hxxp://now[.]gg/roblox

Resubmissions

11/03/2024, 21:15

240311-z3676aee6s 1

11/03/2024, 21:09

240311-zzg4vsed4t 1

11/03/2024, 21:06

240311-zxwt8sgd67 7

Analysis

max time kernel
299s
max time network
307s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11/03/2024, 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://now.gg/roblox

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546649957638440"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe
Token: SeShutdownPrivilege	1392	chrome.exe
Token: SeCreatePagefilePrivilege	1392	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe
1392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 2068	1392	chrome.exe	76
PID 1392 wrote to memory of 2068	1392	chrome.exe	76
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3472	1392	chrome.exe	78
PID 1392 wrote to memory of 3204	1392	chrome.exe	79
PID 1392 wrote to memory of 3204	1392	chrome.exe	79
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80
PID 1392 wrote to memory of 4152	1392	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://now.gg/roblox
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffd649758,0x7ffffd649768,0x7ffffd649778
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3336 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4992 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5308 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2684 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5024 --field-trial-handle=1700,i,7457923288072735264,9888933638819259210,131072 /prefetch:1
  2⤵
  PID:3428

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
6be2f5a5da30578351693ab58640252a

SHA1
8732a06905b6aa66eb467a47b7da5777f51a7243

SHA256
ba665164305513ca5c23aabda8d5c1d8c3282553de0f91cce60265e71d2a74bb

SHA512
30af2e43a599c439c8bd8cadd56ae7c8840a7dcc61687b933eb5f2f4d5712b3bdde22054bcb82725cf683101a2a394add6696dbf3be34cfa7b4840aedbe044ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
113c339b17443a5dd6eb5c895e026a54

SHA1
1b4efdb719c8100c4aafe1a106757c15c101a29f

SHA256
feb0a6efd74e6110bd25ac6d2e931c8c801c5c032137f68811f1348d6844f39b

SHA512
76d0b9da492d341ebec2ef5a06177171496596be403afeec7b355ceba681d9fe6a4d9e5c26c0fc2a627a5e902842f32227fd42050ac44e2155b1d24674191420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
42e8ff74d35d396c483a3d0131d2a263

SHA1
9ff64c9ac165cc9d23d1d223b3c9a378ee3652c3

SHA256
d601a97302eb7af5144c7990bd42ead2826bdcf5cd22433ef6c2e449da2b50a5

SHA512
7471b921da0c00ea5237331d9fa326be48bf5d326bba21eaf96b7be9bb53cd56870d4e33ddb23500b0bfd788d0f0db362f5daa02ddaf5769e05c66889d147fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f3d22bdae8b69f19af8663b47a57bb4a

SHA1
bacf842d4e90566b87f986445d320e925225eb6f

SHA256
a1fab7d1ba4027623b75b7d7b6e65738f6578c25ecffa86fa7ed2c89ebdab28b

SHA512
5ba3ea7efed6c631b7510040ca5cffa197b335cb349df503437f5985e5787bb2b1116eadca66160299b206be2227282be337d6d1cadd1ad6827d90d38cf80e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1e1e52bc742c6df5b873a104075616f7

SHA1
7b9aa31382e85277dd4ac0f410ed9cc917f2fcfa

SHA256
7ed1699a35858f58a67344390c023514a6ca6b17eba1a7a843534985f8a5b0f8

SHA512
17f05a72d4a3b537b3e7d53c6d19fb60bee2df69f33a51e1f3e6b001280c61473f3e9b37d570bd108001f6d7db1c62336dd0a671d7b2a9355da1985ef69caecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f16d91600b975052c7d418970e22895d

SHA1
be68db948c0900c978a0e45b6c3101aca0dbcc1a

SHA256
42e193398a87c5a3d8669bccdd546f27c793b20723dda6763ef3d0b9cd20f958

SHA512
c8fb11f40161ef36a9253286e3bf0dedc1c036b435a42317a49f0754e318a1ee2dd2a3612205cbc43b08d31bd3aa40cc896bb2532dc039d370840232d55b9048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f70097d0bf9c78f59bb85567f1e4d0bd

SHA1
72944200431f18cb8548b04e9c724044c343d095

SHA256
d7bf8a11d65b61977ffa69a2616db8ed706e508b61877d4314fd127af7043319

SHA512
4dad31909ae9de5b63408635bec710199202ba102f0d265893a66fc3747736b33d1c8c31aedf5b75b681a072e119e48b8f39a4e49145599a3858dd0a539d1afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
d412a0df136a4c816821962df5d8ab71

SHA1
2a0a3236cbb896da76738e6057093795f762597a

SHA256
c446a41408aac0418e212f48064f5c4dbb9f6da25363b65533cefb05de573393

SHA512
8c0272dfc2ccd53ac7f83f495f321857826ba83ea9afe441514f405ea9a35ec007c086a7e8b6d111ad5067228fdeb710c3d2e10f13843a88666f3c102187d8f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
9833d9e481469178b7c47724993779e1

SHA1
b1ee78d2ef3efca74e121ded436dc5064a3bb1f1

SHA256
794789efcdbba0f6890a240e531668531967c033867f5683d830cdbfb64a154f

SHA512
282f670806e00080afe18d03a5799b5fdf3fa4bbb2829d17d101eef877ce216e4603707a7455e6d2094dd1185c9f5901c9a25176af0144947e8cfb7783087c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
ac45f25e3219a024afc46b8dcfa7162d

