2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f

Resubmissions

09/04/2024, 20:28

240409-y9dczsaa53 3

Analysis

max time kernel
22s
max time network
57s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 20:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Wave.exe
Size

7.0MB
MD5

a8bd4a6b2f1d00928e61870a5688c13d
SHA1

e17646d5279534f2e3eb0e0cfc8b6c536bc0c095
SHA256

2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f
SHA512

6b5175beea4071668c87b16af3177bbb2cbaff6b28909dc1e09ad5b16b449c62d6adc372a0094de627fe9835f0c474d16708c3f698355ba1664bf321fa19f5fb
SSDEEP

98304:37//YITF8r2n8TevxbFKVlXk34tZ+t4+aNG5Lhd+2G4Op0cN+hmdYkvsFLL:37//1xBVqvG5dQ2m0cN+hmdYkvsFLL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2108	1600	Wave.exe	28
PID 1600 wrote to memory of 2108	1600	Wave.exe	28
PID 1600 wrote to memory of 2108	1600	Wave.exe	28
PID 2624 wrote to memory of 2640	2624	chrome.exe	30
PID 2624 wrote to memory of 2640	2624	chrome.exe	30
PID 2624 wrote to memory of 2640	2624	chrome.exe	30
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2456	2624	chrome.exe	32
PID 2624 wrote to memory of 2532	2624	chrome.exe	33
PID 2624 wrote to memory of 2532	2624	chrome.exe	33
PID 2624 wrote to memory of 2532	2624	chrome.exe	33
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34
PID 2624 wrote to memory of 2832	2624	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1600 -s 636
  2⤵
  PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef75a9758,0x7fef75a9768,0x7fef75a9778
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:2
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:1
  2⤵
  PID:280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:2
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2196 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3360 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3160 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3068 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3880 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:1
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2988 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2308 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2940 --field-trial-handle=1368,i,2920841378108165112,8612485467336405523,131072 /prefetch:8
  2⤵
  PID:2956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
1ba32d86313d55362dc782786d349bd6

SHA1
2671233938dc2ea0ee4615579a3e4f98e74ba70f

SHA256
f97960a7e8ec4520d56ce6f6757461975100a7966dc9790b8ec8776b7a4e9ccb

SHA512
4d19dbd94efa1728280f717b09792db2cb26f49f48d303d3b4ac3934647148a4971d9e76bc34328f28f9d8284b6cc5e5d23b80e57090a0d7ca80afeeec80dcaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfde7f4f8e9d37af2a58faee03346a0e

SHA1
f7e08a83bc022d554380713aa3b72316b9a85c8e

SHA256
90d78807aae39597ecb33fc84d5f10747ca29bf06a63d00c31a0f4f4fef1c037

SHA512
2b64032ff64587536748dff948ee1e32c82220c7343a4476b8bf6e143a4defdae47dc43142fcbcb572440f0dde5d90b261f817ce7894205d01c78ef4b852ad86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90ae2e24f0440801a41cac26d77cb549

SHA1
0075c7477fa6451caefd5f4688ecfc2684e73776

SHA256
4c2e1ba7b8810cf0b4791f81c2ad111f02ae822c7bbf2d61bfaf76707832d277

SHA512
d0e19ae32d3534b7a27c337dde6fe2ad5b5e41d3f23e950646490de938bddab8a012ee7f162f10a5a6103bb668e1f36472a3ff5a7c48166807f3a8f237061e70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ae5f257be8381982e9255091fb6c040

SHA1
764a587a87bb97c60c00671b7ab7f67a04db3fc1

SHA256
628f726ec6f826ff80b203e45ce7508e890f781b0b20c1fe7e827f04652597d4

SHA512
fe89f0ce9d719f0303585f62c5d3afc406d10823f28f97b188ddb761ed560cabb25abdd2240b7e61ff0fa01a3aeb6b298567dc36632977cb828bc7b3aa4d7766

