hxxps://drive[.]google[.]com/file/d/1BmZpvR4DkteowHiu0gj0wIh9n6vOWsTl/view

Analysis

max time kernel
1407s
max time network
1172s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15-10-2024 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1BmZpvR4DkteowHiu0gj0wIh9n6vOWsTl/view

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2736	WSAppPkgIns.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
5	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WSAppPkgIns.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133734936215343058"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	AppInstaller.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Shadow Fight 2 for Windows 10.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
488	AppInstaller.exe
3456	AppInstaller.exe
4016	AppInstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 2412	4748	chrome.exe	80
PID 4748 wrote to memory of 2412	4748	chrome.exe	80
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 1620	4748	chrome.exe	81
PID 4748 wrote to memory of 4648	4748	chrome.exe	82
PID 4748 wrote to memory of 4648	4748	chrome.exe	82
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83
PID 4748 wrote to memory of 3152	4748	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1BmZpvR4DkteowHiu0gj0wIh9n6vOWsTl/view
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8747cc40,0x7ffe8747cc4c,0x7ffe8747cc58
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,1754276467424275726,5050839690837366813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,1754276467424275726,5050839690837366813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,1754276467424275726,5050839690837366813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,1754276467424275726,5050839690837366813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,1754276467424275726,5050839690837366813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,1754276467424275726,5050839690837366813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4568,i,1754276467424275726,5050839690837366813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5080,i,1754276467424275726,5050839690837366813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5392,i,1754276467424275726,5050839690837366813,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2904

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3744

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Shadow Fight 2 for Windows 10\" -spe -an -ai#7zMap8366:120:7zEvent24727
1⤵
PID:1492

C:\Users\Admin\Downloads\Shadow Fight 2 for Windows 10\WSAppPkgIns.exe
"C:\Users\Admin\Downloads\Shadow Fight 2 for Windows 10\WSAppPkgIns.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2736

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:488

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1224

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3456

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
39538e930b5984022a680e73bea87214

SHA1
a83dc4d59ad67453461d5e4ba29638e55add9b9d

SHA256
b4e976aa32a4bb9313d2e6ac483cce4eeee8bd742b1eb3b553405c7c23347de7

SHA512
4ff577da5556e007fc1685bc59fdf10d77478848169fde7ead02aa193266ae9be508b96179c92ae732eca1ecb51280db386a3ac423a8b5df15a9a0ddf3e908d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
677c562ac0bec58badfdeea7973a3421

SHA1
ed74a5b7fe6cb654deb1543a30132548f63204e4

SHA256
da7c59e3485842155f374f3ce00ff4ac929a99f896720c61bc5e7bdddbe366f1

SHA512
b3bcec4edc53e7bf15a43b1f11e3e09dfd4d0a76b5fc96d6153a6001e42568512d17fd691491ac5486436a9fdb396c0048b3122a7fb1a600d613c55101122e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3228c7ae13fbefe9f8fc7219261f0116

SHA1
c0822b9f62b5487940a48a9cac1297253b672661

SHA256
e586f8e7b4142f2ed9118aa6e61462387e22748a47a5209c62457a28a8d6726a

SHA512
30c2be7dbf9a5b9c6dc2b283d1c6354f532ea896eea55e366c2db41bf9dfaea5740342558e1ab57715793abc06fab3582787708aa22a1f6ad5a06d665fa5e92f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
7acb6fd553baabf6d23c42e240f7f259

SHA1
c65982277dddd2d7b7ef2b6ec1b01080fee5e9f2

SHA256
9b96d04a6758fcd444da51d899682ff5948fd716eed689ba7ec836244cef961c

SHA512
3ba227b14df877824714e8349b121974015acddb2756883878b148c5859b2dbb5889ab274b089f46a9df0963ba8c02f152c7104100a4eca922ba4e9247b634e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
207e89629f239a3c75dd5da674823c29

