4c089a6cf40c95d2c2a47692ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9a978d790b0f4eb713e3e17bf5b742ef

SHA1
36c77b57d1a3290f9182c4e6e47285d8899fd3a3

SHA256
dfbc8cb137c12249fcb7011621f503a7999272643b4b7681ca351bccb0a97d58

SHA512
35ada8e875a9462b7b9da2e4184f2ba9de7670d054eceb569029640190d3641d7c832c0a848e2019f8d0af8176deb2d0e81591b1306ce8703b9b3a018a894728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
22ab7ad3326544ae72ba00f488748663

SHA1
b0166ed2443784d373995af01b4a8a67e28cc0fa

SHA256
1cea8c10bb011791761f2c65beb8bdd37256bcde991867a9a19add7b2c5da630

SHA512
a0280f96b7ccadc1cd74865bfb53fc4989d58f350eb88e96b14dbaead6e7e6caeccc0dd1d4d91caeaa3f21534e3567929360ec984a9c6f5fa08ff01feb51731b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ae3f9b5e1874171b4ec9a427a46f1500

SHA1
17894821227f5cfeaf01ce64d1703dc89f8bd4ab

SHA256
92af1f23a20146a43e8487ab139a548a1fd19d054e23d0757fa73ff9475c3ac5

SHA512
c81b8385969a5740c6c9a9e2775211cca09b9e72752b97bfe58396f448bcba175bea6d7a3e6a630c1037737eb385142466bb4656213fecc56cbce7deb25b4add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af7cabba60febeecda341fce118871aa

SHA1
78825fb275594838ecfed40db50785dfeb74a8a0

SHA256
c3fd3b5cbc3679ab13d89889d702fd31372dd3f83da2d8cae51196deea7663fc

SHA512
4bbe1cb49c731d0e877f402072e2b247274b5f37c36fbc6484778c2b7468aed135c8a001a1a5c9e7c92cb97e6b79b9a07e3b8e52882322d477624cb9d5e3c598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ae010adba630cdee2cbc296e04eb46ed

SHA1
aab5ef74a09be9ba809c5c0d112300d5f5fe35f1

SHA256
eced1b987d10bcf8e31b9f0aa6906fea7dbe3bb11aaad479d02b0ddf3fd4dee5

SHA512
02baf75e14ef0a296928cd9d68aa3b0f31389b30d03fcb4d2932dba79c1490cc2d2bf113c12cf579f8d1b5039129578786c7e14263bcabe906d6c5da3e531cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3689f6a06ed24d12dbc2da66af04ee73

SHA1
c7357d18b1d5ea70a8b059986c6e678fda6edbc4

SHA256
02021cb4956f6470cc166d7b7c19be5420eaf96f7b90001d00777877f3ad5f64

SHA512
a8108b7e3115f5abdf00701ec05b7b10ac3bda4b113964218bf9be42d67799ccdea01b3582989d66b75ad4e51b95103f2b94c6307d66f2e443c53c24f4cc45bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d7894b287cf63b0a208dd010f6b4b766

SHA1
9ad16bbe48c6d9cfaf18e374e8a2b1a7ce34ff81

SHA256
77eb6da595683ac834b43a61ee338b236df62a146d027ccc5ad113a8ade7f262

SHA512
60a67c6aa27e302e168f68faac212a77f7870a628e7f4149206eea1061300f79c02e956301ab493e9eb959c9b7a7c1bc2226eb14cb1720e20dab761103207e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
8feac5b6be5ba5d456f109298221c154

SHA1
5f2c0f82af6772d62d9f3b463fa5f85db66f2451

SHA256
d3e4a42b5c8c26f541a318de0e41e7ea9c48ad46eea043a01ad3b13c994767cc

SHA512
0cbf380b2b74da8a57c4d7ae3030f2687c43dd7c584d7fecfa850e57c1a7f228061f4af9984b9aee8db24f4645aa7b40984937481e0cf2a0d42639a9f1f6bdc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f5c0ac6b0b6671683587ab9a8221efa7

SHA1
5d53db8bc4b98a4cdad2b156c1c3985ad00ac4ae

SHA256
aa1793879a27342875ef669cd3cba76153e3c1c16feaa1259b176a84f5cd53da

SHA512
2e7d199cd2dd25afcbc1eb5466daa75eb561d2e3efc87ed8c07358d647d4b962ad754a0d186affe1f0291a8679837c57d0776d9ec9c558230b2e084a519cb0e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3THMG.tmp\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp

Filesize
3.0MB

MD5
ede7579ea135a0b8caaeaebcd76ff500

SHA1
99eb17f3c7b96275e44472046ec2cd6a48c9d677

SHA256
5eea98260d9712ae1adce8c2d4fe394a36f0a22611f6f0f85d158db5d1f46513

SHA512
1c2dd5d70fd0a46ac3de68b6e3201f70501056c1bd8301ab6b0d2a56dabdc782ac5aaf4aba354c771cb81c137c1b3a41021c9bfc90873fe52a528765f378c17d

Download Submit
C:\Users\Admin\AppData\Local\Xfer\Serum\SkinCache\SkinCacheInfo.txt

Filesize
7B

MD5
7a1920d61156abc05a60135aefe8bc67

SHA1
808d7dca8a74d84af27a2d6602c3d786de45fe1e

SHA256
21b111cbfe6e8fca2d181c43f53ad548b22e38aca955b9824706a504b0a07a2d

SHA512
94abfc7b11f4311e8e279b580907fefc1118690479fb7e13f0c22ade816bc2b63346498833b0241eec2b09e15172e13027dc85024bacb7bc40c150f4131f7292

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Noises\Organics\AC hum1.wav

Filesize
152KB

MD5
7b2a9827fb9d8295064fa6e68cfacbb4

SHA1
e3a980aaaf6e825d833750247cd6260cf5fbff79

SHA256
d61fed9b09caf6abf64672991e25bf0bb206fb0d4742d11be53e820c11ba2ac5

SHA512
e6b7d736d0af38b30c8ce88181237d6b8f840c2b3323c4a63e8000dec99ac243757602ce935168010d97a7a6a7f5d5634606513f9673be9b5293673890dce0a3

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00128.png

Filesize
159KB

MD5
96e242d0e6a78159e6d883cdb91b3aff

SHA1
375444531c0b0189b01054631bd2ea06c4048897

SHA256
ded4b985f2a39fd24f0c8ba4086dade41e40dd5a1f63555e54e30bb11653401d

SHA512
69e2bb27a9de6d9e6677cdc6f3e3f9dc06002983276424b98acf90560a4cc85eaaadf574dd1145b8535abd588cf7dcb0a74871176406b10d1118ae6d1f7811f0

