hxxps://roblox[.]com

Resubmissions

24/02/2024, 15:34

240224-sz3x1agd9t 6

24/02/2024, 15:27

240224-svt5asgc8w 4

Analysis

max time kernel
1357s
max time network
1352s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 15:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
250	discord.com
251	discord.com
249	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532626622125002"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3538781373-1545967067-4263767959-1000\{3AE30CB7-FDE8-4A42-81C6-219FBAA8AA11}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1604	chrome.exe
1604	chrome.exe
416	chrome.exe
416	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 2544	1604	chrome.exe	43
PID 1604 wrote to memory of 2544	1604	chrome.exe	43
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3276	1604	chrome.exe	90
PID 1604 wrote to memory of 3024	1604	chrome.exe	91
PID 1604 wrote to memory of 3024	1604	chrome.exe	91
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92
PID 1604 wrote to memory of 2072	1604	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd7e79758,0x7ffbd7e79768,0x7ffbd7e79778
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:2
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3688 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3196 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5236 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5144 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4976 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4856 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5164 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4824 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4648 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5608 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5928 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:8
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5808 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5112 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1876,i,3046231520411709351,14379982121645482588,131072 /prefetch:8
  2⤵
  PID:4288

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4624

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x464 0x304
1⤵
PID:4892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
27KB

MD5
ce0b8d11a00256be872539d386e3f8e5

SHA1
64658a28b3b3a52c5332c9e1fdb8875411a4f9d2

SHA256
3a009c2e78435c0b5f5454d3a39090a76111f8dcdb35ae665332afacb6f2d83e

SHA512
06fd4d8b19f485e8fafabaebef5f48217d86ff8d59a1889e3a47bc28eaafb23892fe0f85d4e2165cdfbe70761fc006c0650e7304b2534960ee8962fdcef8cb4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
50b1f3feaf3085848d8f5bb45234a794

SHA1
45b2793469d1302307183dbf7cf2774df47f4904

SHA256
10e7172174483dd0dcea7d042b0a8a08c64c4d3f82f43dee36c039ef527286a1

SHA512
85af511bf43538083290b6878d1c76f1bc36edf6b8d501edbd654d6d7f27231b84672abb1b9f6b357472d5355bc85ad23fcce0f57120e862313fbc4354f2c003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9788380a471b82900742c73630715a5d

SHA1
a9914184b00792c80a87cc5286ed132806ecfb00

SHA256
72b5b35fc914a0acf7883ca503fc05379082b6df4559d848963565978cbd83d2

SHA512
51b7ac0f0188a43ec3796aede09f59b4ac4c0eaec66db99f0dd79602ef897f672727ebc806bdc74d819af1ebaa4d6f2ae347287224953a12e0f4a8a6ef528f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7d8757e2edffe6f6ca972e83b06ecde5

SHA1
e6c8a68ba32e0135187b05aad22682f66b2854cc

SHA256
714b62fd5927407ced6e523f9dabc45fc620bfa44426577e1597ab90e039941b

SHA512
57ec443e5f79033ff447ffc7f3724ada4ea57e3cb9b205f061212ffee0d451278fce3d1a84679d6210d18ee26d440ee843b11d0964533a908417235e6f1e7613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
4398b56dfd24c04a17873db232a1a02b

SHA1
d76260179e598206343700b2a3df4df2603e4a51

SHA256
e92c6c4925689e6102a809f0f35219ba8b7e908f6b2b5c82b857878006e8bc49

SHA512
3da53d7dd3a66466e70105628bb28599bcb538b736c4e78cb002424937f23205c7d11df4297e3ac7c492e57342f1161acf378d06352187e862920543c46776d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
769415174ea04ec3d7626fa1d5d7f72e

SHA1
2b0b86aa25cc1a0b6c8942d8e40de5a01e7c3fbe

SHA256
18c87a5c331af18c7eedcd78cdb75167c264b9755659c8f76d423e0218ac04ec

SHA512
555cf53815cae5f8e0a1155e23822e3e1c43f45619cec17399a60ce8b9ba2cca3a27d4e0b0b432cc22359c2ce0cf28ca0a416107ee14a65e8e29ae40a26ae53c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d7dc0dfb0d7577029b6918b7f8caed21

SHA1
375a04fb2598c2dad0809313feb518df419fdab2

SHA256
f3a6ad23a65fb82bcd8a911d25512c752e503002bd2094bc180e9c30f4e8eed8

SHA512
1287a49133617d08a9354d4bab7cf2a2b6d07dca201c83232e637b68a93c6ce091d9562d915940eff3cebf337c289368dce6ab5e5be0ba4705b37f325b3d6345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fcec85e679b9ef584c2eb944cea40ad5