SHA1
cbbab8227e1f9fc31c7551a1aa66d695659bdf06

SHA256
0827b2aecb5d0ca81a88e1cd37c058f231af72d1e035c0d6797283f7d1adddd1

SHA512
86c4bb47d48432483e0a285ba7f3a722947a6e84614be187d5bb6b7b2be2b2c71004f6d3d581159ff812087f7514811ff0ac8cd3ce18016b3b2752a014a670cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
daed27560f34e7286fe33e0cf566034d

SHA1
7b09b20bb1b21f9b5f4b13fd5945c6fa66c6cbb6

SHA256
d07991fba52be1790cdb5f1f0058d526f0c5458002d945cd2e75122b989019ed

SHA512
705a977e9a40a3e9117caf442e81d5a54322436e9321edb6ea67fbc2e194e24ac458829a82ee8a35c46fb154ca1750e97b88016cdfdea87165f86a6e801408a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
731494c79a86378e648f2cbfeca5b118

SHA1
3259f14c9010904bb896008f165d264509670ec4

SHA256
cc0bfdb47c2511604cd849ccfb6486419b6fb940c1ecc7d835a38ce586c90ca5

SHA512
5e8fbabba1b28f9dc5a80a4cecd4bdab2d7aecd870e743dce4c2b7bb1af2b6e66cef19c4eca166c3a8fc8922325c8397fa1c50db4087d3971415a903007c2813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
8afed3ed8f14ea9ae4690ac75c89d434

SHA1
d94b0b4c01a2272e97509de1a094fce9f80f7134

SHA256
3ce708092ba1fb721dbf20605ce17f083cc170e81bb6e83c4c80f58c58ac8c36

SHA512
892fc11a7a637d59cbbadd0897e3d0d2d82a9bb4f1198a4a09b7908cf0c40ec907a309055945327b6e178b0d928a7ea6c0e64d26d23eef668ad98bfb129d89eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a31f72748387cdab30c3621f6bbbfbce

SHA1
9677a5927deff78de99118f512750409b239b855

SHA256
d4c933bf29e40922334f5a546712f3d35b5bfb20a849fb56bb3b826e54921f18

SHA512
9de3dff1d146e67d7fd9e90b99081f9e3ec20ee182fff7031b5d921dbef0211cc9355f92c88405a08799a1e0ceafe979058d4397309ba32701711cae5c5ded78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b65358ae074584b23802dec1dc4c19bf

SHA1
8afe4e87d171a8f6b8e1c87ef001d9bcf10b51ab

SHA256
2f8d2ee99f5fae827bca6f5a241d6316369bde9aa110a11cf1234b212210b203

SHA512
d606c45329b94307b5d73fa055c61b5ebbe4260ad57065d13f8d82739fea97ce06e386e11977517656c3088c7a956d13dcfa8777f9bc7798e4e19913bbd57e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
977a7c18fb03912c7eb28f5c8cb5143b

SHA1
4b62143f4be55bf37ea357594a458a623739eb68

SHA256
c43529cb924f8dc03522faf85c413b7a17678c3279ba63233e3834842745946b

SHA512
94efce9b4e760756a286f0de22a53b9cef55364bdc52998c011fe253180bda7b0aca7dd2fd54ab14aa2db531b00f601aa80ded2b774c9b676f6d2511d05856eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e153898fba9bec43038a5794988d8ce5

SHA1
6579bb4aceaf71724342f629558a5eb1dc3bec04

SHA256
d4c2d361b05020a85481b04db4e9d37cce707e4711e6f2eb289d0341b87a8344

SHA512
a6853cbae2c33a53a96c69fb79439aaf99a5de903e466aa68f2c3f4c0b31002122aec5a7aa0ca38af70f2c278e4c9f33d81782b0aec252c79422ccf7a66acbaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db64c4576e1d01beef2a73f7e05df94e

SHA1
c6a11dd43255258d62e8f8e7850f6b3066bba00e

SHA256
34cd08f9b5fa1d22f2dfd1da784771b4ca07cb8db332becd4811aae9a70a2c8e

SHA512
58b3b6a1d2867a9a36961bab06cc1975e18c55740b46291b97269a21b6f3af853e8d00fdf2de8d9c9d1a13e9e733f42d3e57f33992624427839bfca12ca4c923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b3d54.TMP

Filesize
120B

MD5
ba1dc99750d9350159cd90b076967ba7

SHA1
d95b61bfc41c759a250ca2bd59ea9f78d454dbcb

SHA256
6ba909767345ccc84c5372c63dbd4d89006e4ace50c35abab2d7cfff79fffb7b

SHA512
3c8409210b2966cacf17d9f78a1341025690ac4617cb9fccc017f14f164f928c05b9ca41a412813516db8d95202f1c479425ea932b6114f4d346ad28352fb169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
511f039ee295a7c6feaa250c768636f3

SHA1
8aa985837192f09c17b65c9eb1d49828872384e8

SHA256
3f38ec00057c6772e40055cb1141511b4b55f0c8702968884cef28fff3a7a8f6

SHA512
a73d5356e66848c9db710b73d1c032ad433920f342956ec885bfecd9b39a7b01001530f92370170efb5bb0590ecdb68224c257a5245aa5ccc98a68897a07c7eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit