Analysis Overview
SHA256
b6d1a666ae9603e2205c01ffccc447d56c1062e467721407b523ac489ee862fe
Threat Level: No (potentially) malicious behavior was detected
The file sample was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-05 15:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-05 15:29
Reported
2024-05-05 15:31
Platform
win7-20240221-en
Max time kernel
63s
Max time network
127s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000ed38d4264c886e78d99a924f2f168332972d3dc67ea96f238702c58781c3699b000000000e8000000002000020000000db087c99c6177ee16e0f4ee06cbe94949527dcef71606b333b39a6c0ae093408200000008479302726f6af69353c8019110432835cf3bc9dcf61ee41ab9d655a076ec34040000000d1dbae54270316f506f4aa449fcbc82513f6eac4d2d1066fadc60f5a8e882dd8f1cd260478b0d6129668cf4e9542725260acb30b65f34d97e55b34f4eeaa3366 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3EC877F1-0AF4-11EF-A5A1-E299A69EE862} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b65713019fda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a96069000000000200000000001066000000010000200000003694ec99178567e07bbac8b7aced946b8673953df4a1102295c3dbfdc3d573c4000000000e80000000020000200000006cabd2a76ea5f7c079c55c47affbbdf24a315267e1c3a9ae63fb79100feed30c900000001617cdab4e700f7ae7c7ae76c71da984a176e4192a24b92c694bfa66386c4db9a56b4dda609f4e638ad08962d6dd7f97168baa89f72617b193bc253c13e9331f48dbdf2a410521d03e8fee15d8bbb0727aeb84b7d5bbea7ca3d3992bfdbcb4081bbcca47830df532ed9ab91da52f4b491a2e078c333c20b492b9c25053fda0008b80d7cc7d0b226dc87cedba06683e1c400000007653fd397933117a9c74c0e11ed0c3f06852173c4cdc94b30a2dc60001689542c7ab71d45cbd433a0f9692b667435d3ee9922504af26813932489611da45f5a6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef52a9758,0x7fef52a9768,0x7fef52a9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1560 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2192 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2828 --field-trial-handle=1284,i,10598232862280588455,10657752175033266835,131072 /prefetch:1
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Windows\system32\utilman.exe
utilman.exe /debug
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
C:\Windows\System32\Magnify.exe
"C:\Windows\System32\Magnify.exe"
C:\Windows\System32\Sethc.exe
"C:\Windows\System32\Sethc.exe" /AccessibilitySoundAgent
C:\Windows\system32\sethc.exe
sethc.exe 101
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | roblox.com | udp |
| NL | 128.116.21.4:443 | roblox.com | tcp |
| NL | 128.116.21.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| DE | 18.173.154.83:443 | static.rbxcdn.com | tcp |
| DE | 18.173.154.94:443 | css.rbxcdn.com | tcp |
| DE | 18.173.154.94:443 | css.rbxcdn.com | tcp |
| DE | 18.173.154.94:443 | css.rbxcdn.com | tcp |
| DE | 18.173.154.94:443 | css.rbxcdn.com | tcp |
| DE | 18.173.154.94:443 | css.rbxcdn.com | tcp |
| DE | 18.173.154.94:443 | css.rbxcdn.com | tcp |
| DE | 18.173.187.93:443 | js.rbxcdn.com | tcp |
| DE | 18.173.187.93:443 | js.rbxcdn.com | tcp |
| DE | 18.173.187.93:443 | js.rbxcdn.com | tcp |
| DE | 18.173.187.93:443 | js.rbxcdn.com | tcp |
| DE | 18.173.187.93:443 | js.rbxcdn.com | tcp |
