hxxps://www[.]roblox[.]com/share?code=75b679f92e00db4c977ac939b5e9e4a7&type=Server

Analysis

max time kernel
129s
max time network
114s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
11/08/2024, 13:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com/share?code=75b679f92e00db4c977ac939b5e9e4a7&type=Server

Score

6^/10

discovery

Malware Config

Signatures

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678569333782932"	chrome.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 4832	2924	chrome.exe	81
PID 2924 wrote to memory of 4832	2924	chrome.exe	81
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1784	2924	chrome.exe	82
PID 2924 wrote to memory of 1548	2924	chrome.exe	83
PID 2924 wrote to memory of 1548	2924	chrome.exe	83
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84
PID 2924 wrote to memory of 4556	2924	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.roblox.com/share?code=75b679f92e00db4c977ac939b5e9e4a7&type=Server
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0x78,0x108,0x7ffc408fcc40,0x7ffc408fcc4c,0x7ffc408fcc58
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,7883685463088745382,5967588327739122785,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,7883685463088745382,5967588327739122785,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,7883685463088745382,5967588327739122785,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,7883685463088745382,5967588327739122785,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,7883685463088745382,5967588327739122785,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,7883685463088745382,5967588327739122785,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3840,i,7883685463088745382,5967588327739122785,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4996,i,7883685463088745382,5967588327739122785,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5196,i,7883685463088745382,5967588327739122785,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:2288

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:868

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4476

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:960

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" SYSTEM
1⤵
- Modifies registry class
PID:1544

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:748

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:1984

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7dd232375d76f3ffa44fe7fc8a698cc0

SHA1
8b3ffad2dac0ccec5cb99a7cfd5aac68d56eeff5

SHA256
2839895a29d230c432b9986d90e89064927655d3122e3086745346e1341693a8

SHA512
7f12e6ed247150e2266f90cba8afc07be55e59689b6e808a14a8ebf74f5dfb2f7308b3f7f3d532a7cf86fab1afba45f3891449bdf716acdb1ba074a451567a6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
777ca448ed5c054db448291726c68b04

SHA1
0c2572da991c6d61ef56137a5e35566428f85366

SHA256
0915ae9b34f4f999f638d9f85183ac19f08d96ed5ef55acc8e4327b1520c9a1d

SHA512
6a9b0bc500e0f8d6cf22d848178b08a83e357b3f6547f730998ac381f09f78f1e1cf3d1351fdae8b00466265006cada667157a4373267da4116f70f39cfe4a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8d6ae1821fe975c59c9f28c82adf0664

SHA1
0c0d43988be8544b160511f46619d18b3f552f9a

SHA256
f31027c3c3019dd02c9aadf243244af4a28838a4c9fe21249edd999880800ffe

SHA512
cd7ee65c400929838c8facf9fc651e4a838b8ee70a572ba752441a3682fc8512362a2c52b18e5f321cf020348e7da1fd8d5a3cf428ffb7a370844cd5fa8f24cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
efd8b5fc0e5171c6fa906e89d3ada83e

SHA1
0c5ba6a0b0c0dbda35eda74ece7deb34e83b5821

SHA256
76fbc7f9fc8ada97798bda8e6730fe4b48cb7810e8f615d68b904c9f965011b5

SHA512
689553e25438ce3ec767510ec336385210ecf52612c9217ebea344b50e5f2373748959f5522d98aa7cc5c47dda8b8da0ab1c8a4d457b80aeae8add5a65e55e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e07043b57fa0b1b2aa1b5350ef17fa32

SHA1
931f86ae0e38f439562843cf50bcabb6f3cdcdee

SHA256
ce26e7194d3f1da41fd75674f940f871aab453ee4edbad92a1944efd6e3fc2c2

SHA512
056eaab490937a795745add2e1389c600c10e3c3b2cd7050578f6753be47d10778f6ed6a1f480887a24d424668af1ef7f09e4916f4d38ed4201f364517d4c000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c1961a06d65ff0822cccbbdfffc5a62d