SHA1
f7544fa62c8cb67acc828cf2c52a373b8c6903ef

SHA256
47a1fcfeb1fcf15e599e1985b973eb2991ed8f40aa9e58fdb72e786da6149351

SHA512
cf68db3c76fb55e945a7b06b467dba073375256fadcf27138d51dfe88966ca1314ac3bc91b77ceacf2194520144262a70b62aa116416684b7a9084cf7ea839cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
052a385809b82838729433d48c0e42bb

SHA1
e9aaa4d11bbf898e7f92449c122fcf6c1d3e9809

SHA256
7ab6034ce8be08c7dc2d13813bac7970cef90fe77a42718075b48139dfb83711

SHA512
f3576847dfa31fefe3ce255b1f4ab91322859bb3c2876765eb2d1635b31d01ea6ea08210eebfd88a5cd39db5cb6fd325cabb2b7fdbb73d203d0ae3d67d60cca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
eeb76b9039ef71a136217761dbff6607

SHA1
3d03103fbf60b461efbe2e7b577a1ac9239af729

SHA256
d5725e749423759581975f69c93616967feb4038f44645a65d290ec47b9896d9

SHA512
96ef22484a6ee881f13f0cdd9ed6d22e21cc1375036974433fe62c26843377f8305b0d2da92b1f819ef0fdfdac0dcbab435ffaed437be31b20512df16c25930f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
4fa4d5e389792b080262d820151a77d6

SHA1
3327096f5bce635ba01f920edf417afe88b34a3d

SHA256
18fc502d3492935741d3f45e7e2e507f8791ef18e5c71ba7d4bdd46674128a2f

SHA512
d7d7257b1dfe4baf9c56972d88dc60b188a71c5a54a6a29984340b2c995de262286e879e45a8e2e2de0eff3e7888052f2643d8e514c569ca5a425e5e20b7c2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa15ac66c8dd204fb5398e79e5385db2

SHA1
2a4c35b7d8eb74a1c921b3cb4725bcbcf1631f2f

SHA256
a7fccc6ef86e1e257a5585e357cd9698beb838de52f882f3374fc78ad4965927

SHA512
42bbbbf8fcf4814993abb57f4fa93f0b82672f5851c7c80902dda5d11b515954b965b705ddc878d311b6bdd625ba8bfd022838756a2e47d76e0557263dab5761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f4c0d16bd735b1dc2c86e42f00da2530

SHA1
e6e0d99773eaa6c5c3a59b1e30b4102d1b5b88eb

SHA256
b995f13f25bc1183237ae87cd46743f5bc0e3a9be047977d9893bd2db5e4c011

SHA512
c24792f438b25cdd7f96f807fc1cf8286b9b7f2763a97ba9f6ff3469c9eb13f01a25357cb0666e772d385a07c573c5719cf1e9dfbc0e87498899ff17ec96cccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
318031629293fbcb10bc69dd3da7bd51

SHA1
368b9955a806777dbe82c36cec96edb4dacdd2c9

SHA256
3e2d28e1ee4678fd70898ee08c7570359d9c64a884d0fc6a4b0695f677c6b224

SHA512
ebf0ea193957c4972e19c43abfd40c1879681c5c689a43028e811b4d05003a6e492ddd63fb61643cbea0884a8f294ca014af8666b4a05b0edb301d0721659ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6f00b069a96ff4fc75a4a45e315a9ea9

SHA1
97eda8a75256f536b0ab9deb01eba7ffeab0007b

SHA256
e7cb4be330da927b651f614685365226b3606491cda7d3d5954a0d7709998217

SHA512
5c8d91e128fd19feb376bab84524007845004fb8d1f2fddc8c3755c836370703dd7659ffa6fa50fe3a5e4ce6361e0e73cc9544ef8b5cca1dfead6971d4b5101d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8d1dbf8c0cf87f9ef4b9a42d261c588b

SHA1
150dccd3e762222374fc1935d44237f1c7174df9

SHA256
ba405519e65550aa82d7007df839076948b1e5d4a7edee62148c0980cbb92cde

SHA512
c8c04fcb672c585270f452f7f95514750c5c5c8dec36af94f042589430f8d34c50e4f0badfce0ed08fc790f01405cc8ddc28745655682c9c46d79e105e47521a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
459c596fe4c84c8f0585dddd399177c6

