hxxps://github[.]com/loneeps/Wave-Executor-Roblox

Resubmissions

27/04/2024, 22:41

240427-2mjs2aae5s 8

27/04/2024, 22:37

240427-2kagksab52 6

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/loneeps/Wave-Executor-Roblox

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587313309947750"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 64	1108	chrome.exe	83
PID 1108 wrote to memory of 64	1108	chrome.exe	83
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 2668	1108	chrome.exe	85
PID 1108 wrote to memory of 3736	1108	chrome.exe	86
PID 1108 wrote to memory of 3736	1108	chrome.exe	86
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87
PID 1108 wrote to memory of 4976	1108	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/loneeps/Wave-Executor-Roblox
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffe3eacc40,0x7fffe3eacc4c,0x7fffe3eacc58
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2576 /prefetch:3
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2128,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4800,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4840,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3828,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3520,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4928,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=1444,i,15161756451636515621,8819030706808295062,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3908

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a562a99392ba7224f79d538796989500

SHA1
2529396b4e64e9b83ffb49ed192eb71bf78580c8

SHA256
cc6114fc2ad98273d48f85488c8f7abc2f1fd5bb9e2fe82a4f3c04656fa2e3fc

SHA512
5216c4b8f3a182dd2f9c9890d66d1c5ca435531c9e4657b1747ee3769b93881c3f79dd1e3eb155ed236c5075eef50801cc255d88072528db8943e3a9569f66c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
697936dee211ddbbdbe5cdcc0d77528b

SHA1
45785b5f98b25e09c53f5366add534fc46389aaf

SHA256
ec80b270397ab4df3901353b9082d679fc0e6ebb94bcebe15e83c5a7db10efea

SHA512
eb2f68014de3cf6329569cd5b414a72da75e2cb4885da586f92c8c61a8abd3d070bd1f09c821a5a87090fcd67b43608f8cc3436b5e3cb09ba183a9c3c0392410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4ade78b21425aa24b5cb74948e2ea8bd

SHA1
0bb57aa699de34cdb52b6af16ea08a318e4bff9e

SHA256
3659085f84f6167f61cbd61f09e5b51ad10a75de1129619e6520aa7c6150c098

SHA512
65ca693bd59680ce9df26be6bb7bf2cd5b5acf10b6d42a2665c42de42e1cfa18741a44cec5473994d9c7235e10e8942cb372ddfe810f029ae4236f383e3a038b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5ca6a7cb3c5f5eeac81a3139c229373

SHA1
022e0cbc8c0d898e543bcd48659a6255565b8f33

SHA256
515cd93fa3970258e86477c7a1e27832130e66a2cffa2ca124372af6f8b4110a

SHA512
7cbf79af2a33d8dad76ccf5bdcf0b4776d41073ebced397a8d53230a4f3d090e7d181e55a1b4a6d5c83494baa09d39b40818ba62cd3c05d4bc324b23b32419dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
42ad2689628b28031eb023e3088ce601

SHA1
d40eb8ef5b64a07b3b03b5e3a187fcafc0382832

SHA256
482f00595d35c582545ffc49cd10e04f2ab45f19f82ddb33fc342e1ae4732bbb

SHA512
5fb9e2b57bb79df7088dd5d2db83ab8a8d5b35e8f217aca37a51b22cd46415164553c1448230d5ae0d0b6a07e24fcd84ca6e056c6bd843680e30bf2f928f358a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c499c74b806235c2d033f8d20c77bdae

SHA1
261d695f5f388dbdd60140f9669a5629e5f32904

SHA256
453183ba7974ebd866dac3dadf61aff8232a480fe335d637e6dec6e8a183cbce

SHA512
a729f74f6d577459f1b988851121e20e665aa6983432a4fe6cbf522a20f457bbe546c7d255e8a95f424de4c6fa292cc4837be1c8ac56e1391446251c4263b950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00f171072642501805647afb40a265d4

SHA1
0fc3d52b3842257a5099b876ffe570f520bb7126

SHA256
cbded63c423ba50495713fc2d3a1e5843a6fe9f0f3230f7bd7e07483d2f0aa27

SHA512
7ed7b1204b0f169457f9286c33d29ab5d560879ac508b2bc45a9c44a12143dafb1aa2fefef4ac2f52161d052717a1f3ffdb3bea5d76054361e27d613f7bf8bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4268974679c8a4d4996d062ab30b21fe

SHA1
d7f3566875db2f861c88fb02fb61e612029b1282

SHA256
2d52c0b81347bbdd0bb63634f5d0e98bccf40838fd9872669c0564546c916b5d

SHA512
e4beb57e5757bd6f22165363ab54b00dbabe7e406c4a99ea0145bed705510aee5b8e0e3363ffa17c53c5a54b03395d9321ca58cfc75284151aa7b43cbc595ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d73881f6414a2d7534fe7907e7ba7d66

SHA1
f20074f1d7800d1ea0db5f2c9040de69ceb1961c

SHA256
78ffc5bac7b41bca05210b7bd976e3cf43899031fb8b5f0e67d8b180f5d1b688

SHA512
4877e06c8c7992d7e57696a520b220261c7b984be831e8d6ec833035534a4e5ce30ed010448684ab99decd74ee582b14b81ddd64d3178474fdf2a68f280f1f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5404757817584cc3568fb357acfcecc4

SHA1
15b9b9a99bbddfcedbfabe412b3f1a9559ea3308

SHA256
c5052eacc3254d52fa5747b36d4fdd6278c0a405ba9d712aed4df841fce12923

SHA512
c32a95d29b8db71cb05ed3366670853251e00e6076a1e7bc6276846e4c90e2a3a8ce5baf606c3b53f78bf9953dc3a88f728d7adc55df83d57ae27a7aff515e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
17184d93bc09ac2d30e0d281e8512e2b

SHA1
694656035593beeee6d7d4d1cc0d82482a70241f

SHA256
68294d233b9bdc40ca7b7f30d87a7a6dc5e2b230275cc41ea0a7e89b612a2a4d

SHA512
68a954521383a96471f62c41d18c44f582a5e57cd0da588e459aab53e3fff948827b3063d867db885be25690315ba0d0262e029506e24fe3b48515ebf82b149e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
6a7b0872e1e3dc4d371525c5c5db3115

SHA1
9b029eb167e3a1e032b22ec4d1c9eb209dee905b

SHA256
a078b8f09227098000491370071c6132ee5fad2dff270025b3d9bb0c71fcc6a0

SHA512
c9fb3046483d01fbcd0683bf9c12d2ccc41ce967670340d844e4cbede6279a3bc3bb4aa61507457880379cd316e4270114677aeed98c7766352c46df583a0c35

Download Submit