| DE | 18.173.187.93:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| FR | 128.116.122.4:443 | www.roblox.com | udp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 2.18.190.83:443 | apis.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | tcp |
| US | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| US | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| US | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| US | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| US | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| DE | 18.173.154.94:443 | css.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1---sn-aigl6nsr.gvt1.com | udp |
| GB | 74.125.105.134:443 | r1---sn-aigl6nsr.gvt1.com | udp |
| FR | 128.116.122.4:443 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab25EB.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar26CC.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb0c888c90ef2704c80133e37d124656 |
| SHA1 | 27896ae043b6a38e30b2ec40f7944df0be363101 |
| SHA256 | 1aa294d5cdbb3e9828cda7177ab3f0bd701b2883e01184b4d9151e64871cb1e7 |
| SHA512 | a84f95caeb31eb56950a126f3a83694c6cd87ae4545f750c0985b705299b38c60ce52559831485bbd07ec80704366f12ebee78e89a1d7a5fcfa34aa73ac7522c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a22f53052df872e100d40c97758217af |
| SHA1 | 7472d725ba5c969c9a327fdbc5748c8e0390d60e |
| SHA256 | ee5879cc4740dcdaaa87889477731975fcf77e6d7463344ba52e153284a89673 |
| SHA512 | ab67c9376a3eabd82dade1ffbc63442ed35cf07c5fe42b71badcea050771c5242acc737ffa0526ace4a3d6ed94b94e6761424082a9977cfbfa213c2e56933915 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb397e907d93f05c498bd1fe20f8b72e |
| SHA1 | 35b7dd4f0a44c52cfb85cd50ea1d0d9cdb06f660 |
| SHA256 | 487a7738554b03a8f5f878443f2d052913fefc5c386ae266cef68bf67aaed373 |
| SHA512 | cce102d90b1785e85b1e4a7c123df6246f1099b4c14435c1bbf31b326a163bbf3cb37530c244afa22a79f7364c76e9c08f4855d041980eb06a00dca77a743d91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 808ff031eaadc052fa3df151899ac689 |
| SHA1 | d751a866244e1def2498d9b57c43f6f10f520853 |
| SHA256 | 233ce5120cb2a4aed876ddc12af28815b769ecad2e13d187fe94504316906ad4 |
| SHA512 | 3412276a45b5984f95522c39ba9f5dee0afd60985a576025168f268d02e31f83c3d2268ee2dbb5b89a80fd51cb4b40dca3eb88486a4b13a8bc81aed9260ac367 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c6086243160b4216e939de2345289b4 |
| SHA1 | 82b507bc371049599d15d141e77a8cdd8a2da5e9 |
| SHA256 | 3e8069236ecc6051e5196177024802b9c2118b469f680484f22baef9435946bd |
| SHA512 | 43667d605c518fa034e2fce0b2d9ad4025d96819e28f02faf2f669202ac4bad77d7934aabcdb0da4aafbefead337a3f4cd2c4e1be0cd67f72c569770e22a6103 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f70b3e565b79460fd321f2372ce23b59 |
| SHA1 | 38e0682f89b1c8b6b64aaad4d06e44480cb57d99 |
| SHA256 | 33305a5044106f9e67c2c43e64c8dae7ec30717bf9d484609d56e370039ae46c |
| SHA512 | ed030285f3bef7dc23b5792494f9cac3fb2da9d8626a775480bf36e06de89cf684c6a7cc6df6c022537e110ee2ee6eeb772c657dcc7bcb226860ba4330c0028a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9663b31c162a4ec0c545b1dff36c9bd2 |
| SHA1 | b64e4e46c8f49dd9285a248d95af85290a867d5a |
| SHA256 | c7d105d6cc78af7a997f4d5189abd897dd25a6dfb54e0b6e2d869d65c3fa3571 |
| SHA512 | 09cc1a71d7ec39fdd23d59e96c8a53211ca69664a36cc1a09b12f1308d6a6b578e6436f18d6a8d4533092457eedc3b54e8c1e3e52d08e89ac3284561558db97c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68513563cfb0844565cbd12c93dd47c8 |
| SHA1 | 38919bb2566bdd3ccfee18bea4230afe1e7d56a7 |
| SHA256 | f9d37b530681e8c683492ff0ce46251b707f6bccf2fbb6b14c475fb7f3152a4d |
| SHA512 | 71ae78d7fe2c6eb8eee271204f889b7736878f6693e9bac52b70ad8c022c029c25608007ed81de5d24d9f7bf524f3496f6659fc9a5eaa12e2c45c41fd627aaae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 044ebe56cdafa37446ce3b6abbc10fd8 |
| SHA1 | 4cb78cc1c227b12691d29331d88e74f32e521bc5 |
| SHA256 | 6ce76780675687754b330ae01d058987963c1d010d7ae8499c21fcb2f93dbac6 |
| SHA512 | 137ff7b352257720b1176c92ad13762e423e39236ff1128dbedc8baf3d0d9ff9ae448a4f8e9a44d359c46ce4f725af8ec8646fd954325f3b954817fb8269144c |
\??\pipe\crashpad_3040_QRNHURHTOFESCPKB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9825c620461e8ee6e5d53f18bce8c8d4 |
| SHA1 | 9920ced71fc50185478e02c7e7f5c51f16cf616e |
| SHA256 | b755d279fb35b4d275d78f5f2e40df1f76390cccc8e01e5161129b8400987bcf |
| SHA512 | b00f3ae2a4d4cab5cef87334db20044082be0808956891bcb8bd2d3b75c15af82bf9b6cc355bb3b7d6e16cacbc1923073b529aad4dfcd72e7fd7600472a8a87d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c31a4abdecd15197711fbe32ef17c40 |
| SHA1 | ec6a361732a1f6fa59a0933742fab90f8a12cc8b |
| SHA256 | 0f6e25d3a4c883ae12b83e9aedcde22c32cbb463c9594a811760fb0b0886b3e5 |
| SHA512 | 7cfed2ccab11e1575587709ffdccc6e40196975306abe2ecab8b574e4fdb3c8d7078e50d8d5eba068697a7708c14584cf9feb7bf8e6a97590a1f8ad4266f6094 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 792adfd387648985c50ef074683bd9f9 |
| SHA1 | f91d5a9240cc56d49f70e36f08c69e69d6140d40 |
| SHA256 | 5ee3461878db7d07dd2031e95fa3f2ba3d00f8bf4b066068c3b5e1fad54e4dd3 |
| SHA512 | 0c88da987afe24c10dcce7e3fa7cdf75aa3d7c186ef5119b6040e9f1a7fde329802d6cb260a27f93cdc03100d45d84815ed023de9009a45e07aa88616115cb94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06c9ecfd85773aba0500a0360a25e1de |
| SHA1 | 0ba0ca909b9daa011023aa37fdab8366d28f0d4b |
| SHA256 | 283f0de1731b2ce16ff061730cdb341e6d7b99fbf2aaf11c8cac83f1214adac8 |
| SHA512 | 4feefa7ca585fd9754b981a74f8b181ffe1224797ce57cf3cc6af653e35bc5ffe4b48cf56d2dc1bc7b7a8106f7cfbb3cc41258f1170ef5d268f22c8bcedf7a4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bf30cc9eab2809baf8bcf7215c56167 |
| SHA1 | 86ac6b7fe225ded7b81b7e42b0b7ca5036f8a7cd |
| SHA256 | c526d4091a7220f5a6c9f006aa7f47aa777ef0d97f07da7d8e28f817e869f7fe |
| SHA512 | a4d2dc360b6f786d465f10e29555756fd58d81cdf41d110523d100b34a3937bc87953133824f28723696037ef6136e9c81a1b5119421a2b8f5aa71a3fdc33973 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 354b3fe2f30e7a3b92d2755282d9de18 |
| SHA1 | 498974c75e3dcb1235ed2c5fff3f60bb104c956c |
| SHA256 | d1ffbab86f07ae4d5332e31fbc9ed11ba05ff7c5e104a9edb9cd15d335ae449f |
| SHA512 | cfe087125845417df152e2255b28a6ab13f4f7b02b87c35765c5027af1645b57e6733fd194c3606db7bb9c08659c1bfcba4d938f7e6977d5980b9ef9b3361c03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70a906830c11b7f3dc6470f22019d845 |
| SHA1 | e577d9b48ff16c753db4f7da13c4cb9eb0fe1603 |
| SHA256 | 44f79832598f682f182d5d43d900e813f65fb2e8a886dc535f8285decdfc114e |