SHA1
d83a9a00d8d47fa9592eb908f0b7c0dc61f9f8d0

SHA256
bacaef5572923d6a60b19b4cd4f8272ec08f8f7aa9dc5560900087a6aac7e88e

SHA512
fc940d2cf9192b875ba7fd6ac14eb1580a07ddcd9b65c7d87b2ff63ea7bd3cafd0e3fde272fe82c67cc091c601322282d414944c03d003d502cd815dfa577407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
83ec1d4298e563325487dd5ad72ccef4

SHA1
5d728334467ad60bfd69fa2c30be47035f87583f

SHA256
b8851de76796f6d233d95a21bba731b19b604f6d6053c9c8fd5300c9831a8bfc

SHA512
a5925ef19293031d74401dd968d3ea9ffca4147f752791db17e9d8caf23a4d517c94d5aeae805778656416007801d774b3ed394d27f61415a9343ff831031845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c8f9356b8924d84565c72437aa38ba8e

SHA1
473cca31e1fbb2c6c2ef671a8d83de347cdab147

SHA256
fce4413278e03f717dd9ec361493f36a80bbc46ea45a533b36b91b5ba9af15fe

SHA512
677568cfc21ae354f3252817fc8af52b51a4a3e768a4481dedc1c0e366bade6db1691f1b42e24900d3a0db20a86b3c7b9925a501d11dad32e69b63227caa8f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9c6ec6ce9a725a27ecea347fd1a0e9cc

SHA1
e4f0e1632091345b5a99effee00d012f85410a68

SHA256
c800b9236c571f5a034ceab85e3f1d4043c2af64235096e5a131a9e1203e2fce

SHA512
34ae913db6dbc38d524203b171aab4e64aac692fd8b2a65d245b6c5791316c865c0f05c60b5faa30ea253b9131e87d235dc263a280406b033df873995ab06e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5cc0e6017e68d250ca00d2dc3c1f2594

SHA1
67b272a9c2f30cb0cf75bbc7780e1a8ad714f13e

SHA256
fda7fc165871b48dcccb96371f6086aa2b44724ff38ebc2886d81d3df3d528d2

SHA512
aa51f30063ff95b17ad45afa881572675a5314965ae0178fef56f7aafd4b11f5c2974a6b7ddce07642450c462bafdc27bf13df0e70779223915fa44d473c1d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ec00c63809dfb3b37a131b84e5a2ee0e

SHA1
e480387b2a3bad1317693c8cf9b92288bdd27df4

SHA256
13cc1c8067bce9301cd1edb65738835232c0c5d29388c17bc087a5411c2403ac

SHA512
b6679bc456f16cd6ac8c8130dc35c268d841048c70cce6ac8048ad1e86f247e50c787032687843e715a797d8e790ee20d81645e4e15cbbaf7ce43572180d61c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7e96c041fb891f4adbd8685aab2d38de

SHA1
4f38eabf53cfe5642d61e72efcc117cfc3d4f1e5

SHA256
30eeaf7a78167ec743d1829d790061785d520423514d1e995b8099e3a96c5cca

SHA512
bd36a90d3c348528a4a956663e7ef98c96d7d26d4929976ce5ff68e2f874bc11203223710dfd41c7327da19231c3183cacc0462268c9191163d8e130452b1aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f43ac1ba9ff484758545406cef1f78b5

SHA1
f6bafae0572edb083c3b72fcc60cd53a5d3ec0c8

SHA256
eed5ec07d6b5d185cc6721fc876a9bdfa190de77eebf2fadd6bf7cf4ecbe253d

SHA512
543312a6942063af284e38352fb40be77a165ea5476e409d1255e6ae7173a22702a2171d910aa0064ee3b0bb27b8abbdc97a0fa420ec5f49660b3e1b3fb6bb32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f2907fb8c2c6b2e436a3e3b84f6c59f1

SHA1
37b77450959bc9dec58e257261aaee3352fa39cb

SHA256
c528cb8bd844f1092c53c7cf7a95a6b8fe336b1247f5054683ee30a00c2eae48

SHA512
2fabadef6c4d8570bdc5dee5e99b828144f9ee1f0a1636a152dfd4b80957ce4356036b3cdfa0b00e4996d80c61482c77215cc94b918514df38a1494dfdb921d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
651368e1c938d492a0d0e98b79b5b303

