hxxps://cdn[.]discordapp[.]com/attachments/1331926146660700191/1332017148335357974/XClie1111111111111111111111111111111111111111nt[.]zip?ex=6793b923&is=679267a3&hm=c4334304b421fc850b10d37cb04adcaa2c66a8d39a3ef0194d2f4d3082baaeb7&

Analysis

max time kernel
93s
max time network
95s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
23-01-2025 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1331926146660700191/1332017148335357974/XClie1111111111111111111111111111111111111111nt.zip?ex=6793b923&is=679267a3&hm=c4334304b421fc850b10d37cb04adcaa2c66a8d39a3ef0194d2f4d3082baaeb7&

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133821216863028092"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\XClie1111111111111111111111111111111111111111nt.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3348	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe
Token: SeShutdownPrivilege	2896	chrome.exe
Token: SeCreatePagefilePrivilege	2896	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe
3348	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 4868	2896	chrome.exe	77
PID 2896 wrote to memory of 4868	2896	chrome.exe	77
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 4048	2896	chrome.exe	78
PID 2896 wrote to memory of 1380	2896	chrome.exe	79
PID 2896 wrote to memory of 1380	2896	chrome.exe	79
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80
PID 2896 wrote to memory of 4536	2896	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1331926146660700191/1332017148335357974/XClie1111111111111111111111111111111111111111nt.zip?ex=6793b923&is=679267a3&hm=c4334304b421fc850b10d37cb04adcaa2c66a8d39a3ef0194d2f4d3082baaeb7&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82fa6cc40,0x7ff82fa6cc4c,0x7ff82fa6cc58
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,5342238261902604582,15363444166524058046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,5342238261902604582,15363444166524058046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,5342238261902604582,15363444166524058046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,5342238261902604582,15363444166524058046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,5342238261902604582,15363444166524058046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,5342238261902604582,15363444166524058046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,5342238261902604582,15363444166524058046,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:2792

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
86857c32186de21bb0aaba76203d00c2

SHA1
5144620fbf9377967ef20041ee381908cf94ab4b

SHA256
448e7ea774ac558c89edce5a47d4b9464ac5d7b191e365b1705f5b1ff4d9de91

SHA512
e0e24370f37d9d5755619ea3a394388f5edaa7018652c9474eebf35b469c91dd89c65db612a2bb65695aed14751ff51ab58b5af665368d962dc1e65b80a301b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
eac28b4756a4868bb621664999397d83

SHA1
b9e1a0c6d0e9f2fc60722ad493dd50d37bd13832

SHA256
05d3c01e617233bc210705bae3eadc54390210b4924543e3b75765243ab0a49b

SHA512
10626133f7a537c09e8e48062e3772803877cf2edfb7a1e619a89eb0158c1dce289475a3f39ce57969d0769cd40ad146415fa986513ce2c694ff435940987ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
315b8889747f7a4bd69775da1f86cd70

SHA1
de33f6c67f5633316a89ee53a5aa3bf6108720f7

SHA256
c44240f793fca0d40581fc2f127cdf2ab0b46f76b5a2fcb5c22637d29c4dcf55

SHA512
fc3eedd1dabc2f6b5d3e4d6eadfc9fb143fa8c99d866f619b109c2cfd6cd03ba06c49085ed323c8886e9a38cec9de2d1fb2b4e67687373698f6866327d505bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
112259c7b4e966758d8d18095f7cac77

SHA1
68b8531d7b97fbeb8bbfd9f8c4f7eb487cd21c75

SHA256
9d822ee89f26b643d83180802b157b80fed205686dcf8e2a40dbaadb572df6a9

SHA512
5607ee2f991e8fba32c5c36824d3ddae8f17e8fbebb6dc811d2b22c28093cd4fa62ced6c9b918d7d877fbcf3a04c76fe137663068d2c37356f1c1fbf39ef5b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a47c488944fb3543fb614d5acb2fd96e

SHA1
57138622e48f02cdb5e50554d5b41eee4d34ba68

SHA256
c7deed609ffcaf02e159477266ad5656d825ec17986064727f06bbebc0e8c245

SHA512
5eb67ac8bcec6145c34f15e88f6ac00f1af0179f8c93479b11b67d0b48611529d5b799e392dc27cd35748c67e21e60da2cfad3047498cd639e89475fb8398505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48f4aed333ed8ffbe8cb8f88857e69d5

SHA1
b90f969c5ded2b758ce2e1794eae59650deea1e4

SHA256
6d3a831bf7cae22c7f4e9fb4c32b51822592de9383cb88b9761ab4c18d936217

SHA512
20ef9626edb0fbcc8d63f7149dbd7928cda5d0baf5795123f6dc724b50d219bdb41e20f45ef4db76d521c11455dc816f4a73c70664a9bbe82f5d6de9c993307e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4689632d582196cb855dfe31c4942e9

SHA1
4f39c0ba2e7d569a76c4ed05bc8f1a1510419acc

SHA256
6dd36fbd0c0414c3f53d1921091f03a964df51e4771545793c892845e3d748b8

SHA512
760190f54a9a3181de0764780d84f4e14e960a30b327adf14f796406f8fd0d0ce2c277d4852ef72f0c8bcc29f040afd1af937d1782ee2f3bfed553b457d5575a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
06d9fc08b655f78c979eeda199146eb3

SHA1
679ba1a88c13fb77f490c054ce59d86f1881e9c4

SHA256
ba3db4ab0eb9f74d9f51978fd788311de235bd276711f58a32ff11627f863931

SHA512
54289a34ef35dec43a05a9296a258d6a2ee62d6bfeb137f0c177a445c576c0cefbcb93d5cd2b2f8a7df5ec9e92be2f55148fea2cd248152e764920c7dc435627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
02e79e24485a082e5cbc212decaa2eea

SHA1
c4c07be775f01345f2f5a2045368bb9a41735cd7

SHA256
d8f07ed05a474de5bde4b8929f9ac97033379223adad945816a6e31c168f304c

SHA512
c74b695bcc5a81bfefabe2659fcd54204cccd35ee1ab7cbd4cbeca2e95f85c0702560451ae0238fbf783aac6877a8133ed84c8998f918be1127766caaa414330

Download Submit
C:\Users\Admin\Downloads\XClie1111111111111111111111111111111111111111nt.zip

Filesize
31KB

MD5
4f3376de948a820ca74218602a3bb62c

SHA1
1cac6f0ce53b83c0cc9be1eb365f1143a1f2adcd

SHA256
68325dd270b7644da87923c5028961d64a0e0bd9e33b17634bedd47d6d4e627b

SHA512
ddec447dc9644819a7cfb656778e109fbb1fbceb9913f30972a2cf1ff13a7a4b4d3e54ff383eb40ddaff3baa2abbee9ce723375eeef40e3c6d866cc9173942c8

Download Submit
C:\Users\Admin\Downloads\XClie1111111111111111111111111111111111111111nt.zip:Zone.Identifier

Filesize
259B

MD5
aae28d3eaa6b209d1e073e871de942c0

SHA1
0c6dfc0c16c25780f54b10e44a03bb403c33f749

SHA256
1c3e0f681c18b72fc0bf05da4d3579b4bc48a25e080e08fdce10997a325c000e

SHA512
e41080605ec6e8163faaa20ccbb4eb481c0457a3de3725aea89abf059e3db0f14df3730d7a37e4ae23f3a6ca20e74f4d6d15bb3ebc83d8e677c7ccc91bcfdbda

Download Submit