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf07af0c5bb3cb5803c55b40572d12b4

SHA1
eed9b6b61302bf5347928c551547e9a6b56fae09

SHA256
44740b3ffcfa2de1b6ce22446aad9fd44855ca30cbed60e153f8743fcf14a497

SHA512
2dd392ef9fba23cdcbff9bf733013b51971986f0cf8927fbbd81d5134bdd40f6945d43a74ca2a4ad7cf7c3980f0973e5c04ed107a761762b306afc0488a343bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cc59403e830607d3ed2b8944003c86b

SHA1
72c53e85be52cc0fbc9d667c857b27db8723f93a

SHA256
b4dc82f4cb93f3031925336ba1bc0b7e7da4373f65c98a3adf5d964aecb3631f

SHA512
556825a5405912ae001aab4ac163ee1d4ac3fb6678298b4ce4f240b3b51bf3d0611977b702bd071ebb6248a62b909d098c19ed76f4a06d4af85c4f78af8361bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d64d33891ab962e06a68025e86fc89c

SHA1
75b940d2ddc06d381de954d5a84b22ceb2830852

SHA256
85a66c749a16c43456161be3e3ef8bf4ced329a8c17993427795c8cb3727b7e6

SHA512
a719704b3c9752617d4edce2245520d03654928e78c702260a09e5fbea3808ff84bbb3245d289cb8e192d39f9ee35bb87611c50ae081d56b2bb7a64f82b62dd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be4e865fa731500d9a72f0941486602b

SHA1
bfe8eb12fb4bbbdaf74bfe3ee5d708d3dc213a7f

SHA256
3abdfd511eee2c426583c3aadd749679f7f7be2668b0edb563edabc111da5212

SHA512
949cec1e01b397031a8f37bf25c1221b7a31693cb3351dc454f983e80ee42527ac6e8ff8db508bf20dee2b05822c55f40d803b1f571eb4621ebd0c568d8fc1e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
764b84f6170b772bea32556fb1b7e850

SHA1
0309ef68446e266da23e5a750674567eae1c7880

SHA256
5554e34d7a97a09ae9b65d5ced1b306e122c2b019406f0a24614e3f551143c05

SHA512
4b9894be2b090d5449dc97596f3d56a31c409566166f623e920f46a599725dbd5d4bcf4b3c820307282fecc838d55ba6dfb0aa4efc33b71235ac38e9635cc7f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71b314447f489c0fcb46064326c63f56

SHA1
a9e94e13999513ca5280dc9cfea0c556a7a5b060

SHA256
20ac101c8687fff73241b718b235419d60a8c73128e84ea680b0bc9cec8ecb70

SHA512
7834d2de93aba7b22e3ecf59f67a1c91a688eedeab412566d17c6965b42dca767c02dd1a9f6402a15ea75fc7d73ff03e390b97abd6da1c37744ff8ef550dad0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\44cc6e6e-cd56-4875-8ea8-c812b1267fec.tmp

Filesize
261KB

MD5
127e4e6d3b3fb35946421c8568802ae4

SHA1
a90499ceeb0be8e5f9f685d2fb2d39117408c182

SHA256
e10a9db5e8adce03d7b9e451a6f121192c47f9024a970a7ce231cd8ca6708394

SHA512
8d2af57b5fb79cad547a649fbc066235a696056f89077925ab7afa6bfc18a3d0be60239bbc470b410badf497e2c1941e3758d292c8f4cd5979fba3a1f16df397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
234181a4ff55d7f602258699bab32a46

SHA1
13addcccec727847446ce30f7b176ecaa3180bb9

SHA256
5b27f929e879c7130b55a7b1829e985c880d99172b3e6b5846e055368cc49ae6

SHA512
6feecaab0cb7ef146d966f26728f51640fab748b4ee3d7c20a9428a28f3b635b7189bba3896892c7405ee045d04d87c549024f0ed0f183e942baba99426d4c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf76c487.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
166dc3935f9e781b60b9ed43c448c8a7

