hxxps://github[.]com/git62025/movie/releases/download/movie2/blueredgreen[.]mp4

Resubmissions

06-01-2025 21:28

250106-1bpz8sykez 10

06-01-2025 21:25

250106-z9lvssyjft 4

Analysis

max time kernel
189s
max time network
185s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-01-2025 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/git62025/movie/releases/download/movie2/blueredgreen.mp4

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806723280020565"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\blueredgreen.mp4:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
6024	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2776	2044	chrome.exe	77
PID 2044 wrote to memory of 2776	2044	chrome.exe	77
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 5884	2044	chrome.exe	79
PID 2044 wrote to memory of 5884	2044	chrome.exe	79
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80
PID 2044 wrote to memory of 1372	2044	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/git62025/movie/releases/download/movie2/blueredgreen.mp4
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf6b8cc40,0x7ffaf6b8cc4c,0x7ffaf6b8cc58
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,838373323548315914,7147194299481451597,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1772,i,838373323548315914,7147194299481451597,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:3
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,838373323548315914,7147194299481451597,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,838373323548315914,7147194299481451597,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,838373323548315914,7147194299481451597,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,838373323548315914,7147194299481451597,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4672,i,838373323548315914,7147194299481451597,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4872,i,838373323548315914,7147194299481451597,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4752,i,838373323548315914,7147194299481451597,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5384,i,838373323548315914,7147194299481451597,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=740 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4296,i,838373323548315914,7147194299481451597,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2328

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5600

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3336

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3356

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e3fcc71d2e649938b788bd8e4533e8cc

SHA1
009970237bb4c9f45fa72968740a21c35b62c764

SHA256
78e91a40954275d6ce2f74ad34527d8b4659e95d3f4727544fbdd7cd17502fc7

SHA512
e22275c191fe6810683573ab4ca5ea8ba2878ab390160c36c1b3b5ec6b52957fbceab340b2ca6d6980116882ef6f5da15ba5345447d707324c5c7c67d3ccc699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
20d783d4c5d56a8818cd0ce7731d26d2

SHA1
db928ff2910f4816deb3ba058d3b0b6d62ff5b8c

SHA256
435e7a66109783ed28c10ed6bb94adfc0e4c0c8d87fedab066ed585ca52c4fd0

SHA512
323fdb201d3be8796d2d2d0707455f89133a09f2176ac48990a634e10b8bf94c16145a1d3dc96e4d41396fbedb80046d83de04f9f7d0f1aa1195aeeb20122da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8fe60cb2-b824-47c6-b8b3-58b3742b6e28.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4b37be7acf051e711e558d7723d17bd9

SHA1
e2d8b43fb796873b82e41482af3a698a0bf18186

SHA256
f69fa1dfab41d9c64e463ec3af46046ec6a5df9317e5fbf277cc3d099d1dc314

SHA512
8435f0d1e704890bc4b6343ea0e38e6088d4ae30f98d3d299b686eddd42fca2860f88aa5d127d467c1792868edde8ad591c258dcb40a4b4c9c888ea3e2f772d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
93985048a767785001cd40d0bf3bc35f

SHA1
ed3dba52fdf0581f1912d0675259be2f82e58d12

SHA256
50449f5a0efcc4efb69a83610b910cc6b65ae23de817035ab4909ade5c45b3fb

SHA512
e5e405251a31b71058ad9b4771140e91c8037fca8c7493f9ae66ba65a8d018da54b2a6569307a32249c6f91f76f8d5ef7c8ab517ace7d68b431429fc1a8acade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
772d1bbae1006f2f10a2bfa4b565e9d1

SHA1
0c9dd0e875ca341993527bbae1aafd1d2bc1dc46

SHA256
f043218d0169de824998cbe15dbdd127645025e123644623be2f66540ad44001

SHA512
ad6fbc8d23a283a6331f2d7dcb63f0c03f1131a9b517caeda1d941041c08f1570aed50e4220a6934ec145015f73a92a606bda922c05d2b054400534f05983a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1b06b6ade89bb756f0354120389b37b1

SHA1
2effd7bc2933b13baa868695b58c53314587a8af

SHA256
f05795a19e87248f45d2800ec1dd101f21c75e4044f228615ad3988c93671b94

SHA512
a80e68dec1b4709ed9e6b86bca2cb7be70c588f553b208e2ecbe3fddbf6799a8c294c9713d406e60ae035053e7715c51e69c8f8183eeda44823d38935c4dc493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
d3733eda7f534049a82b536031428806

SHA1
acf42a18c93d5884a9d9e69ced6a6a2bb924eeff

SHA256
dc46fa88a130d0bf25c7e9fe26cfb6a1809a2697f17003eeb532dbd226c63f0e

SHA512
6c6cf76b7818fe906d854be9cb86e0f1df755e872e511f6ad930502938234d13607299fc2ef0bf247d9d7b9838913a622bbe611ba4b53f62765162d36262d543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
0461e6db6a94b93031dea69a34049b54

SHA1
2ff3f1a89ef8640e7c59cba483a43cd40a6086c6

SHA256
f0474c630051dc7b431a605fd72878360571d3630447071d39d07b8210e16e31

SHA512
44f5975637b1318383fe489ac1cb7ca3a1302e018dd6624f4c345ea72768d711cbdddce400336b409d64ed8b0505724733df7a5d2ccae3424ef827fcdabc1d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
9504a7e8227b941f8ccdc864e219b4b6

SHA1
675c22f4b0063fd6c6aa557789283f2f09091917

SHA256
adbb5ce03a137a7d760a4e01b1047475487917c2e8681308fcbbfa0392e71d36

SHA512
d8fdec1d38ccb2077de850a7d7fa9ea454db38672de34114eae64ffc0b360a2607efa0d2625a47aa28b8e1133adda6bf6767cfc26bc06dfe0c1213e07035f79e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6945c253333328ed80a123662c54b399

SHA1
bc336d9385e12df7f77efafebd3f6c7bf9a0a173

SHA256
17352dc73376d48395d6a9da2d8d2589cb01a0ef1b457a2eecdaf21d68745e28

SHA512
0667456133af3d43e5be994cdd8f148a9756fe9964c5e237e5ab8b7f95e3e6a2ddb683daf76f2f30a20a5f09c2368c8f74864939f29d114e913802f0a7373885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73f9bf270561c8cb696ad09293d3094b

SHA1
8e87ab9b119b3987e1b10f13b44db732a6e0e482

SHA256
ef4c35b4f4bfac89e62145bbe377807f093009cd36f240477bf986168bbc107b

SHA512
4074b407ca89abf501fdc4f730785cd4d8004e25d759a6c859aaaefe7da078d9edc1fe5b6db1d014815373060da92707dcb83e7e30b04eef69dd65588be8c418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
deb11e5772efe7a7a11546c61d4daa75

SHA1
856ff40976dc3537f6aaabbf4fa0cd542f3a4c58

SHA256
c1d264dabefcb9c09e1e079d86be04c9f47cce88c00ccd8b48f248bb5e15552c

SHA512
ed6b271336d0ebd61deffff50ffd90beb571b70a66cfa96bd1c59b57123816ed8e3c0a2c25fb14369b843b659c3d2ef9ec581a65ee56453148250d3e3b155fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e23ae8b44d939f60fcecf4e0a67eace

SHA1
6cefb3fa45c1186368dc0f6b5444140f2cb36b6a

SHA256
2adf70cd5ab2296dc711c71779e4fbc537edd52b6f740ed837a4df08dee2d97b

SHA512
98e4a60337645cd48c841d4e1fb5d5ccec81d30e87f91cc1de5e8d42556facd80c96eb3fa2a1d57a366c1dfb2af8188870bb811f437fa18cbb1ac2e29fe4492b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d7db792ef644199662ec2181f9dade9

SHA1
c6cadc116b847ea1d15e54c29f18bd77fa41bb2b

SHA256
c2f0f4844d1299c97a235a668ac1542951a168e257f47b628ff29a35727abb87

SHA512
cca8b8c254a052cc0d473e0ee492ce1167e44ec278dc2ed1e2fe56fad1ee96b68f99476f0f47e97d9a2515f42e76159aaeff68d8c67e0c55400521cb5913f13e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25a059d5b1d0e9e463294e92fbd2b33a

SHA1
f23206a41f5971101f41d3414902305ffafa6e18

SHA256
65a909f88ac7b0fa0078e196f6947d9b581865dd60e2a8cb2c5f5a646bed1830

SHA512
57f5d22746935ade8ecf4a2918c1382859abe45dbef1f59c9332d270c7f49a0cd08bd423189cfe156c1c4f907359a7e0a801e7e02ba371ec56c7294bcba01aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c4e32b37f237ecf0f468664412093975

SHA1
b4a5f3d00246d815f2b0c8cbc70a96afdb3a7b93

SHA256
9bff0e0a0dfaade52ccc7a198d2cdbf3f5e506a0ba7ce7b0b37aba2722314e9b

SHA512
c06ab6bf79c1abebb9d86352d284c0452c72d86a74dfbf0a43ab6b4aabd6dc20eac82816fc6fc65f5607b817f1768edb8c0e69f64371011806b34851dc1e9798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51eac97d7fd3ff9a2c58f2fd5a7d3457

SHA1
e9f9d7db2a680c2bd5c7542d128bcaaf165d5f2b

SHA256
7a037d16cee4d0175ac5221bc98dc9b3a694865bff14c84da78a909e19b07990

SHA512
e61200e5105d3e1635e17da78bf4674fc903604e41b35cc0e88788c3baf4f1ddb630e2367d49bbe60f11871fb73adb47d3d4676659db341b01835a9e590e482c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d63580cdad78fe1ec13765c3ef370c80

SHA1
06881352b8255ed7dc3c66e6b8ba7eddea6e07ec

SHA256
deb2e6484ba76faad30edadf2fdaf865826a229c86f6ef6c07eda68df7adf479

SHA512
b64317924d788ecdb8c5cb2524bd02beb69d66dd799945e27e842861e9e98f9a0bddd07fc3feccc44c2e80f2e29316fe76b86a540db3bcb2027db6a8d79da81b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f303e8879cf571cc9b2008fbbbec0f4e

SHA1
321fc106acfec1339aafd151e3f4d00de546284a

SHA256
58bf9ec9dbecb8ae7fb55760128ec0c528ae77beaff661cc11e0bc60bf5ce106

SHA512
0390ef8b27551b7a5e7c6bfe6972dcf7f268cb5c7c5e99f7aabde4c53c3042b8d0bd8ee78341bd1c478b93b7eed9af9c06899db916ed38fa066a60a86164464a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd4bd161e15965841b2b6c11cd89d0f3

SHA1
0af5e07ee7e78fbe78457d2355da149a16ece09d

SHA256
2e67ee85b9db4f6fb80e9ddbc5c80f21266120840368f6f30cab6c9c9b691f98

SHA512
6a4e137f4a906472b1399ebdb2d02290231f198cf1ff03e3837eb13f81216fea6232429a23201d29c00f57e381408b2a4aa665b2944c3f4196269c5e34e4c2a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce891bd73e70ce6760bde974594aa504

SHA1
cec77f2e719c5d9cf8ea4ea18e9f052ba70a5fd8

SHA256
bd82cf6afa73a6fa664f4c0205fc15881ca1d48ade72d975615e7cd319b72efc

SHA512
415ba40ac1ea1812ed22431ce0ecf597c896b3a40aa3f88f6b752a616ff2aecc591c89a22dda0654c53f7719c29a114ff1f4d2617af1b0d7651e40e43d555ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
a35ea6328aac282e1ecc75f9bd660cb4

SHA1
f3b64d92b39d150ff73dc5dc00e0d23c2ff81d7e

SHA256
c774764e106629c27e270954aba0fc2a9ed1c2e02e3e1e5350830096bbba2b98

SHA512
4013a0e199c4e32cde7a79cf416bbda26d04853004f550c0bd5ee6dae2a1dabdc4655a145c42c42eaa516a756ff701d791ddd6c458dd5e69998bf70497085134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
39b802eca53071fc76f7a053fb0cce03

SHA1
7548ae7627b9533ca7c28ff1f90c4c15d1d11140

SHA256
f62c0222fa5b9197691a8233ab3559a75e4c4898f3b84f146ae74c1bc00362ad

SHA512
30751d0957d3c08edfd762397cb260196db78713cc8ce58fd2ed2b611af49a555acb9697331efaef3d8c65b2b34a9d36ffd181c8a1928d4550fb533ace1f1e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
c7cb1bd0cb0f0cb358d4e0a7900cd6d6

SHA1
0558a283c6ba7e7d996de2799be5245067dff6e1

SHA256
06f5ba7ef5750b4b378785acf00899bd8da6d8aed23f8f76cf7448e058aed963

SHA512
cda595317196a8c43f0cb1fdbbbf8c2bc34696c87005d40dc25ecc78667ff521c9bd3523d502c358feb455d9fc009296a85347140ed12480658f1ee421642636

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\a1730842-528e-4154-8f25-ce296c94d03e.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\Downloads\blueredgreen.mp4.crdownload

Filesize
2.5MB

MD5
6c08c8a5ba29635077ce16e51b3e17e7

SHA1
056fbd97aeca867dc316789e60b67d66cffd04e2

SHA256
829cad14a1c6d5c57b4411b55476f87f330388f4f4984067006f1d8f0e261897

SHA512
36e6218f27248ca2831f2de37f0e7b676f6e16c759cb87d6235b36d117f8b3ba37c2c3e76a424f0c2053f480f4026db550bf5c188ef3949c73bc4f8df6af3bc6

Download Submit
C:\Users\Admin\Downloads\blueredgreen.mp4:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit