Analysis

  • max time kernel
    174s
  • max time network
    172s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    27-12-2024 01:22

General

  • Target

    https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbGZhNjNLUlRLVUFURF8zWldNV1I2cndIMFphUXxBQ3Jtc0trSkRTa0hoMFpZT3JDZWYxOUtvYmZCZG5iOFpQUGNiSU04REtQNF9DVDFuN2ppWEc5M2ZoYXB0MkJXcW1hWHcwbmxyX2k0SWw2RUtVMVV1akd5LWxUZzJRUzM0Mk5OTnFpVWFJelF6SzhjckV4R25kOA&q=https%3A%2F%2Froblxgets.com%2Fwave

Malware Config

Signatures

  • CryptOne packer 1 IoCs

    Detects CryptOne packer defined in NCC blogpost.

  • A potential corporate email address has been identified in the URL: [email protected]
  • Executes dropped EXE 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 59 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbGZhNjNLUlRLVUFURF8zWldNV1I2cndIMFphUXxBQ3Jtc0trSkRTa0hoMFpZT3JDZWYxOUtvYmZCZG5iOFpQUGNiSU04REtQNF9DVDFuN2ppWEc5M2ZoYXB0MkJXcW1hWHcwbmxyX2k0SWw2RUtVMVV1akd5LWxUZzJRUzM0Mk5OTnFpVWFJelF6SzhjckV4R25kOA&q=https%3A%2F%2Froblxgets.com%2Fwave
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff91578cc40,0x7ff91578cc4c,0x7ff91578cc58
      2⤵
        PID:2044
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1896 /prefetch:2
        2⤵
          PID:4000
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1904 /prefetch:3
          2⤵
            PID:3904
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2432 /prefetch:8
            2⤵
              PID:3024
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3172 /prefetch:1
              2⤵
                PID:2180
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3344 /prefetch:1
                2⤵
                  PID:2616
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4628,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4644 /prefetch:8
                  2⤵
                    PID:4288
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4712,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4648 /prefetch:1
                    2⤵
                      PID:3944
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5012,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5032 /prefetch:1
                      2⤵
                        PID:4928
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3188,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3536 /prefetch:1
                        2⤵
                          PID:5228
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3496,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3352 /prefetch:1
                          2⤵
                            PID:5240
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5240,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5216 /prefetch:1
                            2⤵
                              PID:5248
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5116,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5236 /prefetch:8
                              2⤵
                                PID:5600
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5564,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5396 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5996
                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                              1⤵
                                PID:2740
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                1⤵
                                  PID:4572
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=5784,i,690293423614796501,17475910179943560176,262144 --variations-seed-version --mojo-platform-channel-handle=1836 /prefetch:8
                                  1⤵
                                    PID:4236
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:5892
                                    • C:\Program Files\7-Zip\7zG.exe
                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release-App-Botstrap-x64\" -spe -an -ai#7zMap2093:110:7zEvent20878
                                      1⤵
                                      • Suspicious use of FindShellTrayWindow
                                      PID:6056
                                    • C:\Program Files\7-Zip\7zG.exe
                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release-App-Botstrap-x64\" -spe -an -ai#7zMap10471:110:7zEvent28700
                                      1⤵
                                      • Suspicious use of FindShellTrayWindow
                                      PID:5516
                                    • C:\Program Files\7-Zip\7zG.exe
                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\" -spe -an -ai#7zMap27593:126:7zEvent19659
                                      1⤵
                                      • Suspicious use of FindShellTrayWindow
                                      PID:3092
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=3792,i,690293423614796501,17475910179943560176,262144 --variations-seed-version --mojo-platform-channel-handle=3700 /prefetch:8
                                      1⤵
                                        PID:4356
                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe
                                        "C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe"
                                        1⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:6100
                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe
                                        "C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe"
                                        1⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:5748
                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe
                                        "C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe"
                                        1⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:4696

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                        Filesize

                                        649B

                                        MD5

                                        26d12de31204be48f0e21c116a0f6d2d

                                        SHA1

                                        0fa8a45b8955c810cff0437580a3dc1e61d5f4e5

                                        SHA256

                                        f9e3fb3e857be9350d48d3bb41fcf01b7d9a958c9f5e1ccc638a952e4b5f3838

                                        SHA512

                                        6c368653dddb59772ebe938c054a3909964a4e0732ce2f8d40f038265cc916cd21ac2761c98e5998536253e006a7a2db33182b4597d60355ed13e34398f103cf

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        216B

                                        MD5

                                        7584f62d92567316b87f0de77f3df309

                                        SHA1

                                        6ae29c1bbbdbd20ccae3771c4de648f54d09dce6

                                        SHA256

                                        bc3f325f00654354c3bef16516cd898db0fbe8ca01277252948f4aa095affe1a

                                        SHA512

                                        c7ffeef8ce309831f3e144d317281638538d5dcd179ef418e4ffa790b09b7594e0b2c50115c54979bba1b19afd3a1268643fec31c0df4da9ff08d1d5f6b7763c

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        3KB

                                        MD5

                                        109375c8e71c5d219542a417411af2c7

                                        SHA1

                                        bf58290fdeee87bb6ad6ca1b70b8dd6f7ed67fcd

                                        SHA256

                                        d361e18b0fc7a78af62472249fd5fa2e5018c1fd28cd51769c29f78b90aae2f8

                                        SHA512

                                        ed94b80f215f3abf410edfd396d505d790ea7e693d1077efde0c3a884c6c80a62f3289afab14355c27fe1784e97f80a9cb5b6cd842840eca09e086572a50387d

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        1KB

                                        MD5

                                        c211c12b7e8362d0e7e42049b4fc0912

                                        SHA1

                                        f7635ac6d0672bf3314ad23cd2bc7829d03e219f

                                        SHA256

                                        f6fe2e740507ed865f6d2d9980e82349958ad0e4875b27e19d658a016dd5dc45

                                        SHA512

                                        6c4fed97d847bb334452fc818a5bc05fec778cb9fa343cdfe354ffab3c02bc8d0b14cef37454f38c73e10c7a661b0118b2b52d62c2967a8124f2c10581d4fec3

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        85a2a3bdf8ee681a793238624ed448af

                                        SHA1

                                        838e5366bb44fc56cf238cc2b9847cbb5704c36c

                                        SHA256

                                        bda3d45440b0500c7f478b3e900250bfa0387977fd4cbf03906fb10dcf3f9c35

                                        SHA512

                                        1aca7975e710c95cdcb417c8f6af00c38320f00fa36a0efda7c8bc97dbb032a63e5da868e3dbdb58fe074fa335bb3e3877f1f5ed9172d9124fb6b84f533e5e16

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        10KB

                                        MD5

                                        c24f323495ce336e7c3f9a7e5bde39c3

                                        SHA1

                                        b2f1b3b23ad76d1b04818f4b59b31500d6d27ae3

                                        SHA256

                                        97e3310c4417786437669a415a256db479242c72cc566ae0b122b31a9d3c5bea

                                        SHA512

                                        1be9dc0a6990556d5587e669c144eb3a173b715ef5b4e77556d8605bffaaa2d84956c7409ff75c48f288fedef75edbd93873256f8de2225a71790a89c6d97948

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        10KB

                                        MD5

                                        41cfc910df8b47ade7cad2f3466a50a2

                                        SHA1

                                        334b79728356fd004598454253c35f3f8dc1da80

                                        SHA256

                                        79fa45bb9d9034ad9e0a428b09ba777c066c776f34b969953d2dd8dbae0e7cbd

                                        SHA512

                                        62952c54940b761fce7c4757bf7cb4d8eabbc823a06b78a64620804ba35aa3e8fafa7de2133b3edcb2d29d3cb02ff02445ff6e0ed09aa0a569a89270faa95483

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        10KB

                                        MD5

                                        b600174a49fc393f9d143129a3e2eae7

                                        SHA1

                                        931fcb8c544a7c121bcf9ce132a3afa2c2d3b83e

                                        SHA256

                                        1855b1a09d2381d727ffbd5089dc7f66c98b4e11cae1a63a68d7e8d447d4b60c

                                        SHA512

                                        9c0ca59a3debfd9f2f203e0085ed0ef718fb79bd11934b3531254f9971d9a1dfe8abdbb3818ec7d597d571a20531e570753eabee671ad699533fc82b20de8edc

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        29eec8b21296f54ae240c184f96ca3c3

                                        SHA1

                                        7426455962010e45336e4c739c3a6b1baaade016

                                        SHA256

                                        d666d25b1b3140c07f1cf00f3e9efeac819d4d0c0524128103d8707d1605fe15

                                        SHA512

                                        32aec2b60085cad7f6363bf7fca15bb64f56f99c3123b36e0be7bbc7882a15536dbf88b3e833e21e5898fb8d07c4d2488490d9e28d580bf02f59fc3c88ad9eb2

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        10KB

                                        MD5

                                        443862f2bcc112b0a0e51fb57abcdb9c

                                        SHA1

                                        a7761c1a1fd9101c8cddaf923a759d0d9ce3fa1b

                                        SHA256

                                        2a258fb31d58216d8a32a5ca6e2262bdfde8eb25cb7e34ce1537f61daaded1bd

                                        SHA512

                                        1f001f00a4cd68c1f16e762ee8e82333be940411f1fa3e396d74f60fa4d13ddbbfa6b8ca7c180b703e12bef62b611f7cf51a12e7c6cc63da450e7e1d9006d75b