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00129.png

Filesize
857B

MD5
675f36688fe0f8378a93b7815d25dd6a

SHA1
0668aea2ca4995a86a8659eb6a166f526fd36e38

SHA256
b2d127e14e5e70db9eddf3c32cbcc598e39bef0d61055581b3ea9347fa947a55

SHA512
5909f00cb7edc1d44b0497d02eb1e57a4fffddf52e8087bbeb016a79cee98e0b2e592dae1f548d59715bdd0468d26712563a256d1c40254737202442468219bf

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00130.png

Filesize
650B

MD5
672600b4495baae8ca9997f45e1cce49

SHA1
a7969a341a352f545788bf7c286ee021dde99c62

SHA256
812e7e77ae50a714f57684390a381c0621e708f64452478e9117197623cb02f5

SHA512
ef26b9a877443b05bf49cf1b5fd09ca4a9c2a87f63949b2ff416af1508c5f99922238dd6ad57631677cc1dcc4b2249dadf60adbdb7f263ad7d32c3705ff29734

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00131.png

Filesize
272B

MD5
559a1e5ce19f067aa37b28a19b558514

SHA1
17cb1ca1573e67f99bec05502cbc463e7b99c366

SHA256
20b0657eda025e243be03a4ecf546bd38688f2592107849be3920cfe4ac4d441

SHA512
60218d29c82d2e2ab0df29570d5d925a655c9b33046b27f0230aeee245aee693287d5e3d6dcb67b9977cb31da982ff15fabe84a5a2154d21da1784510c7d9b63

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00133.png

Filesize
657B

MD5
d0c513cd22f2a139d634870c9a0d792b

SHA1
a466e420e64982b253bd9df7b731cefd22db6f15

SHA256
e113a7c9e1064f01306c1866b946d21b79515041a560f67e7ef02bd3c4beb95c

SHA512
8d908193da81db5ae3ae07a9ee251a6ac8eb9fdb23e1c0c30220192bfe22fa35f31660423194e2781f090bb0e5a14e5b2ad315ebb775c61693d787fb96d94e46

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00135.png

Filesize
2KB

MD5
70760d0401065d9b0a769b8e4a2a4f18

SHA1
1fcf7153f9ec8ff988d2b7ce488ec840aa26c683

SHA256
5d3322eb79a0ed26a84487d378eeae4e2f88d2ce188ee5c0004189abcc6228ad

SHA512
5d7512450fd0a6f8c0a43ac796a1581ff53633bc94df9ae3d9f72ab3398f816b9484a8f784a1a2c6b19b951862b4ec50a7521da583d0b4305e2d62d288064c8f

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00136.png

Filesize
206B

MD5
66f8627002351797022adebe4653afff

SHA1
3ddf8d52679158d23865d5f0bc36210cc2e9f7e1

SHA256
277eb898f0731d5b270987bfc14922a4adb652e26bdc6760714fd0480ea57c18

SHA512
410a41a72de7c49fcc70b0edf74d1e35e95efad7579f2dcb373abba073bc8e5b5072765d83055e6130c67d692ec33d8c0ef191d851e5334e830fd50501cbc9b4

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00137.png

Filesize
281B

MD5
a962dbb2546feb5125b5b90a927b5178

SHA1
5336b009253653273f797dae25c6190fc28697bf

SHA256
e9bdb5f2c54dd059370b9533028c80ed976bbbbec80d1fa00fb9feec367a6e95

SHA512
08c81b58cc5d4ac1e1d37b44e64798f99b32e3d1e73bfe93f3e3b97b2ece0f134e159e815a84ebe5b1d3a78d7b558c5ce3b0ecccb5bcbec148e54908efe6862c

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00138.png

Filesize
2KB

MD5
b770bb573526021dcadd0c99c51f1a89

SHA1
70bc936c6c6a736f9c6062a34ad9f2dd5e9b898c

SHA256
af64233b06595a13fb0c4f12b42753508c4f6832f9d7a3b9b4ba922154e543b1

SHA512
791d13ebb024d6ecac7f3900707f6bf9343cad1d10622063899e9d4c165faf0d1222158019659a0b6f9d81f134735329fd56abd5643b48a2d6828eb8929df377

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00139.png

Filesize
364B

MD5
6bd451834bd47212b86f1631ffbbce37

SHA1
c113acc9130e161dbf3dd418042dc6854aa7f1ee

SHA256
12c26cd7f0bc5ad8b8d2a97b15f6577682ee6fbd6b7af65f39d9bbb085176784

SHA512
e32b781ecfec34872015739e8dd77a8639edcad3f7252a8694ad225ea787635e78db5ba0b40e161293f1b9e38e31866e89d05660a2e58b4586c350ec581e01a0

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00140.png

Filesize
389B

MD5
3f58ff0f3e90966a58bab70cace51422

SHA1
22a9191f949203358c31551fb3291931c2a51182

SHA256
de4f2a8e33447bc40777f2623e30b489a6da70206e202d8a8c7d95bd46e3042e

SHA512
ea277910cce0f4042d2aad523563475940ac13414dfbe11eeeaf14d89067544f04f3051ef0feabea35c973b75f81c4f30a1ece3c876493d6acdb428965f7e3dc

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00141.png

Filesize
389B

MD5
1aef3ad1492c452c7fa19d9976fb8221

SHA1
a0490d7a59c1be50ad0eebae3f3acac6cd16be07

SHA256
83f2921231a04a0d674b490641f863ea903c1b2cc91948561853daa433bf03a0

SHA512
e0ea00506fe9297abb576aebdbacb08c7dff890bc47567298c46c6a9ed60ffa2ac68c29973848edeb8ce52903c549c838e660e8ecb391499a753cb34b0ce829b

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00142.png

Filesize
367B

MD5
2de9c147458e185545d12aab956e3e82

SHA1
cf6928ffcd4765056c86610252c3a229010bff5c

SHA256
9f48557e533dd86b8c24cc14f97910b406e8836c07dea5dd1cb14bdc0b2fbc39

SHA512
8a7beec5b3085a8aeeaf12d3ab917c0f9dc58fb4df2d6c6f3ff2d3850dadb6a6c9bdf419a82f38bd6f9a85d755b044922cb1877534a92e38e3286b569cc66788

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00143.png

Filesize
744B

MD5
29c13df7d5385f4a2ff36f9d93492584

SHA1
8dc52cff79ba7f3a411c9282d531c728b9e38753

SHA256
2f1595c7cd0fce077f62382c9258d7d8f9735227d51f12a009c03ee5430db241

SHA512
098fce78d8974709bf710893e9ac4685a777441d510fcb442c99e6c88571e825edf9171c11eb96d99c26ef64f12b383a6f9da9934b4bea3880d0e9e385c5c785

