hxxp://roblox[.]com

Resubmissions

12-04-2023 01:17

230412-bnhdgsac3v 5

12-04-2023 01:13

230412-blke3agf33 3

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2023 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2768	4272	WerFault.exe	83

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "54"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{15C4A0FE-D8E0-11ED-9F77-6A765FEA1DF2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "54"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "110"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "21"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "110"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{15C4A100-D8E0-11ED-9F77-6A765FEA1DF2}.dat = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "56"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "54"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "110"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "56"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\roblox.com\Total = "56"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "21"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.roblox.com\ = "21"	IEXPLORE.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257428664717065"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
4940	chrome.exe
4940	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe
Token: SeShutdownPrivilege	844	chrome.exe
Token: SeCreatePagefilePrivilege	844	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4936	iexplore.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe
844	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4936	iexplore.exe
4936	iexplore.exe
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 2316	4936	iexplore.exe	84
PID 4936 wrote to memory of 2316	4936	iexplore.exe	84
PID 4936 wrote to memory of 2316	4936	iexplore.exe	84
PID 844 wrote to memory of 4580	844	chrome.exe	91
PID 844 wrote to memory of 4580	844	chrome.exe	91
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2908	844	chrome.exe	92
PID 844 wrote to memory of 2596	844	chrome.exe	93
PID 844 wrote to memory of 2596	844	chrome.exe	93
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94
PID 844 wrote to memory of 2088	844	chrome.exe	94

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://roblox.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4936 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff8b34a9758,0x7ff8b34a9768,0x7ff8b34a9778
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3324 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5176 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2748 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5332 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5484 --field-trial-handle=1832,i,884754047307708685,10178285543615629754,131072 /prefetch:1
  2⤵
  PID:1072

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:708

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 400 -p 4272 -ip 4272
1⤵
PID:4776

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4272 -s 1768
1⤵
- Program crash
PID:2768

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
2KB

MD5
81ca63a40f2fe36da84e7afd0f041b58

SHA1
020427225a9a074bdb30b3a9cf8c4cfc82e218e4

SHA256
0a64c0debcf7ebf65ee37a7a5bf8b1fd5426dea673d713bf69ac7d729461394d

SHA512
988fa02d533bfac297bfce2e6597ab9139fc323bf6a78fbd57007fe20335db087f31b29ab7901a6161d3c6e1f779aafda1a9564ba8cd145e1f56e11307e266fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
1KB

MD5
d5cad80a08e263cf20717106064021a0

SHA1
7e0d5dd995208ff9cc048a341a4448e1aa79776f

SHA256
0d2fc7b48ca069a6a5313a65067cd272a42794643f36f8d1593aa025ce09e72f

SHA512
70dcacb868c5f62204bf806d3d529c63c6f66c40d2152d3a3c4324edecfb11414b51700c9bb8b5a13054a7d1044d8ba739065bf9f9f157eb2416805192f6c2a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
b785a0656343814c9b8c2bfcca9d2004

SHA1
7b7a76bb40050fa2456e9cb185188d3e5d490032

SHA256
404d9c40a41c1efe69a6f1d26d00cc0a852e33332303229280fc7ae708cc871d

SHA512
9226baf3ea52a7a3a953d7bc5b4724c5199ff2648e0ea4d52181dd92a76abecdc8c5e1d7ac2654fad0ccd45450d6382fc292c67d76553baf7c986251ede5355e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

Filesize
1KB

MD5
0f2c6826765dd8171a2fe025f5d5d12c

SHA1
7f13dc605b99b9d2c7b2d5b1d94aff1f07167ff6

SHA256
2f7e042f19f0246ede928ef4036534fd8900aaa708079e225f0a992b4fce6341

SHA512
c95ca20a6c16996ed83d7df1000c7887d06728f88326e9540a066c92ae4eebd84348a454dd635044fa27c5dc43517f2ae1844756622e5df951488aac6db5b433