SHA1
52d6c56582c5d1dd19bd6232768743358cd3180a

SHA256
a36411cf7ce2f475e8ed87b4599e51d4d8a24d001e4c0df947632d5edfc041d5

SHA512
29f52a9150b1282784854b482f3ed75e7e36595df895d5cace8ddd15fe84ec46ceb452d75700359a5630064a8d2bf207ec824e0ecf3ccf4513f850128268b65a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6398f97c748ca759f355ae1b8096c849

SHA1
84b2f27b5ffcefba665f1ea46f4947f77ca8e395

SHA256
078817d31f2fa8170f575b11ce5576760079f455766025fd7d1c41d5be89a503

SHA512
7b8d96e0beabbea27384f3f68b95492d3c79f7fcb285435b1245589f4ab068844ee1ccf7860e2196387bb67afe9f0e5232a427fd2f69f7b06fd0729fece7f2fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
c8b23cdf5de25bfde1c4b043db1e3f0f

SHA1
51177bb6a8427d6c92f092d653868b61981dba54

SHA256
b12515b0e166abee0ddb9afddd16472aca64959625d56684d00c42d2aff696d4

SHA512
1e4b6522f6a7ef23f958effbd931704c812943d70fb526d26c886aa9473b0d92ae8b8cae034f5a0b787c88ccce5d260706b63bb4778711b624a152e8bc946e0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a4d1154996d1c0d0b69fa3e0eccb340

SHA1
1f0d959636143c84889d9a9052d3c9e05af41c7f

SHA256
21e1adcbb96b94e7b6dc0f58fca79a5002672dbb97579d0e3fdfa5da76c458f2

SHA512
64393bfdccc626e1e13a648fd03b80e907656f8c9b6fb2687d96afc001a26c8d7c798f994f375b2e097816d2ac5a1bd7936b9ee8ea1d2d2a74998990be0c2b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fadafd7d05d35b7ca0099d20e3f28297

SHA1
4ad801d5536073042c23dbbfd8d144a139a881a8

SHA256
e622f84643c805cfa7b9235de442da6f19cc3712fa26c9540150e45d191eb556

SHA512
37e29251588e168b298a4e830dc8047f97dda1976ad8231f94cdc6aaf3bd5e3518dbe5111475eb52ba39bdf8cb3aaf5aec2eca0e34f0f114ad8843bd2a999f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5ad2e7df17a86eb6a06ada69288efdb3

SHA1
545135d7eb41d5495847cba36da59b3a6b2708ca

SHA256
bd99f6e41f21bf979eaa9f2b96e541b93753dcea9ba18ca695a1cd647d210dc3

SHA512
72847d737fe4beb4d9d46d2d5bf80092a82280715f2dc14c44f2f2ea420659be851e3596bf040ecfe506f6a6fab44f867fa669b199a38e2c211b114dfe7582ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
e17ba6ce42753cfd4d24284d01b40038

SHA1
142deea638341aa0ee958fb5a66bcea5fa3298f3

SHA256
fa1b72e870b32f631f5e3f376f4f6a20e4f77541a6060ccfc061eea23b6ab24a

SHA512
20641cd61c2ebb6e033afe57c21221303583abd4708f78edff16276bd63f87eaa546b4627af78cb0c56483d34aaf28e221763a744b0d9a60548441b834f890a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar67FE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/1600-1-0x000007FEF5D50000-0x000007FEF673C000-memory.dmp

Filesize
9.9MB

Download
memory/1600-2-0x000000001BFD0000-0x000000001C050000-memory.dmp

Filesize
512KB

Download
memory/1600-3-0x000007FEF5D50000-0x000007FEF673C000-memory.dmp

Filesize
9.9MB

Download
memory/1600-0-0x000000013F790000-0x000000013FE98000-memory.dmp

Filesize
7.0MB

Download