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00144.png

Filesize
1KB

MD5
65d15dbae9263730473dbf698191285e

SHA1
8ed6048eb56061c1ed13b04a3c56f13553348224

SHA256
41e57501a3c20cd4947f6900fc9e39a25fe0b1579f984148fa1bcc9f21bac8ad

SHA512
db5f17ae8504d0840e62ab0f52352385838b3e4a769c909e6fa8e696e9e2ea3eae117fc093947b6a5c462810fe9688c2879d2571c6d93e4a0e2d73adfed7ff7e

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00145.png

Filesize
599B

MD5
cb3df4183ce77336975c4469d3ad8027

SHA1
ee32fc8dfac87d1434b1c3d3706d11d46cb5f748

SHA256
9bf8c81083d0e50929e8f52de328d4d9baca1ad1c97f5bfe40df987b04bafe0c

SHA512
ff1eea2d97e0de2d33b884fc9e62337f080cea4ef2c47cfd75d36a09a136653dfa471acc85167d3bda87386d630ed5642f35d7352469597f7c2628d993e8e4b7

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00146.png

Filesize
2KB

MD5
141b57f548c69653072a75c6130ed8d1

SHA1
e4c29a2f12df46eed7f140284ca770e436101d02

SHA256
4168c925f004676f595ceb3de2a2f260db16672388da7fb34f88a19bdf88ca01

SHA512
d7a32c22d94b541d12480203f003fb74467237f1dbee0ff503e87d0d6e4cb4556b4e7d4efc8fedd5ef7299a72205f4da7927bc0f5a9912bd72590c51b8500f25

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00147.png

Filesize
449B

MD5
b5eabf89452e63db83102bd7d38f44d6

SHA1
e7f7410e5868eb1bfa896cd3515648e0da8f75d4

SHA256
56107fdfbbb2e25a9f88e62b086243dc2f1c7639e02f431c13d68cd691403bcb

SHA512
5f29c0f6f97d764c18e6b643f1377f10dbc28e9021a5359607d4b4199dfbc074c71e863f53b1467ce9ab2fc467466dafbf9aabc9ad004afbeab980a42b1a5bdb

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00148.png

Filesize
1KB

MD5
ef07548eb96af5081f09ebb048ea784f

SHA1
66cd8c675f2038abbe54f4db2aeacbfd18678700

SHA256
8fcb2cd0432c46339403166c0f28c941cf58df881fb2fc52f4725d0c7b69b28d

SHA512
9b49ac4f31caac71dee92193554850585a46180c971ffa2f1380d874f78ca6a55dd4339e6f7ae2d0cd7f2f1cf91c1c0e55de6401b9b97ef4d1e0028caba00aa4

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00149.png

Filesize
1KB

MD5
e8036ca0a96c000a66a7d669c884af09

SHA1
644f7aca2f1afcef259229d47367df443c8b35aa

SHA256
2cdc53ada2f8fe7bb02279cb74b25ebf63448a007bd890422661a494ae6c9373

SHA512
01e8de4f06e93b19bc3448f595ce0d02ffcefbcd401aa8037c9f3a74a9a8c39abfb3aec5d50b835cf086eb4d76143a920fc22780159dc6ea90aaacfda6407ac6

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00150.png

Filesize
1KB

MD5
2732dd0bb9eaea69bbd26b02919d03f0

SHA1
2a3017ad2ba94ea295c8789b34728c0bcf896229

SHA256
9f389a145dd5e99604902901d66a75dcbaecb6a3da2186e3b210a93838b06f82

SHA512
dcaf4ba7095071a131c2e7b45e3cece50c634792e43f70920d83da3eeb00337e11f9bd3f1549a6352362304b46ab2397d728da8fb65ff592bf4522b08d35e180

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00152.png

Filesize
2KB

MD5
6fb7a929ab189a590638f5ea57b8bca4

SHA1
022dac2cb5264cbca8f3eaeb4882d5a32d9a67cf

SHA256
d6026a7c9ddc98e42833336ddd40a69ee1c9dcf1cbf912d9f45ac3eba9d66bae

SHA512
ebc47b4d46d38c27d8e8109f05778aba74f936f7eabbf64a2a01e568210c9b6144d7a001c319e9c7246f6223cb4b769d073c23728ce1f649c2648b8c3828eac8

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00153.png

Filesize
525B

MD5
e0264acf2b9814278aadb7a1266f4e85

SHA1
587a9b63071f84a5263e34232727b7ff4860f832

SHA256
e9d783941ca71c370131740daba339933e8ca3e23c11834262ba03c48e273c85

SHA512
2869dd9184b6bc7976388d2242c5b8f48f54a4056bbcd741ccde9609502e18215cc619120ce3b3f5557aab16e6459ed4475d8f64b68b8fea0c52e5436b7179ff

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00154.png

Filesize
1KB

MD5
35ace50dcdde9a1b2a163f36caf9c014

SHA1
19f56534f19d4b10b0e1b9132ba57a7546914bc7

SHA256
128de8f1efbb2fb972ffdfe38bbf7cd5413e116485b33083a74fe0c57a9e5ecb

SHA512
2afbfb7b9bd8089de87dc3877eab2dc6228639e024be28857949f69b3c0c3970836b1c0a0a06364b0495503df688ad4d13319bf218dd5fc36e5745ff75311a72

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00155.png

Filesize
776B

MD5
646f9b4387f02125c609e9d16e2d24be

SHA1
ddcc6fbd36aa06644917f45aa5f50287a355d065

SHA256
5089b18ba9a65688445acd8b12977599e4fef19ce18e691f2a8c9f4f50c5df0a

SHA512
3874b9b65df2dabb33d030b02d9b6ffeea342bcc4c9fbfe319f9a6d08fe34abc2305ac5f8beb42e4d056bd2f8ee9f1c5b8af1c704db5cd613e1d023ea4529512

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00156.png

Filesize
1KB

MD5
9456e87de06fa9d5028863857bb5bd59

SHA1
ffa1ce14ebd80f1dd1555c34c8c12ee04c09f5d7

SHA256
f7cd10ecfa6590e2f284259d56c8d876c6e74654ba068fc558f4b7c484257820

SHA512
cda0feadceeab10532e540581248e5720cd3ad81325fb993b9ffa43daa252bda6b9937ad8834ec5040e48934d98e67f47a498b95e9e1c3ae3633ab7c7483c125

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00157.png

Filesize
1KB

MD5
0352d3e4e16b65903a65e87945433e97

SHA1
b3c9900f4655f3c9533e35c710f5634d00cd9b06

SHA256
4990838b50bd668023fe6730278f0faa6871ff6179586801718297a4264c48a0

SHA512
cceea1088dd632a502d5d5a90fa85b0410c8485ec6fc941ce9433227f8b91dcfdd671d5192dc15c6ec7151bb666a9dd5a14ddf70827bd768358f7686238d47e0