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701

Filesize
472B

MD5
cd555665145e903e203af025eb1963a9

SHA1
3f7f187b326e555bb58d0022722dca35b7793ac2

SHA256
ac762404a40f8956b1deff4bd9df48f142455e10c09d313bbc7d2b19bccfb601

SHA512
da1097a553aeb3e38025236ba9a66f8caeb3a0648f77f37038a47c8b4d3e5259e12f438da8036cdd4b4846820477eee8f92260273e653122afd98b812d67569c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
f568c03259a003758875155901cf0e6a

SHA1
bac1805db675256b0b6a0be08da6dcfb68fdeaa2

SHA256
d629106136587bdb11db5b28773bc51ade283785c45200bd84243a457df8a88a

SHA512
dd388d73e17f20fe1db08d806e110c1e30f6faa04dd12cdeb134d0021e1ccb4a64975f2afea4abb8b6a402e75b1954946f7588ab90d85764ab0a0b0f67a05fa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
7dc632be2a8663f2aa7b257a9bee45bc

SHA1
98a527f2d24ae1a9bdbc4a06f7f67a66868d46ef

SHA256
7a7e0a26682ada1723bb57e00950dbb7159e90c074181b615471edd02eb1f323

SHA512
78c0bb237c5621d2ee4bd4922e3d8b80ba56600c773074df4f90f6f645e29e41610f691a5f21fda98adb21a27a1fb116f8d9071c01e372111082a44c6d429e7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D61D04EDA4B8EF30FD39562BCCD956F5

Filesize
939B

MD5
2f3477667199e3784e9a1a68184e2491

SHA1
e9f189f29ebd637d6f2e86f66b4c50e031e391bd

SHA256
df0e26ba7a1f146cd7c7091a8421a40c66c6eef376f16e09b8165f28e71d4924

SHA512
13b092d8754d332ae0356b7f7538bfdf6807d29287c82d50562c7d7307557161bd373eb2a4026225a3f40d1ca438ea08564462fab30200f81c5ebf519b59b5ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
1KB

MD5
3e4050c764d4eba605ccbea8fe2b3039

SHA1
c33cb0da560e9f2f254ea6b670c716881e2e8964

SHA256
b2e4115e13de9f93719297783e9a7e5f0354e4f0b0c5209906e41a227a58d40b

SHA512
23af151dab9b55e327d1673246dbfa7189622f93ccb7f975374daf44fb1edc42a690ffe113f6f9e0e37732e845e6c4ac33eed22193e1117169981dccb4779f07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_77D862BC7369903A953BFF6330591309

Filesize
472B

MD5
0752126b5b2bf446dcd6a51d9e2cba09

SHA1
c0619aa8e1edae69c12ceeffd376d11bf3ccf177

SHA256
528cfd30137d278c62746a0780163a3dedec6a4f0a9b96439457dae564d0b0d6

SHA512
e9702eabac09f30fb2272326ef6d71ba04171c569d223bd41ce48c50ca4be434ceda6f740706f934dc3fa4541fc372382df7bf824098d2f1302b6f4a8b7ab20a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
488B

MD5
1a6335f344d6158b82527ca5d9e95c74

SHA1
fe34b332e1ea17e84168bbc5dff37acb96bb26a4

SHA256
b8751c60b726a0fa2becd2c1ae0fe388b6ae6ba612f97ce47df7de27a88fee7e

SHA512
63a1fdb41c34745fd53181825434de36b6e75d4a35a4aa994a9968a5341eb046df361f9f2ca162a2fd3dc12426b782f60b4c75e812e60f7714a0843852aed557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
450B

MD5
27d42f618ee033ff1e3a3dcabf9f7c38

SHA1
1e3ac48ca9bfaf2ee3c55be5f5d96a479d2866bd

SHA256
d75209eb84a99d84db64f2e6e1aed0df42a8404fa54151c69fc9770e87ba6cb2

SHA512
58c38f11b94f8806e583c6c23c23f16ef527fb2fd1f178d5b85560ff46b4760a72058bb1e7f8108fc2a27f53758f5c342e1d7f12afbda8981ba443b3234b03cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
05342d32366efeec2c4702c1d4a1beaf

SHA1
fbffa150440e1f85cf2799cf9d60b5f75176f0e2

SHA256
c739c47b2d733b8cde6e22a59e5d3a35a30ee3af69a888fcef4703c90625c1f2

SHA512
80ed9486b6cf53e3265c54bc9fc8a46296bb4d0ddad0e48e83da5c42daacc956311340822ca73ee2b720d53114fafa28b01c8466386ca5adc2461e55b916f48a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046

Filesize
502B

MD5
5c6b0e02f0971b78a5cebfe60f44a30c

SHA1
c400c56047127d0dd9d9e99a718dd0ee847094d6

SHA256
da8de04ac065e658908809b9d95d2d5db712b44e8cc829eb346895fc523a63be

SHA512
fc2898d507a471ac0d6212d958e8ba4ab4c52384cbd53dccb2d48c774406ae1582b529b5f0e8d7b8997c841c6690186d8c43b9ea81764db1bb4f6822eb1bb857

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\72BA427A91F50409B9EAC87F2B59B951_8188B0251A6967A35A03878927DFE701

Filesize
496B

MD5
c9afe98443c051db7a5bfa07051cdd5c

SHA1
8318b46f57fa47cbe3f6eda74a881f13f01cb568

SHA256
00957ef66ec8c18a923733233559f4263e4f442b8bd0b9f8b2d008d98630d2fa

SHA512
aefb0be2fee5b9c672de4515244ab658b8832512942d9a0024cdec27c37562a427feb547c197e726e5702b2094ab52e242fff00c7bd81103e78120c7e3aa5720

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
4cf78158a3d9c6257caeaf7cf207e6c8

SHA1
f43fe340d318165b349d5de11729cbc61b659b26

SHA256
943d11f1abc9b0cc3e4ec63c684b01d3086b0c66ff04a791ae167ad6b326e052

SHA512
1750b24b962492519afa61b2b770f3cc1aaabbb66a26493f06359a9fb0b77f9db06faf8ec4f4e6f91ddd9063e90d38762e0ef6f8e09033d264f78ea51ca1aab3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
e3ce860b269352de0a7f9beb1618dab8

SHA1
20ef3db590b3d5b4915076c5f29da41511c9cf89

SHA256
4416bfe6c8dfe78961a263b5ec4490aa310a20a0c3b0958597e2ba7c572f102b

SHA512
ec73c84aa47940ec9f86d5bb1db7a1cd1d5cbfd00090307008b1b67edc76caf9fe267d4b0ad762ec371125940c73f042605ff266b924e063e231822f96a0b416

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
adb9580000cd2f841b19268a86c3746e

SHA1
c6bbd838920d950533e739c0f7e04609d2927e88

SHA256
1cea0639a6f6759052744c251b0d58780349ad1ca08097a602606b1fe97587dc

SHA512
0df1ac7eea3c1e6ff9cd64a88276ae16242848f16a6a0e91dbb909bf0ead47c5645d9e9497db17d06cefa7536021d346a7130d34fb009fcf588a30fcd0da1fd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D61D04EDA4B8EF30FD39562BCCD956F5

Filesize
524B

MD5
533280d76f3e2892b343d37ece392fe6

SHA1
e7b12fa540660f6971bdbb3c88b42f77675ff2f4

SHA256
7ec5d833e58b14b7c092495d431422c1121892126ac3cf92143bea4737da7294

SHA512
fcbac2313e2cf510e4ba1f5e9b07e81be695f3acb204b40862a69f70e1adeba95ee94a0e208dbb374c8adb95de0f531575d7b763f3a235c712127173f1421a7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
458B

MD5
a59109649fb87568ff2e040792875189

SHA1
fa2be71580a657a13b7ef59aab6542e7aeb9babc

SHA256
5507e2c29a682c8f9db80913246150fb6a640ec95a8d0ef6ac83e127f622ad9b

SHA512
27255166fa54b70eab92dbaa2a8d477962eece43746875e74f46f27141fe79dab2e514393dcceb1ef8f9a36bc98cb5c10a025a1a41b23ccfd0356bac5b8a3496

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_77D862BC7369903A953BFF6330591309

Filesize
406B

MD5
ae388c31191fbe13d2c6538dbaf8a22d

SHA1
f66dde283691a2753d1514d21a6afddb6bd19d29

SHA256
091aa6e85a15cb97a4976fd9d8a563347eaf5af7efd60d22cc62ba7d5319a919

SHA512
f5ddfb50c764dc1e7693c224a0449cec49e0d390db8891d1c043c00f803717607fb79c4a895d045a1f04cf5cfa4e8eb305f69abd9486309bc1fb25d085ac7b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
117KB

MD5
044aa2968817aa931541f010d683685a

SHA1
8e9f3f4b305056e5cf2925f17d4d02a909757edf

SHA256
6907a6a7336439e247477060e5f5472364386f5151a7487519076c71b8be1b3a

SHA512
dd70e489d1fdac8c84671d09396f990258b04801dd1e1aea3454b1ae78e4a51a1e8a974ade09cd565ca9bed3ff71f9b384b571c6c310c3d0412ff38df566bead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
65KB

MD5
07513ac75288b5e0a905baf6ca3ec9a3

SHA1
230e73201b7fb10f8adb723b615d388fb1c7dc8f

SHA256
276e8956b3c16f3a247fa4c6b0484929573da64aacdcd2b763856d6c85dcbc1c

SHA512
76e65b26ef976f3df7f09dab7c58381e019d6fe640be277eb455ede4c9686c358fb984b1a4a3dd3a6797e7c3e5aa6da0c6bd5cdf7e307d9a55e61a620a36d18d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
49KB

MD5
c12075d6afcfce79df001ecba960cc0a

SHA1
f11913a40353bc451298b24b47642c65d591c2b8

SHA256
3d738adbbd4904e038babeab34d1481963921df6d8e7fe721e84649f1518cf05

SHA512
b4732bb0b6c5edb0f9d42e1f3d3facb8752c81bb70c3c7982ab14d7380b2bac31c367b77a11163592a511ac13ef894009846760a0a1246eaeb9df11c6408132c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7a763b3e4b63c526ba2a42da251d83ca

SHA1
1fd792512d66caa95e9d903f536300052b12a929

SHA256
3569c5d751a080aa16b68791f61401a17314f169d5a31d7a01735ed2f0601ea3

SHA512
684d8462d356c51c487e59507f524961737da2e8f82cb50964a52064494ce6a397834e47939b657ca7f1eabff574bb42e4d9385cda36cf4c0cc8ef220ab12288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ebdecb6b3bd8b6080e04d6e5f0e13133

SHA1
e0c2f9997ce8b52d594b1938e05c0285628cf77b

SHA256
bc1090c4fa75b19a5e8f28cd43e5358c04b1295d75f9701b358abdf328f857ee

SHA512
11b94a50652f31918a25e69c748b353ff2600972d813ab338254f265e24081b9a5b27912054629e99c45976b79eefd61edf601a800563bfabf6ab32b66343455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6945c3f9ff353fce7736facabac765d1

SHA1
c3fa954f19bd4510df6329e5119009ea730d8651

SHA256
bf676ac597b8fa38542f4a0f678fb0eb2e0430931743a45ccd650ffa8cb3d65b

SHA512
9b550a4ff6040469f39c6134761d86f064555374c8418486ae3ba2c9c926d853c361a439eef80858e1202419fdec11e5a03c363e5ff1a0b5f1aadc8d462acd80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c8533e8e35d19559f8924e8de87daf05

SHA1
eac82f05294fb671df74e5e3f85d5d9269b59f82

SHA256
64085ec2d0e4b3ee6e973e677717dbee25bcf6698c7ba417aa8fe6064e43c5d7

SHA512
a3ccd364381cfdbd3115cb3b8604ea230815f83814de0aa71d61b601e9a5d3544008d3d30e92c21a3a9066bf8a368d427c06ebd440f7c2840abb48957348b55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
69a2eae0e7ba4affcc892bed7e876b34

SHA1
0efbc498e2d2c85accfd0ff321073b8c276ba055

SHA256
56350a1f70178ab9729c5f78f1e8a8e26b35386ff10e59b8a4bdf6f93e88f4f7

SHA512
6f1c4524b74ff206495c1bc57fe0d38a8bbe22968e09d528169cfc730482933ad544ad88f4d685b1562bcae83d3dc9d409d7cbd9cf7f6bc5e9ad524d480951ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d424b8fd51e7f0b4116de8e093248b3f