SHA1
43ce026f30f98d9633de375bee60e4df733ee470

SHA256
74767359e38a5548ef046c7fdde6cd9f14d5804087291f17e1d8ca3909026578

SHA512
bc6c8ff7893159be5a10a67429c100f21574d4f0db6a4feeb0736173d3b3e4971cb4d173c531ffce0a8df5712abd1347ac9c0370b54674728319dfb8c2e76560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96eb193ae410d0ace768b7f5a7ca061d

SHA1
b13a2803f1dc76dcad749177195d2db115d56db9

SHA256
1ab8d516a158519d2d2743e54ee57cf83fc9dc6bfab6e310081f5fb0f57f1eed

SHA512
06559aef488a0bd885ed950bb29bede656a1bca8c89cb9fcdb5ea25bc43cd61a5da6a7f71819428a8d2d9ccc9df0ae00fca669f4be4115578102dfb7f3f204c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e71f072ce66d15027c2ca182744aa5fa

SHA1
6fa854ccd181abb377fb2f5704ee6c55356361b7

SHA256
0df6f3afca86caf7e4fbe6c21be0b8503478a019eff32cc04614a7f272ccda63

SHA512
9970cf2465fbcd40ef19fc228a6cdb05b232c4635e85b016c8deeff04f3bebb2e6a731c3fe03e1acbbf7ef1d5838718f74556186ef447bdbc97c5805da29336e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f4b9fcfeb235415ee43350e55f383450

SHA1
7fbfc78ae9bc9efe291774a4d270c4446ee82d09

SHA256
ce6489524949989fd866283539c81c0e9e5e8bf1a0ae6e86ef4aed2c1b0fec61

SHA512
9684a28438b1ed3358ac14bbf87b4f4a25d0022a00d3c029d869f007148552e8aa4e4ff562b647e62f8182655b6994075eba8062d904d1564050d292959d2221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b4cb00ab880ccc9dd380309cb73d331

SHA1
741e6f96b8260ba03cdb209c80eca22459e4b840

SHA256
88db77297a48b1a45bad21802fca45ff3111900c14662b1c5715364236cf08e7

SHA512
b82df6de8eff5d4ab01ba8dc4f725eca78603431792f4c01dcf412bd3d16544b336ae966ad9c700315f88964811355ea11e4af18a2ec6d3ac4c4dec38a666f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fb4433cec3a5ba2ed1551b3f436ca57

SHA1
f4c3f9cbb5241574f5ace888e185a178e9499500

SHA256
9f316f31937220a55d74864b3582e9231af6e48fc14a3826c2b476004bc75fd9

SHA512
1ddb47c155f727aa6f6e9239261af3c888e7efdcbc2750044ccbac355ff7839c74f18c7518abfe125a0a1bb5ae0eee61102f166946075365b358709cbfcc391b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7d527d34ab422b28f07b08369baeee4

SHA1
324122d5bc4741d504daf907fd70af555cd5f4ea

SHA256
89e00e7fd08aa23caa45abe276ddb9181de132b91d47cf61461f1c887ab47ce8

SHA512
413190dfd1bd926504207ea522b0541952f506ad548a7ebe8f2452906328a4ac13257c2eee49c071f1bb4a1e2eab3b15454d847ba04af44983099cb518a07e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2bf1682670a6cf1b08b3f09142276f92

SHA1
59266ddff766c7486c60c76a90cbfd91bb6588f4

SHA256
229675cefdd1d019b6d7d08cbd1bf256d3699b8e07f649b382f0fd7f688862c3

SHA512
19adae6e39b3de0baf20519de7193aff852e002011ba5599fd43abaf97c1ec3e6f243e48ee3ae9b420e5b49927007f4d14fea2fac10c759b807f2fd93ee0327c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57421364a6b709c1249c9b2fc500fc29

SHA1
025d30a133bf3ce3701b7bf270006cafc1a3629a

SHA256
822efcc319308fc601849869a055ff113903a46c284bc147ace6310bf9fd6cca

SHA512
a584a39159a7b3316d10e31290701e78af1b5dd0603741b60a669b147595be53963da0fbf676fee86f94bfc85d63a5a861bfe8f193cfda80c383990fc0dc1e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d328aaff87ce1be904d4a11db22bbb78

SHA1
0282fef436cd22730f3a336120e9e983d7f1ceb1

SHA256
7a8096f4ce8c54eeffaa4db968c9c25d281d1c8104eeb8a4fc26e8e1f0ad3b0d

SHA512
89393b540ea8b6c4ab458f7bc98bc4b8434db62b2d612aa0db454670eb8e17f339df796c11c402ac32798330fba10f07aa262d6e4d02c3473c4aa077e2db0cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
60c34069090bea5afa8241530598df8f

SHA1
4b59fa1b6dd3c0b1faff8c1abfc1b6d4e3fe15d7

SHA256
a3a785d0ff3c0e00702847bd8dbb12010b780606c80b13dc2a00b7bbab4ac30d

SHA512
365f8baf77d722891e4af047ec065034e567ea3051eccb915badddb0cd005f9842cabc9d7e9a6572c9d1f411a6300a44fee4a0fe12f59f7bb4f98c5a31a97740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ab34faad8733bdb6885a61b989df5a5b

SHA1
12e0b9f81248ad6d31c1741961f4dac454fc868b

SHA256
266a9e31804a84d5cc491da93184a665fe0e703bfd32f64e30cba94cbb204984

SHA512
2ed0c866b2154344be29d8d69842eb2e2881e0c1a3be41c40ee02476f32fbb85c5db53db50b4f38f721dfe4bd3b3c19f6fb7a13d5f311f4600f3d440576e9ed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1592fd403a7f593043975dd907f5bd09

SHA1
951226a6b9717ee80ad32067620736d558bf221d

SHA256
63cfe313d1e8b6d6e961da3901b64ccacacda37d5cd4292b223f970f774aa2aa

SHA512
0bc74dc98fc649ef3849246b8295a4f85c3d94b1554c3bc2a741481aad23a95015436c9e8b2d68a48e578f56f5f154bfb775e62beb3efaa40d02ae76e4bbe1bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0ba289e1eb3b5eecff8d1afdbbdc1441

SHA1
204be5d502bef277bfe6abd85403d3b81e0bc073

SHA256
a2bd07435e2a5b85c49fb0b8c32c7f6a3217807c846fa05708cdfcf6ab73923e

SHA512
4281b67ea9d13a1b18ec5d747890f3c30b771afe3e5735ddd7541a54f7a1c3d6e0d8e069a34c5a27b56b21a081706b02179eaf937d08fdd063a6b7e6ddc88053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
8e6b424455a10af27f14add11f2ef70b

SHA1
20c546fb2fcbfbb2f7042f0b1d7787c939ff5a12

SHA256
6506a080cc3f47ec288c218a4f601949b41c1a2c7dc1a50f946c0384082cbe75

SHA512
62b619dc8cfe20594db8492c88046c65dfe152b7e4f3c127d521f5d4d5211360de5f97af459f2d6025b22c7034b88584afc9daa123fe9b2ca727d13ba2339264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
7fcce710e24a12e4422a1a4f9bae23a1

SHA1
361a1433306524fc2c189e7c81d8e2ca7c611e79

SHA256
c401d3acd8cf3517787be7a33593a9e960f0b2e0700bdaf986d20a1d1c89404b

SHA512
6c739719a2512059a2d39ca60fdb915ac8912e98fcfe932afef626234f4a0b45c95ab2d3142342c0c2417cd20d36e344ca4336c5dd39c388a84cc9ebda77ac96

Download Submit