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        10KB

                                        MD5

                                        a09e5ac9aed666547d8f6d4bbab5110a

                                        SHA1

                                        04f5974a918b52754b4828dc8edfafc09aea3616

                                        SHA256

                                        889a99038911312034e81b15dd262826393a8dc12a0336e6772f8826da296acd

                                        SHA512

                                        dd86041af47a280492227b103f32a3ea93998493ad329634c12b13626a11893f04a8d711fffcdd4559ad0a0183aa29ee1b7a97e7bab870e9ad9a17dfd09de220

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        10KB

                                        MD5

                                        7ec2cc4467b5c2d94b83ad0b3b4f1442

                                        SHA1

                                        9c701c07d52e7386bced2bc81a833fb512a7fc52

                                        SHA256

                                        bf087fc92321e601014bd928a1ee1af50f3146222e869616b97f82379fce1093

                                        SHA512

                                        0b1e9b310d5cb9efb6cfa1919e20ea23b5129830077ab8b4da62525f2d73726d187b8cc7c7dc75bfb6f3cb70d221651b33d089d0dfec9782a4a2f34347d35d3f

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        10KB

                                        MD5

                                        a52c140f7cc79c271e39b97ff80e3c69

                                        SHA1

                                        3b3c813ba79f0730022c811a23ba37ccb88cbc9b

                                        SHA256

                                        2fa56fd303d716ab9e76a6bbb6c4c2c2ce75feed5def0702db8fd3ba87c63e54

                                        SHA512

                                        a3d5654f8e99ba2662efd086e565131e2242ac5bbb7b6310cf08278e1349fe084651670c9f91e208fc8cf3dd588e46e48dfffbf37689e371ae3f454ff5fa82dc

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        10KB

                                        MD5

                                        4eb5617903c7de57e2c5665d08bc9109

                                        SHA1

                                        c652ddc7245c6f58ce84d90fd5da04b4f5ddb56b

                                        SHA256

                                        94d1e21ccc339ae1daf161ec9d7ab01e67bc45638072ebe188db991542ec9eb4

                                        SHA512

                                        348c86c1df1e5232dd930b5c1bba7961c7d3d058349f44e0069a138aad26588ecb4454f179bc30bfa6bde47c93ca0b60d9a9448245e08da295028964bd2c102e

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        10KB

                                        MD5

                                        a7ed431a3aa6d1cd40e5d5c535e2c5dd

                                        SHA1

                                        c507e2c6aca4e8acd7d7b65a9904f73dc14837e4

                                        SHA256

                                        68bc90a57602918c9d3035deff105aa970e9e58ebd0091718d887b87af0a8b71

                                        SHA512

                                        e5f899e51ef9b38ef9d68b0728519bc3741ea3a847415b0a714b4bb3e87ced68373dfb803ab17b03e9f0cf830075ea15c5da31aefbce4e60872e965185ffb6bc

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        118KB

                                        MD5

                                        2ffb981935c4aa9083ae08c8b458f792

                                        SHA1

                                        1208e49cfd0733c11ab0c6f326bb5fdd179d3262

                                        SHA256

                                        321bb91a86033874250edec4e080c8854365ecd8cc796e04bcb09ca3478c412c

                                        SHA512

                                        5dce99255e532d58c2452a048341daed9e68c937bbac10848aef834189ee45a4fd6c3e22b0f6b98378b2772feff60c8334c5c1803abaf0f055a179cacd5d5706

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        118KB

                                        MD5

                                        ba1403367eae0b56188028ea7a265178

                                        SHA1

                                        c0be7566f0f5867719dfff767858c249ae5053fa

                                        SHA256

                                        44cee06eb50c6b44fe8db985c8c344024d23ebfc868325cbfb7e3a7897948213

                                        SHA512

                                        b2f8085b051049525970a1967023dbef137c4087c3ecbb019038de72580c74c25309dc9d74f7090e479ea7363932f0b04b2306aa0e93fa693cbc9b9c0f0577fa

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        118KB

                                        MD5

                                        8ec60bdd5273c6288931c5b6571c1282

                                        SHA1

                                        064efbd2cca7fa8ab7a3de97f311991a6a5cbca2

                                        SHA256

                                        0c112a22a40b2a50112342e66c97d8fbdd3ff787898c33e73092f7d90ff1b9a6

                                        SHA512

                                        d22c0459d4835c5606d67a4b5ed516d37241e9b45d01e1fa599caf452a8e44777b69c45f26bc88683182343760903533a27c8aca0f29f4af6d353181c85395c2

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64.zip

                                        Filesize

                                        41.8MB

                                        MD5

                                        8cad19ffab4ad5ef77a157f29c6a1765

                                        SHA1

                                        fe1bf4608838ca315cf844873fc5ec05ac40ff1a

                                        SHA256

                                        e60951d343f7560c7fa76b5a177e819fbb440c68ad9ea55a8a2cd6b1abfa4dfb

                                        SHA512

                                        c42d055a0589322b93c40cb3b809488b8f96f78cb9aabf54b44fc42cf87e1ac4bed6c5b383a17732b345fea3676698768ddd3460ba81c689d2a580804c21eb10

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release.zip

                                        Filesize

                                        41.8MB

                                        MD5

                                        4039725a454445d3e01b3e7da04b491e

                                        SHA1

                                        06b5f1ec3ba83f039d69ca483686bd1276919d31

                                        SHA256

                                        7ca62473a19301f7e7e4bcc11711036ad0d898627b31407202c9385c09f95e6b

                                        SHA512

                                        ff47ac04a0207fd9d4bb7271b95ab9f6efd694d05f3f126e07631821db2d188cb9bc7c6d72af9d9389ea5e263420ab4d0531620f3fc743533bbc668064a472ab

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe

                                        Filesize

                                        980KB

                                        MD5

                                        ff6c56326f0ee63ca9360576a7449ff5

                                        SHA1

                                        0ee6aa098523f43dcd93dedaab26b7a13f37aec7

                                        SHA256

                                        aafa6952bb4c20240c67300a13ca97756ac5907f2abfbad9b76a6377605e3bf4

                                        SHA512

                                        631308c7104f958d8a36e9eb01a7c00c35e2092055301cca89c2669b3b3ee141129e7ff7838fb4c6d2af20fd1f3b6e57035f74805c2e02d4ed68c4b4ac7583d0

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\autoexec\scripts

                                        Filesize

                                        18.7MB

                                        MD5

                                        88fd7dbf04bcf75123d02009aea3f7f7

                                        SHA1

                                        cecf16bdad71e54afc941179ea2b7438a04efa1d

                                        SHA256

                                        01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4

                                        SHA512

                                        2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\.tests\isfile.txt

                                        Filesize

                                        7B

                                        MD5

                                        260ca9dd8a4577fc00b7bd5810298076

                                        SHA1

                                        53a5687cb26dc41f2ab4033e97e13adefd3740d6

                                        SHA256

                                        aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

                                        SHA512

                                        51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

                                        Filesize

                                        8KB

                                        MD5

                                        0962291d6d367570bee5454721c17e11

                                        SHA1

                                        59d10a893ef321a706a9255176761366115bedcb

                                        SHA256

                                        ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                        SHA512

                                        f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\Extension State\CURRENT

                                        Filesize

                                        16B

                                        MD5

                                        46295cac801e5d4857d09837238a6394

                                        SHA1

                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                        SHA256

                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                        SHA512

                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

                                        Filesize

                                        41B

                                        MD5

                                        5af87dfd673ba2115e2fcf5cfdb727ab

                                        SHA1

                                        d5b5bbf396dc291274584ef71f444f420b6056f1

                                        SHA256

                                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                        SHA512

                                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\GPUCache\data_0

                                        Filesize

                                        8KB

                                        MD5

                                        cf89d16bb9107c631daabf0c0ee58efb

                                        SHA1

                                        3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                        SHA256

                                        d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                        SHA512

                                        8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\GPUCache\data_1

                                        Filesize

                                        264KB

                                        MD5

                                        a833653a021f29ee2ec1a845e0c2308f

                                        SHA1

                                        05071159d3c2516d67b765cef012a0a2d3337759

                                        SHA256

                                        8e9f3538e43a68caa472fd47adaf43906e097cfb53ef55d1361caf1cc97efca7

                                        SHA512

                                        0902a886c95cee1b34f9419ab0a10ce0fe96eae57c59ab4cefba99ba3fc2a0237741f31076ce065db14fe3dfecd325458209f0d1e9fcc8b9ac7bff8328e1744f

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\GPUCache\data_3

                                        Filesize

                                        8KB

                                        MD5

                                        41876349cb12d6db992f1309f22df3f0

                                        SHA1

                                        5cf26b3420fc0302cd0a71e8d029739b8765be27

                                        SHA256

                                        e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                        SHA512

                                        e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                      • C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

                                        Filesize

                                        24B

                                        MD5

                                        54cb446f628b2ea4a5bce5769910512e

                                        SHA1

                                        c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                        SHA256

                                        fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                        SHA512

                                        8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0