SHA1
37b24cbab48cebd2178146eaa7bfaf31edda1504

SHA256
d908cba67842aad88659b6842650e661faab53a97d649f89cf1c946550a243ba

SHA512
79ad98a1ea1ec98ee9ca1c233ec540f5f425e104f9c9f5abebc101a2a071010c2d4b67def947aafa0d39b9a3ed3faa439a1eff8eb0541bdef6c60e7cbbb1008b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8371dfd8371929d08fe806bb6ad37c29

SHA1
0a459c0350e453ca6d5ee678b19d8b0e425b10dc

SHA256
1a6fd56473eb317a9f40957fa7fe4c43ba75f00fcb16d12faf22a6ac86189946

SHA512
6d08f6bd3efd343aab88c0e6f8cb405d2953d7ef8fd502030b9a19ab7e1633948ba0e103917adf5583c55d92cb373abc2a1f65006c2c19ad383133adfb43a20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ae7bc105b4947872ed7674e1dc5b4078

SHA1
21af01b4dcf979e23401d460d0a0f092dc218e92

SHA256
b299350faa7f80aeaee7065e00d11a6ef1b85f8b25b0bbddfd4dde43fa0fdd5b

SHA512
d18de547e326c3346da243f6c15d484540ae25be7539c370d388526786e982ca12abfb21249537f995b22491f530983d960a71a63e91801c5cedcb8994f68f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
43bb12b8908061be1b1f0c6b31e71f5e

SHA1
6c7953b3a18f4c810563eb5e34b720f84e06bfa4

SHA256
5862e59727a61f01f4d29e7b85f80428df12fd2424018cbe34e3ff45e2e50e7f

SHA512
94c1dfa75bcd028e071e78936c79cea89e2a62722b59610f8e0c7b5811f617df254e4990ece5ea483db66b5d69a5511e013fcff380e8dd5a4e617bef7d18b598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
92a880a13a4726bb62bf88cee95896d9

SHA1
aeef6cd82326c36422d6ebc260771e61ae881c62

SHA256
6e8248193fad6821fec9e1a389728bb8f8e8aad5a7416a70591319753875292f

SHA512
7ad9062cc7f462a47aba0d82abf6d612aaf6f910f4087bc8fd441f4921c1749d551db2099a646cb2fc44e3e39b180535ad54ee30014497cf5fd0e79a8e5690dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8d2423b038e09716ec8445ac8f35cbaa

SHA1
8bd79bb4d0fc1906c3fc310c46969f7acd222d23

SHA256
c114bc067f9bd171aaf5730a988ea40315c618c66bd32ffa4e9bf800ae059a08

SHA512
909157961e7de831025ef5150cdd55eee1fd586b63b9485470a3391467dceb1839623a62bb7b7fc31f1326b3133b39c0c59c8a41091fbf25d689bec1c9e2d3ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
40fd5ad8ba4f29ceacf7bf5fb4367862

SHA1
44301bf95f1100ae71cd3ebc2a16f9c67fc6ce15

SHA256
a25f9d557285551cb75bdb4f7dcd06e3ee460698459e1cdb498ac8c3882f3a3f

SHA512
7446d4c159826e55575239f463918fa86812edeca930e5d6da7c48c71f7320c4e70df05db7fb3e027041095a887da46140ebbfb1d11bc927c3285312a24dd0d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
75383b416c7b56610cfb323f706fbb06

SHA1
4bc91b6deccadefcdbaeb415fb67326950c9dd37

SHA256
b8c0618d03322796b59ff9498f8dcd557adb8ad68d2adfcc413b47f04524afad

SHA512
5bc168fa32579f6fa2deed7dfafff81e766682236343ea4b92a0c38562928a0f00617429e2c48b60ad0d1a4d5e691c6c35f5cf7d1842366740f838c585b73bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eef5fdd5a9de360fd18e6d347b844fe3