SHA1
a56b2644e2b0fc8db5a0b2eb7470ab29c9eafb80

SHA256
ecd699f969a625d2e1b6b7d296a9cce24422f52bcb925ef862e62fd508f79545

SHA512
26f43009fa5146da138f735b57bc3123b27a0c0236a47fbec00cc09fc487375ee98cc789312f52eae0b8a79e2be7324f52aa3e515612ed0165c4c7c2c6ea253c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a534f2513d0c024b046a6a000c7a4a58

SHA1
2a390da3b967215e518fbe6253ee82580c8b2845

SHA256
17c10910e19f46a09d914ed213b4d74a37afa3d800ad4559e9fd88a9d1e51308

SHA512
fed57e66192764d453e2332e686123620f88d306cf9704e7faa17211295b3409f7225dd713e87fa3071577be8b4a74028b3493e30581f16539e2be2ee3e82790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
681674352902963351266d18c19f8d92

SHA1
d2a995a5200f1cf95ad537ee6926057b1c55491f

SHA256
e224900cd2c871de1e355db8499dc4657aded8aa7b0fa164f6588949947695d5

SHA512
4c09e1e8386ef2d007d389d9d2d067b81b41d64c50321ac9de0f4827eed66da901981268d758a5354492aece65bcab9690e5eced5fc168d494bc356bdad70910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a87449f5a6720fba0337c7f5c6aed93c

SHA1
4f3f07e3bf8cf0635e25333d08a7a02b3cf4bb11

SHA256
a96f486f2f36fedadf5bd1e8de7a0b60053f73dc24c95d8f78ac67d884dfe389

SHA512
c67f31d8d3e9c8c8aad07ed9e6a44d12c24340bf3fc548d252be09a6b039d9e52a5bbad3e8cc1e7a7db01c5c8cf7680865066671c3705e36b62c641435206587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9217145841319a80c5981a1ee30597fd

SHA1
0a7f22ec7a396e51c27a860622fc1589f7fa9da5

SHA256
77f336d6a5415f9aeff618c9462fe617513808ac0c420bfbe20fae35948f27fd

SHA512
71acdf4b2d9eccb7636d77bdc81af678a00b681fd146a7307b29e1f7198c91e9a65364a7a0e57f448361c450b18006d674b952cffe3709abcadf897fba025cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
476da1fb56db6ee31ad5b03c71849ae2

SHA1
c96c8ecb95d34ad9dc33ffaed945a12b61f0479c

SHA256
ee86531e794bcd42dd84fa47c055ca5008db547b11080246dd451134ed748fb5

SHA512
16f443ed1f20837b58d90330c97ecd48d84859ea8cf67f86ccd7098a6ad4bbe1fb90fb23024dd30ace52ad4c7870e6545748b3688530f2d02d5320245e2d953a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1a92c4208db51f4e47b208309940ee3

SHA1
466e6d98df3ab5b9f30e913d324130b5750b92ff

SHA256
9a8d069d50b94448fe9c615fa124357682b2cc3eb8d0a17bb771c1948bc229e1

SHA512
8ad4aef19473614d5dc4d2a28bb573893d43ac07c27cdde723458b07a76c7362d95d2d5411890ab9842661567e1d3fa5e67d33a658e3a0c41e2eb09bef1938f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
41bfaa9771ff2aab3ce54411303ecdf3

SHA1
918461dffbd5b9247d7ca2df1964700ed96dd22d

SHA256
e78d4791b73521a5d8240ba8e751965ff16ceef9c6c042ca99e3bc1fa69858be

SHA512
a044b8a3e861ef60a05cae569e608ba2eeea49380e7812e70d354925d27fdee3cec781f54a38d5a4b23bb3bcb150bce45365a4b9a79422fb0c99b4d729029987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4471f5d3aa990f14336da13bcd559a42

SHA1
b8264261e894a6d796cd56eafb99a468c1413467

SHA256
731f117a85a766fa8c65fd94dc862096300f9be705651eec15f8cacf547068c7

SHA512
379466cb1d0f3c6ad4a2cb89a7bc17b48151557d70ccfce0d2b9bde593fb9df987f7f2cd125aec483bd69217faa9a778685170961561816a74da4563cfb29acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
8e7788a907124dd2ab596569e347c42d

SHA1
e07a3019aa56465d65fe89510de8cb0a4f17f156

SHA256
e82dca527bca68fc244c2924728878fd95c66efd198f4e0e0b16e0f7ac6e3653

SHA512
9daa3cd33117591bfc193ff59f786e24fbef1a934b26d03545fad1be6a522df1c73194321240bee938914ba6b5c8db0119a398fdf1de6e7512f096cd43d85c28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
d3947fe572ade279c95f0aee6ce88dc3

SHA1
a60c78a2ae42cd84ca595fd564e311a2c2a7ccbe

SHA256
004cdd90745afd5d501fef04b13ac78fca8a4bccc2d8c2842288785be4e641ab

SHA512
3960580a460f79caaea0846488509e843921ff74a4bc745b66a56f050f5011bd971af3a2df32f15adcf49a503b48bcb66cde21fb42b0197654b6cc60312641a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
d637ccfe8d61ac1a505ba8d05295c15c

SHA1
3d4aec270fdece9c29b12fd74e1d1a98bded1d64

SHA256
47647d36fd55012eb387db1e4eaa04e1ee3d35f8643e30c6473156c292b2e098

SHA512
bdcf7e7ce0a3f8feb6e66f4e690f4fa6aee0bca2b77187247534fb3aa420bceec9b6484e3ed45e9e6c2dd0e7dc977d720ca57d8db56275222c12b01e14d4cf57

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
909B

MD5
9a1c8657c80d34f05fce754c6296f05f

SHA1
5dead8ff61355a11c3e240308b5ba2d9f0c10546

SHA256
17dbd00e64f883c983d9862479312b81e129db4e2ccdf16dcfe6de56c087715b

SHA512
632fb353d2a50673c6d913b0d44aac9047d31b1f3ca141ee897033c1d424215a238540d26fb9f70444b98044a0ff50ea3bb9dc9681feefd062056373247e1117

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
effe4df916d5e0b8eae204d8c9795fca

SHA1
3cfb1438e03b2e161cd47d82c5976e2d4569f92a

SHA256
020065ed7e6a4501afe227022ff8484a4e211f00a93ab63518093a8ce5a2cc9c

SHA512
40297342531cece3d84bd8667cfcd48e213ddf41fa2ccc502b0cb009f0bebbce1314f598802098af724c7b956bc91901f66898eb9a08314e0608e6a8b2c2152f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
040beea9dd40fb2aee290b5677a7f646

SHA1
74df461a56c6e19db62fd95685702f9854d21765

SHA256
6596a5d311ed2f2fdc7a7c6aa171fc9eccfdbecac0ff876d821ae37c9d5d5cbb

SHA512
54a89084e799ce46b269f15a07f1a3b8b165007f197359f53a96cb32dae5cfe74aadb5d07d4f217d2c0d7bf7f9b11d2e6defc7c1945cfba04593c05bab20ba97

Download Submit
C:\Users\Admin\Downloads\Shadow Fight 2 for Windows 10.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Shadow Fight 2 for Windows 10\WSAppPkgIns.exe

Filesize
161KB

MD5
bdea2915a2a62efad4649f95c9f5ef33

SHA1
c7feeeff814488a4bffaa0028cfde2b9c2983fb4

SHA256
a72ec5d36242025924c75ccd95145158cc9f3b1dbaddcb4639aaae63f711c240

SHA512
f99adc48b1890abb8867b92e98f8b68a5caba706055967a9aec9137db69905f44f59547a3469dd331c5392fdd09bf314d40bfe81d1f6c92b85952fc480dbf9fa

Download Submit
memory/2736-332-0x0000000005050000-0x00000000050EC000-memory.dmp

Filesize
624KB

Download
memory/2736-331-0x0000000000580000-0x00000000005AE000-memory.dmp

Filesize
184KB

Download