| SHA512 | 5124844b40dbee8a1951076bcb04089b216f62d02b5e421c79451fee4789180af4f47f27cc6e7635c409c7771c6c5c6d814aab52b0480283d1c9722ae993b20b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 960287cf3c28f67a33b1b0d66b66f73f |
| SHA1 | efb497899b1f958f77a380de009401020a53d1dc |
| SHA256 | b7386d181a2cdc9580fc4c0a695a1c910bc8ed27420e3698d341ea6bea39263c |
| SHA512 | bd7fd1e4090ed107b0ec2de223afdf8575d3ff48ebf566c0f2f4203e0b121b8cde175084c222da92694c915c86f3853e63ba846f6b15fb2f74671c1070dafe54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3514fec2af9c1c3030cdbdfaf6d6b2cd |
| SHA1 | f5c960e6529a3cd7a5e674477f0e573808a855b8 |
| SHA256 | 15bdde27efc6976468e20bf2ee1879d6efc6d67cc2def74491cbdab8ee546bc7 |
| SHA512 | 36122d8b0bb5282cc37efaf3aba224988ab18ee19e9ba6aa8b0ae12bc085b91001e31909695fb588bce1fa6454a0ae34f92fa95f6fa299783c151e698b465105 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\139376f3-4c14-4f60-97f1-43f831e96fe0.tmp
| MD5 | b44b2aa2c35da6d5cd95e49ece7460a1 |
| SHA1 | 1786370cb1472b938eca5d2c467fb89fda8daab6 |
| SHA256 | 1cd7f778f708a7f23dd7942ce6af1b1f5c5b39eabb605bfe6a674536ed913140 |
| SHA512 | 4bfe52dbb3a5a2c3e22d158b3e35cd115cae36da22847764d6c7fadd5a958cd16198544eaf5cb681dedb6c5216965cff8928b0b26455dd6d4ac40d0160e613b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a69406ae599317937964e68a8ac6b2fe |
| SHA1 | 2fb474f518173bf6b03fc24b457cf399ac1636bc |
| SHA256 | ff17ae8566adb69aa3e92d41072023cce96be33b17fdeab4f1374be9cf3ba671 |
| SHA512 | 3065e9b535a3b18e009009c1eb4c4552ee360942bcb02e8ef03f4ff7d55951f1d818c35556b45a7ee003f69a0c8f183eceda0c6ad9879baa17b8556cb95a3ae6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | c48db15d282766fa2975156c3173b2fe |
| SHA1 | 06997fe9ca92f3f7d1a03010a704c8174dd3cf91 |
| SHA256 | 35139644e00e2fd84a3e473078620901c21d256b70d25c3184ff079e7322e3dc |
| SHA512 | 5fa8f4489f05cb5b6229c62cc49686e227f590863f0f8295a9d3bfdeaa0979f0981e672479da9e7c6ed82e535c1bfb8a723702bffc9c397477ad138adf5c882b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | 793b639f0483074bf878fcf19c131678 |
| SHA1 | b1a2ef0fd4d7944a9519e54e3201a05c62c90415 |
| SHA256 | b214fce2614aec5046a24ad48e5023ae8d29fda0d8c510f6dfa116f684566869 |
| SHA512 | 1aa25f77f1075f79f9d188ee9bb4a5569db406f2cbde550c7eb6c3377d3bbea5cfe86f1328248f8772020a90093c133de90c09cd2e50048fe2d400e807526238 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 372a45f199b972e4117d136a9701e727 |
| SHA1 | a8339d023633aed5f5540d5fe3117ac84dc6bfb9 |
| SHA256 | 131689c5e035f92300d36fabc47d74c81ae4834e7320b3ffa2e074a8daf357a9 |
| SHA512 | e1d6cc8755603eec6b6277c2176566a085be1b7331e8772fe473b4a32d033bc17e485991b6e8a137a6eddc578b56a29d27f8e3d4eb85ad1141cfa5527391f7a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 782fd7d8b7c62d2c338814d2b37345cc |
| SHA1 | f36da6d98f03e80a62c747bf5e623ad783cb0c4a |
| SHA256 | 063f628f132923d1113de31712cf115fc61ddd19bb860e3564a9777d1266c4c2 |
| SHA512 | 27a1feaa8464c65982b5d16eecde758465ab01bc023e5ba66fe720892cf738702a8ef50c45414c6996cd479b53805b71d8c58e875acf674b262deac31b6cf4d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6fc3669618bc2705907e2023be276b72 |
| SHA1 | 9e2ebb64a3a30f5c532c899b0f6558bfef8414d1 |
| SHA256 | 142fb75ceeb93ffd20d4f00ab22846e8abcc9fc83d8dc55b4dfc5412a59b1f9e |