SHA1
be50a23db9f575152102c47f9c332ec501cda84b

SHA256
e29ff32cf1ea6f80e3480a96af6a939f363defda00f4d210e9d2ae2e9ed81bc9

SHA512
025b8da2881542d9707ad65bf0cbfb32adfd57e9c1ead0386bd45832647deeb7fc9ab6146efa408c9a3f41dc16db54f1621932d56a6cf924a498906a36d6c86c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
abf398d364c63e32f732fea3655487c5

SHA1
4ad3b20fe059cb7cc80b1e003c0a4c11b2e7abb7

SHA256
5482101ff9072c679e5e05a82bba1d28182ce20537db221d42f810da6fc32488

SHA512
51a2991a9bd63258ce0a42956cfee810d07bff02654e6f40982e351493035e1b313800ca1b0a9edbd879fa41a8da0a705e4a1a64e95ab8665f73ecb13ed86681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
ece9a4b990d014de6171055564012492

SHA1
1719a582b80607b4dab9b25a9e60e6e09e18352c

SHA256
fa3b6389de4458faa043cf452d1727bd15f94284dc9d4ce2e848ba869d3e6873

SHA512
c37301c42bedd9c9663a0402a8b07ffeb14a16a328001bc836a1a84cb72d33fe5b260d825aab618fcbb0b1cd6519a8e4cb04bfc69fe30ee6cd57d1148b06ea9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0807c3d98309b0e41a1434912fce9be5

SHA1
763e22cdffcce923982339f2ab772ead8fa40783

SHA256
e92eb2813ac7a65c2f1732ff2e689e8297cb104ffcbe681b98ad5a60ef1352fb

SHA512
6ffee09a6b4cb28381b034da9666383b20207065921defa3170226ba571ca22ecb01e24f9586ffdde247dbc10552e5903f0e4b6cf6a246bf82638d4d26cbd25d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
816869f58a52c3bccd637565199f4584

SHA1
68c98017de80858aba7f2b51aeb47377e4ad9f88

SHA256
f0602ee7cbda6ef940c46725b522f9734f1b4af30d7880617128724afcf4381b

SHA512
177b35f8f2193ee84c655f6ac14ff29083968e46b69efab6e0a91c4f864e5b35f406180d310020e8ccdaf87158bcb0c609e093e1608c853b8d9f225c8668fc2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb1c8b1b21d88e587f1487c22fe5a1f9

SHA1
9c283e0dfaa446dc1a9499c086bbd4c23c9ab35b

SHA256
df173d5be3a4f0ee2aa46049e8a8233ed225d21f234314bbf9e3e8d1c5f6a83c

SHA512
765b94b2038013ba9ef6dda3cf37f2bf037e9c459c87d967778d8eb484581432c40de8a02f28364c8786252e5cbaa704d450d0576f3f02043882ae41b65bb695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ae76ef47154bac7612890e329e80fd09

SHA1
f1e8bd558c697f9fac71ce4873b7c0b6a197660f

SHA256
8f047b7c5686eef5037ad55db1d0d07c84054d26d96322a4d6c787b9d466bfff

SHA512
18a72c022f0ff1e39f5a2a55ef8f20f217179f9992bdcc80f90d2f27dc4c376c04c13383459c3e60a9e7653b1667e69ed841db339fd6208434a9e670331534f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7b76967752de53b7eaaa2c59babbef48

SHA1
d81b0eb62c1422ae7dae1c80b07e8c5c7db9e01b

SHA256
481280e330c0ef1dd93ea00e5e0e113ee4760b1a75244302ff0b03a0cee9c83f

SHA512
a9b2a2e39eef6b2637187cd13017d80aae4256919ef503aed1cb183552493659151df7e77c5ed32ea2911f135429d215e7c6454ea6e8e28ccc5d145118490bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
5e202fd0859d90c2f6270edf0f4df65f

SHA1
880a9e9aef1c49916528a2a1207a5e314ea7496a

SHA256
48adc5d85583b6295f036f1c22362a28720362c0be8fde5718aa62c9f1b2fb39

SHA512
8a24cf2b8144f4c101f14f8a6bd754499da9d289eda2df065cf8e1c64c75d55613bb018a4697372a8c54785d128acd5f1a39c58edb690d3a496c57196d6dcf86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
16bb0591d16db12b000b5b8aea49a8a0