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00158.png

Filesize
10KB

MD5
9a96c0361c858274710a458e82200d18

SHA1
61a0447e1e5994cc22957d1154e13f7c6bd51de6

SHA256
c8031ec64f2347faad442bbf73751e64d3c038636067720aaf61ebd4cc21a88f

SHA512
ee2c9902a870050ed8e88e947b886d49d3a85a91e43cbbeddad090002835bdbc74295c831372748dbccc9f34e60161e956bb3cfb1037a17849c0a37b2c385d2f

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00159.png

Filesize
19KB

MD5
8b23519a8c8270133e1490f7f4ef36a2

SHA1
944205b5ccf19bf60c1deb0ebda8894eb7b7c098

SHA256
05c77ae8a55bc0d8fa45e572d4b2e623976a682d86233e9b50215e4872b94c21

SHA512
a62165cd240c2b31e203e9a523bbfbfad6b3dcde2c5c23b2ce2a794717eab4eb29d100e3aaa0b759697c4171df2e93423956f18912a112c7c92eae990cc7cb06

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00160.png

Filesize
4KB

MD5
8ffada9673826c87c3568626e0f5fb8c

SHA1
af96866b92df8e7d28cc5daab6037cb7d4ef55ec

SHA256
9816bb5f365192f248c18c5602e25a09fd7f3c83c72805c8e7efdd18f7314e4b

SHA512
84c6d072954dfdcc40632d61b332db4fba337436de0098cf3b5d89146188dbfdaf2a9fdadc99cc89b41cc010cb1f45617ebc5a85bbc54fa656abde66105e7791

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00161.png

Filesize
785B

MD5
e876c996c6d47a6800954a57b53fc810

SHA1
97e618441396d45c15e01416eb9730bc954681ab

SHA256
064ecb7bb33de6e6ba34d18b03240a4d7499e6661e922021afd5312619deaa28

SHA512
2b3d3ced44e7d3b610b56f5e938509f561c6c17de2e7cef6886c8a24b84fb8f7fb550e7d42b9eff27b60fa109063994066a8559cec87e1533bd6d6ec99a51748

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00162.png

Filesize
845B

MD5
feebd550c213f1334ac0fe8995b87a2b

SHA1
b3ee144023a9f16c37ba2d5a75a11e0bd7e1f189

SHA256
050f2a50f7224e05e00ea40689bfc0d8773872f70b1065eda7d4f38c23dc6fae

SHA512
7e265ca15e0f0467cec092abfca5d24a6707fb3316c4f52ee841f947b4fc639f94fd564045917df64a500268c89f30955c603f56d1d7e02e17f74c04d6282e03

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00163.png

Filesize
1KB

MD5
98e1672a5c1632fceeeeef6389f3d45b

SHA1
fadca33faee7fe6d8f05a905c4dc4e9cfd2b35ff

SHA256
2bfa0569fa76ea9dafc8cab3bbf38dedd18a88846afb4734696feab7d4576b77

SHA512
015081026d6e06ed377f1a948ad7a67b4f38be8012b7528c30db3702de530e9dee4c29d3b0f905bf8152df917df18620295c5ed6db49f0869e5e7e00ebdeb420

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00164.png

Filesize
3KB

MD5
ac6a09d23776dd38e6f4ef83bc578fae

SHA1
f1f6cae0d4331390401e59ccdaab299860a12ec3

SHA256
7af0a9e99f8c27455fb6b82533bfa0f2774c3557661fa4746163526c81619718

SHA512
cd99fe864c9c2ae48fa7aaf16ff6f439d9a43f7c8821a8a36cc2bb3099f612c45642a48a74387cc36b6f0827b26af8b5e5ffc2c89c4975fc25feb859d77f4e2d

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00165.png

Filesize
4KB

MD5
d1008e63f96a263e095c08939eeaaf65

SHA1
b55623eaac1b1e24fd169173f9c3e33be8f60e6e

SHA256
2c63d1f6443ee977eac9f36e34b0a5866103bfe24a98c2c9bd3894b33f054ae8

SHA512
782de2d840b189ff231b71786d9724d6e4e965c21f6cf0d7b7a325ee1c992851266dcb94742059670e4d202647cf7eea0c6a07c60dc41f3f2246e88566a27344

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00166.png

Filesize
4KB

MD5
06ddef800b5b5c2aa7e3dba4fe2eef21

SHA1
5a00bfaa511a501142bbec9ffb234e34c02d2746

SHA256
923a2be1d57fd9b4575a8aaef3b41ecc86be501b92403adb9ccb35b7d4e4d25d

SHA512
3b6b86ed9313e4adf48bbdef1426d6e09535a74d37eb069d6899c3b1dc21e2c3548a2c77fd36611f2c3f08115ed9eb273acf7875ce968f1dce92e98f6da546e0

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00167.png

Filesize
4KB

MD5
5d23a709a2146b3c5b8e1345c975bbb8

SHA1
4460381cf2d5ef99e59bd3414b77bece87469253

SHA256
30ee0de1d3284eae8f40d85a711241ba80718f3382fbd42d8d000f5fffc9bab9

SHA512
56a49c2a6e7934a4fb0fb704b3dca9d2bcffdfa0ebabc081bd26d83320318005bb3c6f1701376e4b11484485bd8b62c3e9dec50c96de3bdbfe82b0eb5ce7fef0

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00168.png

Filesize
3KB

MD5
c6b2e06765b32673a1ddee9b91cf8cd7

SHA1
65457e162ad5478d51cdc722c79b224fd3b39fcf

SHA256
e5f7fa3cb488c1014afac8ddfe5f9385dcc5508919704e1a057a3738d91f051f

SHA512
47d697a120d5dc14f53923a2f842a3746b10cd5fabe1d89f028fad39b46352990d3c61d82aa3d0cf91ec228b8cf9dce24839537f27b3fd925f9b9f9c92324746

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00169.png

Filesize
444B

MD5
cd99f7cdbe220752977584de3e99231f

SHA1
11f15c3d1f977658dd87467f9a2fc0371fab5448

SHA256
cfc561cba63da6be9a239eee92c24e20c72bfd199dcf3c6781094e8e36cf6001

SHA512
4ebb3bb31ac91a99d2b264b164563b52a69591e471b3f76063bacbbca9c5fe3694e4c2c47ab8ba1a28d6b7ad8d74c9643f356f480a9a98d5ba405d186eab4eb2

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00170.png

Filesize
1KB

MD5
a8527dd48526eff93a5774d866a51daa

SHA1
04c117dd813c4c62addb64b604becefdc7c2ff28

SHA256
96ecb7fd0c5e776e6ec8848ba05598b1f4702a7648cbfa9b9382742620adf5bb

SHA512
c8319ef2a6cb24eb7366a5f97e036244fc163458dcea99d59b282bd9b3e6177a9131c6152eff71bd89209c7259e8d89109a1b76d8a4ca783e12536d57e120bf6

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00171.png

Filesize
318B

MD5
055455f2d66bce0977046140bb2e1046

SHA1
2df07153343953e42a8fb7ae113c0717bb463c34

SHA256
994b89df756b7ef0b56f3c93ad252f1812dc76713ed25c868000ae924384e672

SHA512
fe06445de681680064dabddb939c6e63467492a2c838fa02bd1e99e83334b777cc14c98ddb6bd89db44488ab3cd435fc61b97a7ac0c8834f0c090cdfc69e0504

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00172.png

Filesize
3KB

MD5
8539dd92fcfbcf50e1ca21fc422f8036

SHA1
06015e0a746723cd22cc527c5a2fa3fb91dea8b5

SHA256
92d6ca497b1f43bd09b18ee3ddfec3b57efeef9ebec83f017049f494479ce1bf

SHA512
91545dee8fbc5d17926b9a243d5b0e161a4102e1ebed5d39a8258c079beec8c76168c32aa670f7cc3c7d121ee81b119730e412c721997fab0bdd854a4ce8e350

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\bmp00173.png

Filesize
3KB

MD5
ca801b4bd9625f0b1a124ef8a8fcd2b9

SHA1
c0a26071d30f166d96652095ab975b5aacb56c7f

SHA256
a4f449bfb85611aed99d463546f58f7b1e0c5ee9dbe13fccf2e8677eb40b2998

SHA512
cc6c09dea571467127c576876527198e2a0f7871bb233b68a8bb618848c32952d90d98437450475cca8dec51ba0a45615a47d58c2d4b3bb47db58883f190bfb7

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\is-04TH3.tmp

Filesize
1KB

MD5
5bb22ab624d9c111ccff980846e21c99

SHA1
a200fec196a8f0a4b798d3fa73f2e715ed547835

SHA256
a0a1c6ea69b0a6a1aa6d6bd6bd295e8df710ab4f819c1aeecf2c5786f26d1059

SHA512
0b9c2a9a0b18bebe29790355affeab7cdfcf4955e7464c9660c08d737850ad3ec7c8457be8980e567a8d922fe28beec8f29ed4ae30ca4a1e05896669ea26736d

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Echo Sound Works - Evoxa\1x\is-NMVOT.tmp

Filesize
2KB

MD5
2e03683e6a2a66c772113ef02c80525c

SHA1
496516292ed6766ef195ba6421d39a0c58c8a7c3

SHA256
6abf5eef0b8346b305f8b9bdea9f4ab1e2d5574f0ca810ad3b302b30c31fbc8f

SHA512
8dcdcb65020cdab320635312c1d68f66f26620239fbc1dca4755381b7e21bfadd3a123c27cc7a9c6b1618f50b61b387fee01074e169132b0a86d9fade6d3bc4b

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Echo Sound Works - Evoxa\1x\is-TU74A.tmp

Filesize
949B

MD5
c8dc12cb5fc4068461fc97e998a5a8bf

SHA1
b9fe13750ed26568e35b2c21848677e58cd6a438

SHA256
aa2e25ce6ce244cf4801f93676b70f0b0b3c32251483a9e5430ce89baf22a0ca

SHA512
263c9cad32917945cdca38df982ff55880b088283643803e1edb960a9b5d81d8ccd5d9a52db890c34489478ea66e2a85bfc01163aab31e616d2367a0b7457128

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Echo Sound Works - Evoxa\2x\is-5779B.tmp

Filesize
2KB

MD5
3c18c71c84451c25df93dc74f3e2235a

SHA1
86dfea43a2fb615021b828a7365757063bf71b6a

SHA256
4d72f563ef9131075e3f0c0f60cc1fea59e257c434a8b58ac0af9facdb4608a6

SHA512
b02075965fd86daff17127836a33a7174d4a17c574646231b5bda3797b1305f4da457050f8c8ef18a8893e959ecb5339035170d4dd554c5de81cf9ca1b2a522f

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Echo Sound Works - Evoxa\2x\is-9ALI7.tmp

Filesize
225B

MD5
993a8d71f09faa5a706f4b93e5ee26f9

SHA1
fa5edda92a69e5d4903fffc47b4fc970312bc7f6

SHA256
ffacb7627c229f8ac9494f987c6bd0cbcf7763c45791051166089ef0d6ca51cb

SHA512
54f643112c5ba43a4b7a5360f5c678387ee5a75def5130e5530d4b34fcec8b23489e6b2a051135ecf3207d67b4a3995dbb4e61e5f901ad2824a2efce4ae738bc

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Echo Sound Works - Evoxa\Fonts\is-A21UP.tmp

Filesize
4KB

MD5
0d4f579a187848e9bd26e4a90cf1d35a

SHA1
d8e47d15c622c49ad118e68133645db8c135d121

SHA256
0536b03fffb333283993c9f77df3e16593596a843fc8ab339dd3c6da754d2fba

SHA512
d6533caacbed8d763e25621f24e42dff3be5374d452efc07a7251acfa1c6a402067e617ba89f5b7e0a64bd478d0e8d388ec9f0638777d79a209e45a920c97e8a

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Echo Sound Works - Evoxa\Fonts\is-UNFU7.tmp

Filesize
48KB

MD5
fa4111e39a6ab2895f7e5a9497e97b2b

SHA1
8fdd0772656d207b51cca97517a9de985f7053a2

SHA256
4818c7914fc7fd9ae882615029656c37e3bf48fdcbc85ac735a0f51cb2b231d3

SHA512
ba6b8525de4bb832b908e8060d3936149ed8f4d5d6827839404a2583084ceaac4f6c7061e7995ebef03d8c8a9decf4c20289532778ba9cd5b17cef119fa17234

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Mercurial Tones Academy\1x\is-6FFAP.tmp

Filesize
252KB

MD5
628aa9059233f8a19803f07f9117b141

SHA1
ad4f91c270a029e85f648474692f14ab5ba5b42f

SHA256
6761a01bf80833fa0712bc510f5b86a444e9c590820602b048fbda77851ac00c

SHA512
849f939c39dfb29b961346ede7b96c7e1b301d56ba942ef5eeaf977a9fd02627e42e3d7278c0033ec94a810f4d614ffc61558fac508e5bfa93d7a301d4f2a5f1

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Mercurial Tones Academy\1x\is-8QBGQ.tmp

Filesize
541B

MD5
0f6dc398f54ae7ad88b7bb900cbab2c9

SHA1
b945d7f8564cfdb9ab007345a3c5b6415c7cd38d

SHA256
41bda4c1dffae93ec5439c592d09cc0f707e408090d7c392b8a26c012b507036

SHA512
f3aad351d872dd180b865bb8b2aaa6dc0b5b59535253dbeb743c5e289562b11ab3b837fe8a90af2aebee95682bbea7adac421ca13d5fd1407de8778218dd610f

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Mercurial Tones Academy\1x\is-D8UH4.tmp

Filesize
291B

MD5
cd2e51582255220da43c59c32f1a13e1

SHA1
714aea108fa5a8da7458513e5eef4f22a44db0c8

SHA256
76c582c84a6194c077b4c7e36b9c0b6089cb869317e427b5f4eb6b840a48d49d

SHA512
db2a281641897e157c24671722eab381da63a193e636c1ba549a82ecd9b3ad02b7f21beee168b9972f60c0cace298986cc1ecb7207740e92c311162a41344fa3

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Mercurial Tones Academy\1x\is-LOBSL.tmp

Filesize
490B

MD5
7ac15f3abdcb34b21e10ec84a3c07dce

SHA1
7dd655df80067e967a59bb22186316eea3356150

SHA256
ac3d8f7d0a87cec28d2af60512df63e4ccbfc6ed48f16cba982e26b56e75c9d9

SHA512
8a26148de8d38093c8075913435ac6d0c8932dc7bf7c634087cbb460a8c1cde3874b6f21700592a4ea0adab3353d9420ed3f4903cd164957a8d6f93b314d7c09

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Mercurial Tones Academy\2x\is-4U85P.tmp

Filesize
327KB

MD5
b7005de58d5f0f41c83266b7627b46fa

SHA1
bbfdca4ae9242a2a169ee297d157392122d3fbee

SHA256
ed42dd0d8b5811d0b0f421335aa7264fa0ff6f9e0b508cd6257ab9b566e978f1

SHA512
8b7d51cd655444285b05c21f22ab9c5f198383f22fd2c020c1b31c308fab8adb8b92fe040ad1f51b681007dca6dda1fa5d91eeea6c08f325148f8a0165699a32

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Mercurial Tones Academy\2x\is-P4S2H.tmp

Filesize
607B

MD5
7d26064951e6c8c4da33007cde006918

SHA1
4f72f644501f39e47fb4a938a8497ff8e6ed347a

SHA256
13db09aae95fccac593c7e368f9e40b1b6a1a21ab0fa96992b3d02f07af5d1d6

SHA512
95cae6cea9c17ceac933126db2e54c55aa6e84629835a55dd30fd53ab8e7a58441b311c356d5452dbad95ed684f3b9b2395f6c59a0541718836e9f02e1c47940

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Mercurial Tones Academy\2x\is-RK12Q.tmp

Filesize
713B

MD5
6929a2ff97806bef4f604bfef942404d

SHA1
2858a88c2012c3b409f25c5e94d456cdb03b56bc

SHA256
b2f04559647e4691c2c7679e6cc1074a30c2a24680bd2c6fbf5c6471581c8364

SHA512
e5b61804bab51b7c7f72e1d657e8cf480ffa79c756b75b9c48d9c91df581b1237045462471a1c07cf57bad1b6fe88a68cc060ad699999ba1bd05d490856018fa

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Promethium\1x\is-31COD.tmp

Filesize
1KB

MD5
c2636cab1581b01001bd665189fda63c

SHA1
76b394eea28541efc8574bd7773a35e1fca67ce5

SHA256
7f489f7a78e8153edd85b24f6f724a21895d10d5c8f40197c7af7e68960bda66

SHA512
5387376cc01d2d638c628d20c0471d582896641b9a5236bd78f76331a92b173d59a3d09cdda38fa2c648a07c3716972e657f5ab4868557d5bc928bcb36d721d7

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Promethium\1x\is-571H7.tmp

Filesize
1KB

MD5
3d370826d1b4c223b7975cbc2a064eb1

SHA1
8eabeabf9798ee63cf7cbe3df3f2c22c5aa4798c

SHA256
d34652d56f2a61d28d1c350fc180a1ce1642c29bcb5fe05a77b9b256711468f4

SHA512
b502d2dd5e572705a7d7a75060ecd5c20e8f0f7307dfad659ebd3c62079d48bba0b3ba80117b62412ad2bc0eb114e8037c9e8ae9201b30acd72e9217861e4d6a

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Promethium\2x\is-HFJBJ.tmp

Filesize
2KB

MD5
2b4d9090fdb2bdedb973155412b06ab8

SHA1
11d7b407d00d081414fbed0f35b8cfb491e0e90f

SHA256
981ca03de861ee80f0049bd33abbbcc2322aaa23499f31c6bf274750cc14dfd8

SHA512
6d0428b866103203b38fb06b22364c8e3591adf23fcc0b32d7f5de048348a4af1e2d7913f39de84e7e47eca3c41995365959c2a1c77243a3d5f42809c5d14072

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Promethium\2x\is-NUL6L.tmp

Filesize
2KB

MD5
5d857b9000d78b502e2ffb8d0e6647de

SHA1
0e27ede07ddb9dcc6ddf1f9831c4c70988ca066c

SHA256
f8e352e45b99c51541c641e79336b0ac71bed60de31f866caed96e42b42adae4

SHA512
d3ebb20a9cff226947e477aa990982e0a8a4b27202e7b915d66622531e9e7832a3a1e9ecb86c5d27688498a88d3fbcec3b4272a340be8a4a03e52db99d5161f7

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-2GQA9.tmp

Filesize
313KB

MD5
0a727b2170883ac0f5fd408102f3d499

SHA1
b9a85d34bc01d8a767f9c55c45e4187f965f4fe1

SHA256
55bf178ba3476f1ce94238b9c46e995464762c965d76916c038c855aac93bf74

SHA512
903659d8fec9090de5aa509650cd25b7abaef96fa9aeb79a45acd86f260e8b4a97af3d47878162d5ac6fd46a03eb3a04b196d5d35dc2e08c9c278dcda6d3decf

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-489BM.tmp

Filesize
1KB

MD5
6b31b449e9b6fc41a2807227238c35a5

SHA1
0545650ff2c010b019aef6f8f991f634a203650c

SHA256
63c4fee7aade329f28adb652d0ba5de0be12d2dda42e2686a203a15b1d3f41c8

SHA512
f82b15c15adec713c8bb038c5a91df63abfe6c6376f8099905f8401f26fd260e730b906d8510196b07e729de277268129a9333650316fd96b274e468ce52f726

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-56KLV.tmp

Filesize
12KB

MD5
e4a35ad0fc3efc7ffe51c840d3e743d6

SHA1
3fff4cf58eb8b6ee0c191ab3ccef1cfdd962444c

SHA256
b58bf4be71d02c8c7bdeca7d062e91cb1876bc991af6dd107b1df7533f0011e3

SHA512
07f4e8a93db9d5496ed1c1a1cd9f3c1ff2f6d2a4d4799d77f8828efb8cb1eefa78b8053359f8324adcb42eb61ceaa659608af4f3e696e2991c3c35a501e15ece

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-5LRAK.tmp

Filesize
1KB

MD5
5c585b860dabb8c9eb769dc95e23b601

SHA1
55cf0d8f5d7d5b3c7199791b2e04ca8d5def2506

SHA256
45e82060f4989085663193a94d968ce2935caf7c5f7666ef8cc80c01ac74a49b

SHA512
ebad66b147ca68662210849282f302214dc6026e6e38f44b8a2c0f95c12a61227d67a11f4448bf67c3bd75a1cf43188461b3a8f88d9fe309cc534cd39b1a8b69

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-6MQ5A.tmp

Filesize
1KB

MD5
138ea5af80d5d4109825ae7aa02fc031

SHA1
80c00898af87a969342cb4eabf411f74a955657d

SHA256
9a7c66af98db063905bc38d3e4bd36d7a1914a7ca228389304089d9819243203

SHA512
54376f20f00a978a76d26f2724297735a3eac3007a0ee374925d2e0d73fcdd573baf420773add3d7cea1c4a67230741f3052269dc192a4f347019b7b75ad4f10

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-6Q0FN.tmp

Filesize
1KB

MD5
56b3e672cf6f3b6962ac02c33ee67adb

SHA1
3e14c7c979ea0bed2dc5bb64839279b7eb622393

SHA256
0630fb77ac482426b45bcf995bd25cf13050ef2d595a7a9f495df2dfbe671bc4

SHA512
1e3dde95adf32dcb1e402050b8e67bc462bf3cf92a58649063e63a832dcbd038f58e0bdb714786cb31861c868c1237ab5e6af349cca87c4c77963a20d2f61b12

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-6TCJG.tmp

Filesize
327B

MD5
996f89ad67fd3ebacdeb64b9eb04de3d

SHA1
79e50742926b8b09d639a07d64e821ceb85925af

SHA256
a6519c21cd8cf95a87d047346c2f13a89aa074c80ff3ccfabd19e99fca0b1e6e

SHA512
82473a99243178a850e5cab69edab06c6892aff0cd935ae57128e47782fc206f96f3e63a8148cae7f23b6d3b23442829584ad3de801f937795f073b0f426f7d5

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-7D7UR.tmp

Filesize
976B

MD5
5dc98f6d0132073e1683774d6595894a

SHA1
d0d2a6d6a64720643e64f5924ad040978afbda90

SHA256
dca17c68f4383ab18bf2b793ef118877f6e379b6f1e0bef57b8271e17d5c8799

SHA512
7da87a1f2174a7a557524d2a2356aab138eee702b866d875c700e547ff5343d5aba3a0ffd971ed6456f79e4a6c8055bdec95d519b28a65e7cecc4f438ef37b89

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-7TO3H.tmp

Filesize
496B

MD5
1ccc904f68b9ba001e46752e6bffaeb8

SHA1
3121edabba54ceaf01cb0548585011e5b4d326bb

SHA256
ca4ef2d0f59be475b503b210c042f8a736888eb63707f5d183282ed9f7a2b18b

SHA512
5115f0dd0d452e8e73b20bdf00180bf4b2a941e65a03c79790f5455adebfe0ffb73401da1154ed4bc87550b34c11a60fee60079d496b063e87bdb6e3e28f4c4a

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-81SOK.tmp

Filesize
1KB

MD5
f8c5aedd1677cb790b5cdd5dab71a32c

SHA1
cc50f9999617a032d6c521c253e5a8b1f6a90a4b

SHA256
19b0b7000dc87365ebd07846d484a2d631aa2ca91b4ef2c40d7771a8306fd085

SHA512
8c561017a7b3277a60888be7fd0c333912411df0a2cebd7f6733d5493386074c16b0982f73a26d365fab4bd0c45d32fe35bcd611885bd326508f1622b64eaec5

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-88N3L.tmp

Filesize
1KB

MD5
04f247f796f4de26ab44fe4e99af029c

SHA1
cb1f8a22e20fb8cbef304015680012c3520e6451

SHA256
a3e8459a7e38790854e6b632988f0d3a9ad67f662e928c47b26c28103dc0b21b

SHA512
193f2f78c3342dc62bc2246eb827655fab2cdad0881fdfa0ecce1d21cede800651dfa54e9d186d400904876ebfd540c25e39a0607bfe7a531bcd0671afc97fc4

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-DNQ8G.tmp

Filesize
1KB

MD5
4383e05898aaee62ddfb35e5f70b6267

SHA1
b5d6ddc83807a6d34553b3b9ebe2c42fde0645a2

SHA256
852276fd50e7feffbf6e139e33bf98b1a618ad6868353f90c0619d521e86d379

SHA512
eddd9707e66120c42f997a81db53c5a2403ffbecbff70506a8451a689377d9ed8cb8ab296382ff27ff9fc6ca8b45943799eb0614814bf4eeb51cf5b9e1613d40

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-J1NU9.tmp

Filesize
96B

MD5
4f323c7778af5b98ddc56ff255df3f92

SHA1
1d0121904a5e0c22c547e61a4a62f37de81ebcae

SHA256
0ddf6e8d06b75ca793e8f055cfc22e09f7fe7d14c8db334c2b47497ee8d0981b

SHA512
89b74b3ff6be8b0d6833e23f613a3819374cd82b7c3c9c4f40d44a8e61421e7ed7727910208a5e9d0ac8a6122a8a6d75644828411b3300bd1430ecd9c8e20923

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-JN9HN.tmp

Filesize
524B

MD5
f7363ec786ec426f2df6e406149a9d97

SHA1
76b49b08c16c7917da3cc56532d70bb4c9924904

SHA256
1ed49f919e0cdbb9a8574d52eb1f0483d6ad33487a587bf6be56b2c9ef85a828

SHA512
309569b2cd018830ff90afdb8bad8c74ce8299e40a11a87d2b57e5c4dc35305455c4815deddc0a175c5b5772f0cf0f00fea219de52a64fcbfc2a3170f723d9f6

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-KEBTG.tmp

Filesize
1KB

MD5
ca9a79ecfb2b908c327607d84a034e0d

SHA1
b312513c31ddd5c20771660dea98ea8885ba114c

SHA256
febc389a4bdaca16dc3b4316ff6c702bcf7dfa8b6c1edbff6733bbc73ccac75f

SHA512
9df07c4cdec439775582a2dc3ed586f44ef69502753b606d6776302556d4ef40b3e28fc8650d4314f892a14d71eec61d9c4008cab0d87c8b466e0fadea8caf01

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-LBHP7.tmp

Filesize
864B

MD5
8765e4e587cbf57e1c7f15562c3a1588

SHA1
e72b48c6330b11aaefbe60df40691659a5933f7e

SHA256
d623882b8697cf8f2f028e519d4aeb9bfc302999658bd6d6d9489b80cfae835c

SHA512
063798a3d4e98a4d3905cdf92a90ed91bdbef4dbe765da6b245de4b4952a8987566c748c03de01ab35b16cb0c3a48b6ee7bd336b3f36c74a90110caa0d387378

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-Q1SAN.tmp

Filesize
1015B

MD5
8752a1cab631454b3e4c3ab7d248df41

SHA1
ee0eee0bb459211d7cd5b2902b32ae3024572658

SHA256
1f2aa4f659a03ac04a07e383b8102accc9158417b8871f1bd753889e84d519d8

SHA512
e29081d7cbdbf521c650e354ad4a2bc8d2edd6cd11a61d8d880ecad32836c4374f034160f942376eceacfd3e2c9d3aec3f9cd85534ea234ac2d0d7c999830244

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-T6OD4.tmp

Filesize
10KB

MD5
29935c0b7d8ac876bdef57961fa04a0c

SHA1
d6dfcac097e6a1b9e55bef632b1cd4791ee5413e

SHA256
fbb97688636a30358926a97409106ddc8c2abf17336c4f914d73a6b00e72aa97

SHA512
0b6e7d27662584dc0a055b79d1db2d576b0b55a5822a013eb53be7c8982cf6f873931455e39c8118710ea15e002a0beb6a9371ad2038393367b83eaf537f9414

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-TE4QG.tmp

Filesize
1KB

MD5
268cb84e2aaaebfb1774775517a5cb42

SHA1
861cdc7e780ae115f4d5184150e805305c468678

SHA256
a409b6b33cf30a18b647effd3def8846c000bd758744d20b9dde1682cf5fce10

SHA512
170968d6dedce33141f61bc962c8a5bedf459bb29568ab1dd9e2cc6e556c9256c9e5179c9241597041db71280e728de1ce3d16d0b430eacb49f4ed046f140992

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-VIS2N.tmp

Filesize
567B

MD5
8beb333e6aa40e7e177b26c44a494ab2

SHA1
027cdb41bcaba0aedb6d9090fc6edaec913f617c

SHA256
f747e254505f98ce51c5582a277455e89518ffb12c893489974ecee68f4752c3

SHA512
ba519f13084a803bf589d996df3ac58dc5cae3e77b6624cac6eafb396ac55c85493f7205b94db49222916e5250c3c699af67b7d1c5907638e95721642a63842a

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\WXAudio NANI Naomi\2x\is-VP48A.tmp

Filesize
3KB

MD5
c962ad10b3b8c8e63c875f6e02b2e4e7

SHA1
3537fe9a57a5a2fc145825d4299e24424e93d799

SHA256
aa266990887be536752a413a300bc48d4e774ab8f2da6c346105b283ba649378

SHA512
ae1c0ef31b763aaf0a52176cccd83d37f65720277f252210892f90753a49f732334c4c29bdbb59c26260519b14bcb9ca571eb22bc90e9f0d30f7578413e33847

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Xfer Serum Pro\1x\is-PKON3.tmp

Filesize
1KB

MD5
883fb7462fdc1569ec08ed52d82260aa

SHA1
dbbef2d3a9aebf0e57624171b300ae54814fcc3a

SHA256
7d30f40d3aaea1a3d57d39247293967dfef49511eb741493bfa824d972024bdb

SHA512
bd749710071fe6f5e9f2aca2c905a4cb8361d6539feaf0a7c1dca0152da75396903f08c550cb2eb421a259e5cca00ce6940a731a5f330b1820356b573246042d

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Xfer Serum Pro\2x\bmp20231.png

Filesize
3KB

MD5
b8d8950471a81c8c04e0724afc5a0f83

SHA1
bf8c424b685b3bdde4e04f7dfaf0caff56a9fd69

SHA256
e66528580ec1b2c4eec156133f67a198bace6814378b066dbf8cb0ade7ed208d

SHA512
2541e2726bc1439d1937997398916d0ac87b76cd1a03d8dbc100b7a511a33aa04d559569d2e5d17533a9d7707de99828f6ce13af2c24db844288139752790fc2

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Xfer Serum Pro\2x\is-GFC03.tmp

Filesize
853B

MD5
567d72fed9c5f8ab9a9cd8c2d97c2db3

SHA1
ce41343ffa907902b999f199f99f1cb40960e5c3

SHA256
f909fcfc3402c370183469a0bba2ee2aa6892b6f5d1f78dd63d890f31885b6be

SHA512
77600faee453073ae5db3e8a1ddbc3df6ddaac54de556bcba3126cfa2f0257c5a60b9d2c1432056fd47d61b024a485139d3beb9d00b42a2561817cfcf7d59b97

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Xfer Serum Pro\2x\is-K198K.tmp

Filesize
2KB

MD5
28dc1e0569d69b92043b3b132381e9d9

SHA1
7d5c35284525e868d7cf641d0fd773685615b786

SHA256
1931c924452631415ab6e5075b19930ac9b461201cf7c360767e7d896cef2acb

SHA512
96364ab81db606fe17a2680be4fd5d7d9e8dfbefa8f4cf53d671af68bb68323a90ece8492e3a45b4ee8b3a48327cc1fe34e142e4d0eefc9ba74799d17d6e5de1

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Xfer Serum Pro\2x\is-OSFO3.tmp

Filesize
1KB

MD5
fa1499c7cd0b5c9885b156dc0c2fe018

SHA1
341cce51b03bb798e48cb208a5f95722a3c5bbe3

SHA256
c50e3a44bf78bddfe9755d7ec65fe5faa982e21a54780486b8e7195b3cf59df4

SHA512
f362e123f1e4f934eb7d019f65df59182f429ef450e2e0b117cda0164b3b9b1205217f13bb7707c2d1c6669845b9c513053b092972a3da9749cc8c9b1d64bc4b

Download Submit
C:\Users\Admin\Downloads\XferRecordsSerumv1.368.q.taiwebs.com\Xfer Records Serum v1.368\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.nfo

Filesize
1KB

MD5
6af4f88baa5aed06a4fb54230689b0c0

SHA1
4fddc86e13d968e7b8568e660d41cfbc2d7b314b

SHA256
7923abadc8104238c48c5142c8c222e057f801f9de997c2a3721ee05647d02b2

SHA512
5698fa98d7b80e6e0b254a2016e41b093a90113d9c1fa76d5749941c69fa796c4d5d8127a46366b6e4744675435af604655836763fdef42228fc141dd604d742

Download Submit
memory/2440-2664-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2440-6180-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2440-6190-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2440-168-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/3520-6191-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/3520-167-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/3520-151-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download