SHA1
6afbfea060069ec40789f3a8e61349b479ec38dd

SHA256
5f0866a66a0863b685ab7ac75d7195666178a028ebcdba57e35a29259ce7fa7a

SHA512
341ea8f510e5366f678b899f1431b7050cebc573f1f1bec5b8b3e729fc6bcf8db71d86800df3c3a62ca0ffb3b24232a2b5be60b716bd4a7798ab35580a43a4a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f9e3502011ab279ea76f651ce9a88d44

SHA1
ff7ccd8fb7cb367ec530d3d373716d39ed30687c

SHA256
64c6830605755acf2d7719a148e921295422f55789ee666fa95adfc00a69a7fb

SHA512
4c1c49108a1ca6ab023ceebc689336c886e0ba387f1df7f58137dee554d7874f47dca0522e1d2a59f5669cbd3a8039adc6fd65602923a2d386abb2ce802d0f6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ec0d8e8e-9916-4824-8f2a-96cedde41e3d\index-dir\the-real-index

Filesize
2KB

MD5
d062b981c180faaefe1dbd4439c9e24d

SHA1
6ed2d0923c23848829cf490228f947e0861cb3d2

SHA256
dc5d2659517023806c84c8c041657a5b4b2c67ecece8361f59ee7a81cb76433b

SHA512
a541cbacf985a95a175a6580b17715bfa40b4e1dc377e478ccac0dc9a513b8414588ae7dcb309866d8fb1590b0076e64db9de76a133de2cf03d5629b69c0c037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ec0d8e8e-9916-4824-8f2a-96cedde41e3d\index-dir\the-real-index~RFe5e26b0.TMP

Filesize
48B

MD5
3bfa563c77530a03397d1d865f1d9cbd

SHA1
000ecc85ab7e71edc438682e825b8fa2e47f280f

SHA256
9d971841a6e6df4b29b77f835b21f5a4fdd58fa40d6fb22f3f0fbcba6e3d5057

SHA512
47d5670810c34a4cfb8bedf8fcf87d535ecb04e7d1e626e430496fafc158f7d2fa778c6352f70f97a7ca5baea95a7846ddd6d5e0b6336f20b5fffd69f543993e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
0f61b3839f55a29760ba69421a9132c4

SHA1
80f07c0cb40ed07ec834f6a252356a17c456efe3

SHA256
b46edf6564b1444675c4283ff5b6d7bf7cf48a520f36ce1fa726cc4a64f2c7a2

SHA512
32e1caa8f355c3040ee4a449add35373e2aa1047fd49104b7a41d0c3ea3e384a0686fc7008dd4da0e69bc3412be43c8cbf4c0fca8f583442186816d12bde24dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
76d3455bd5d6684e18d1bfcaa5f624a0

SHA1
7e9e7563857a9e6eadb1f8db410a25db79670f51

SHA256
d4a09992c72c847d8616c6fe08c12744a2cf1915646fde50ec0022ef56c3586d

SHA512
784f5d40d5ab50c4cbd1132de4cdcfe10de29538abd2b15636080e5e816d0154df40e3ea9276964ffdf0ebf1436971d121da63e9b199925bea4a6227d6542c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
75ae49f16b350ac5437126a0bf78f72a

SHA1
dfc29957a741a434a1feb026ae6e16b161d26a17

SHA256
0b7eaed1b95687e498d3a98e723452081806eadc3f2de4437d8739158e6b89a9

SHA512
33ed7f88e1f1bf7b0f0b68baa7276f15d287c71ff3811a4cad3aa8cb6fe352085bd288dede9f28d400e10f5bf31c3e6de4bbd5c59a9a4c5b664e9ef6e75c16e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5df61b.TMP

Filesize
119B

MD5
6ec95fff42a3381372951694469c2262

SHA1
0d9b22c3cbf4a5b421e0e548c1b817ad9dfcdf6e

SHA256
6474de9d4f4b3796fe8a2f47049ffb21895b779ebaeac42f47d460432cb74567

SHA512
cf3b07dc46e1eaef162e8a461dd67afe43806828de023135bb476956bc70fa045be1e91ba943529a1fbc1aef6b294929fa2f342814f5e050346d1c014d8e1d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
2d17cdeb47994e2eb98b5a610b02c83a

SHA1
423b3e094b117447c027b36e67d2e31a648bdc2e

SHA256
fb2aa76f6ad90b58cfc904de4acb9aab7d4f4e4cea33c3af3cac47b23fbae650

SHA512
659444ae5931857964a8b0af67be1189f9156700fecc9942664caccec47bb9d271aa6f3ebc32844c388c30345acf635e4a4e4d41c2db5a380c850658cb5ede2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e7492.TMP

Filesize
48B

MD5
31f69257003997a0340879b001c232e4

SHA1
d287034ca7558b0f8474c38c9786efd3babd2097

SHA256
2dfae77f4c55c1f7813afc1c8feda3a82e6236f9834c06f3e31e48927fdda9b6

SHA512
4c978cd826093b850af0a5a940dbaa190db709dbca29e890ea87a9c6aab065f48aa1419d37f5051c78e34ace66eafee262b90fae79bc0667678c9a46014d65ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1604_1435040521\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
01fd7c2f5c79a2608c19e9b31c91cc7a

SHA1
c26a97b42a70e0eabdd57ef821678d602b01c379

SHA256
8ecf2fd843f0709cee6cf52eb55739a3a518d7a6d35d9282edc5d5f8e8797dae

SHA512
20cc20b4d7fd0ed0a10dec668aaa71e5ab99a484c7ddb79dd61c9b5fa543cb13fa520214c6501bf80b2ac03709f50870ab680fc2dbe18a11ac5e4f69b7cc820e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
1fd82b35e7b49fbd39ff19e3fea910bb

SHA1
9fb323f0bde6dc0d9bc4c38745c9b12e900d6152

SHA256
ebd8c7ec697de46b3af4b477d6e0123b166d0e47660efcebafc589ad431baa9b

SHA512
4d6883b8260777e55a7a4452c3f0157c18ed0c6db6cf53877b548c3078d29ce5f96cceeb4749c99f4a79f92fedd3d2bb9f6c1afe4853793a88e1f84c96dcb14a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
86KB

MD5
f0faf93a6c5e392481cd975e9bc32b43

SHA1
baff4a9bf395c873b4c58c64a5460f8e72741916

SHA256
c806f9eb79ccbe30b8f1211d2fb51771e8c5669c015b482bdd2c1fbd7320f49e

SHA512
0e4b8756b34753e7c83dee69fdd018ffb4077d3cfe421831a008c934d08844f176968ab56cf80376fc9313b3228fd43a6b749b92b3ead81ccd08b6fc16e7f02b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
9ddb1776eebbc2272288fdb13dd2a82d

SHA1
806ad6e0be92ace98473893e44f41beee3b75c9e

SHA256
3904a537bb7a8a7ed3538dd792613b1e157bd7b5eb3edd9db429f970e850088d

SHA512
297437497400a28a730c6bc26828939fba71488acfaa10e171bb67e0d1b0c19431aaa9bf993182d1c6a1132575e694795bea29e25b62ff346e2e000ed2b4c034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
d44a7569d6247dd782703e24431b7850

SHA1
065697b101568dcfda4ea1ce1b18670eec919c31

SHA256
a57c770e50f091d53a2347a37b073d1a8267610f2520b2915caca76019b6985e

SHA512
2dc117de12e5551e22f6e3c0a3cbd1762dd7982133ced1e10f0b67817597a93695e04cbad1ae283438fbd8bb20255133c7d1f6e6b3f56a887c967d9c893c27f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5dfe87.TMP

Filesize
101KB

MD5
18dcc27d6866337465c0053eb099c1d1

SHA1
4a0234218b73a57a4a22575b846b3337a34003e2

SHA256
8fc9bd09032ffacaf218daeb8b178b3832e564612199697806478942ac431f0b

SHA512
03d924e2a7756efe1dc35b4d578cfdf50ed4dc8c71c7bcee871486ddb43201689c8835b22dca5e399ce0f4a77f1f7528bf3aa55e548feded321b6e62dbe35004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
3886245bff39648abeb5764b805adbcb

SHA1
f3d997f296ec6f8c3b7f7de9f2df2f97596b197e

SHA256
fa5f66b7d6d766d151eda135fe4923bc2ed32df91977e13643ec4d93874e9ad6

SHA512
aadac5c698136e0b6681ab867dcae369f1eeccca3460f37135ad904b49d6add83420338216a2fd4c0ab1d2a1209c2680c5c4e660cc0f3264f7e6db0e0d538879

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
463e601ea2783ab4e82066647eaaf865

SHA1
6ecf31682348440ff0f7cd725215d65b784ea422

SHA256
355f9faecb4db7b99802f43558e5067908593880f4c34662694ffc822eaec403

SHA512
87e7d8f951c26b082ec6c5b6da552a750fdeb622a6a23aedd23fc9546d6921b48f050af13f24d085762dfa2dbba7f05901907f492cd3c3cfa6e91b44c8c817a2

Download Submit