| SHA512 | 81966ecf0361789ffb1536c559a563f62d961c380bbd53c5f9e8dd2a03c04fe0df400b495d9aa7de1605c80f50d751da3b025bac44b01c9964bd488f8aa0d401 |
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic
| MD5 | 4604e676a0a7d18770853919e24ec465 |
| SHA1 | 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f |
| SHA256 | a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100 |
| SHA512 | 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\75674d08-8169-4d7c-9d85-7c5ca2ea0632.tmp
| MD5 | 068fac7ffbbbba47d73ebc7a1de30aab |
| SHA1 | 000ce0b32b44b8c2daaa33823d74783730a225e9 |
| SHA256 | 909ecb7576aec4a9541081a685d90b48d50250bb45acfaadc687a414eb1ce443 |
| SHA512 | 8379c3333ab350271979c693a4e0979adebd25f8d45a76f54174f7143d42f0aa8d5c71d8b4e1616cdba377a0187a9eaf715c6d8e83727fca91d65eb2eec9ba48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5b2f2b0a22cc98246a2a526bad51acc1 |
| SHA1 | f23d07c0f49085ea550ea1692eb484fbca47676f |
| SHA256 | 91af1480086430a32ea6a8c3683533ccd4448447b22c2907bd5d918916718477 |
| SHA512 | fb4f1255f54c63d2af4303b1b772072dc8755a1113fb0e222b713020b6a5ffad3021cfd573437853c0d6e28db108e616129c7390d8cf57219a5c235c7a40a5e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8fd9eb62420dc87e23ed3efa9b7b6c9b |
| SHA1 | dea2b37be93e97707c16f54d096bb63a16399ac1 |
| SHA256 | 611bf0a3cc41790b00f85a904551b283c106b2a5c99f49cbd3e5e3d162f069c9 |
| SHA512 | b4312498f4956e9617392a06a09fd87b0954768539367618ce8a170abe320061489c51bc55a369cc98a124f913788ab562417602a72c4daa09fcd65e7c0bb3da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0ae5ec604d9d383b4ff35b4a76ee33de |
| SHA1 | 803e5e241fe7f27aac2c1f905031e646e217c9ee |
| SHA256 | bd00df13af59756f3d9f8869646101d3c153ee8d62f4de45dd869cef2e884d1a |
| SHA512 | d697242b9e7ee42c9c3406307c27fe8e4c8b6c44f5f8080b7dcac4d4102ab80d91568aafb52aaeefe797bfaa66718f7f065df2fd731998d8b5be11706b797dce |
C:\Users\Admin\AppData\Local\Temp\~DFA3FF6E5E292FC12B.TMP
| MD5 | 2e8a71bfb8c3255989342b60a6599bea |
| SHA1 | fbdb5221a1fa8ee83061d0134debb6e76693f62a |
| SHA256 | f948350c828f9ada22f766d2271ffa75adcf07e3a945209ba722bc0cbc12dada |
| SHA512 | f6b8afd6db47fc550de8f0f09f44a1223c16c8c482bdd31187e5afd3c1a9747836de6a2efdec9a81da5ec5812f474f66decbde97b9eb6f964d3369ac5556ba75 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{3EC877F4-0AF4-11EF-A5A1-E299A69EE862}.dat
| MD5 | 2616404420b159d9279da4fcf4065dc5 |
| SHA1 | fb5a05687f2d8c63eeb16e582d3dbeb936c1c0f6 |
| SHA256 | c40436c224d9ed7897b13e85253f4620f3d48a10dc6395517a74c6f0eebec3b8 |
| SHA512 | 193540dca5eb02f64bfa4be86b68c9564cb111a9c39c6aa6f16eedd6d0a64e92b6603cc1c1e5864ec35913afa324b4f9f9faa905e1690be347ad8b97ccce6cca |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{5339A170-D0C3-11EE-87E8-C695CBC44580}.dat
| MD5 | a0b1f8ee67ae4e02e7aaee364f42cf28 |
| SHA1 | 765888089848e7ded4b6f58344e1791ec45609ed |
| SHA256 | 3e2cc4efeae0f5875176b988e0cfa92836582e99e63b7a1e8869f2adcaa1407b |
| SHA512 | 2c654f73aa64e9190877bfca8cfeb2c43e0b63346b6ef5d1293e16635929df877d1d6795a84da3cd38a56ed655b725c36bad98c160395bbffa7a35a745d6d246 |
memory/2864-1467-0x0000000002D90000-0x0000000002D91000-memory.dmp
memory/2792-1471-0x0000000002F10000-0x0000000002F20000-memory.dmp