SHA1
f56a4b1c447f038313ed44d603b34998abeff503

SHA256
44da4aa152dce99eae4072c823e58961ea283aafb5650ab18452fcf7bd14bf26

SHA512
3f78bfab497ba56b40b65f8fcdada150279e72526aeb3cf800ca1863d6b54242fce5e69be2eace153e639f8caa7980e096826b1ab4232009530fc5787727da0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
1170c0bbeef0069a529cc50544f56890

SHA1
f4bc219b4de321efdbdb7a6b1939e21b1378f40d

SHA256
06b1796606b78fe26c3077c50e9ea718f4581c6c3ce0e0fc59860f0934d9607b

SHA512
a93cbcac9e9d6e0ad0a900c66d032f3e10ac11c9270bff809051872616e160dc88dfc22366e2b200aa55890410bd345e84d76bc415852c62304af35261971375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
fc92011d295244a7e1cb3ae1e9fcc9f3

SHA1
6da83d691effcb5b1895186271904b64c43946c5

SHA256
16b195e16147a5734c818784e58802fadfe657a4cd0af39f461d5affc09ad22c

SHA512
95db57e1b448fb453bd58b48ef2dc0673c393e11a0fa20919f14c9cbd2696abd4b099d06d044a92429e62b626e58bfe3044dae8cef68956ddc635b3ef3ac94ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
86a0c8dfbc16cfcbe3ad9b8e32c92942

SHA1
8225ed9fd2b981a6045ffe489355cb63b7e9e046

SHA256
afa760dd93f48f01da741cbedd2a53ddf42ac3e54080add6d60ea12827c03681

SHA512
8aa793fde3a351122ff49f3698491006c6258e5e121ab0c280cc4614dff53ea786e4adbf72abfda5787d394a3d11346addf60c7dc8d0b1c3f7ec97eead8854f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
867915a6fe3d023ad132fcab37acc99c

SHA1
ebfa49f4c29cc3d711bfd411646af27b40b1eba4

SHA256
f2346c19376db9c9eade52d19989ef83b2c0586c7af6db4e39ccea5529d74978

SHA512
2119ce7883a9ca22baed8abe6d87ba0f84ce812cb6ab2865010cbf8a0c0a3d9efc80162ced05186ee597ce8c2e974ba9007b205493f2f022c6d824f7af224ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5749bb.TMP

Filesize
96KB

MD5
2dec4f83a10016fcb0ae317efa5fe3a2

SHA1
8e7e45c41cf1074743c4bd285a19f3aec41e4e16

SHA256
2808844f7f6913e68899eb01fc581ab4b6b0f7f1cef632b7a25564e22e7014e5

SHA512
1d13703fb626b36ade3a60c334fc0750af1ea63b4b6414b91610adee46a79ce71ce1efbe0e06348dcdea0731e20097270208ad41d4db526dd09db302ebfbe892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7E5Z0WE0\www.roblox[1].xml

Filesize
260B

MD5
2580b5214f1cbfa6f39fd1694ef1591c

SHA1
f3872fc92e2375951479f4a7a0da7815a9b9a0d5

SHA256
f06fdd01f1465f5eeb5ac29fb26aaad20ab20c18d5b909daabdff2624099d744

SHA512
844ecc8196f7af47ef4fd7855f6b6e4798057fd7f01abff94ce61e34ea560151f7110e7342c179758a649497c3a727564de421b33f4e6d889abecd139cd4d48c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7E5Z0WE0\www.roblox[1].xml

Filesize
209B

MD5
038c4c0a3ef5eedff020d303ff5eb450

SHA1
f334f0f4cda65a5b77e285983a519821c870e1ab

SHA256
1ce5c6582a2025d0ee1991cbae6cec8775f5f9c4121bbff02637fa63155f6b42

SHA512
1247945a363413c144e286b84b862ba916ed5e7fdf15194b2f9a5a06e79488571cb124bb62cfcd39a496e4ee85a1dcb5a104aecb8f390241699ec4f042aa14a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit