569df3da9319a9ae298c37dffeb98c861bd773a513d99091d02f44cca3d945c2

Resubmissions

20/08/2024, 14:34

240820-rxrxaa1enq 3

20/08/2024, 14:30

240820-rt8evsxbla 5

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20/08/2024, 14:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Roblox.Multi-Instance.exe
Size

56.1MB
MD5

8cf2eee502269a61ff4a23f391535921
SHA1

8a83b36dc087bb4bb94707e1b6491564a1c74c99
SHA256

569df3da9319a9ae298c37dffeb98c861bd773a513d99091d02f44cca3d945c2
SHA512

67ebd0cedfd9528761493f9e67c1190b2ec2938cde35c877ec2423bd2c3f1fc4db494400c8e5ac3f860c0eacf80cf8dd189fcbbafc2a628e297f70b76624f995
SSDEEP

786432:JCME85pzHPF6K6XHj3J+xA+miL0SoTyPUixTp2i:hE8XQ20oTpt

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Roblox.Multi-Instance.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133686378772141377"	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe
3092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe
Token: SeShutdownPrivilege	1056	chrome.exe
Token: SeCreatePagefilePrivilege	1056	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe
1056	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 2640	1056	chrome.exe	87
PID 1056 wrote to memory of 2640	1056	chrome.exe	87
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 1296	1056	chrome.exe	88
PID 1056 wrote to memory of 620	1056	chrome.exe	89
PID 1056 wrote to memory of 620	1056	chrome.exe	89
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90
PID 1056 wrote to memory of 2776	1056	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\Roblox.Multi-Instance.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox.Multi-Instance.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa63acc40,0x7ffaa63acc4c,0x7ffaa63acc58
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,6426774003333266613,17351190873804058303,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1772,i,6426774003333266613,17351190873804058303,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,6426774003333266613,17351190873804058303,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,6426774003333266613,17351190873804058303,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,6426774003333266613,17351190873804058303,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,6426774003333266613,17351190873804058303,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,6426774003333266613,17351190873804058303,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,6426774003333266613,17351190873804058303,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4640
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6bc534698,0x7ff6bc5346a4,0x7ff6bc5346b0
    3⤵
    - Drops file in Windows directory
    PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4960,i,6426774003333266613,17351190873804058303,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4920,i,6426774003333266613,17351190873804058303,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3208,i,6426774003333266613,17351190873804058303,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3092

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\246fd8b9-bec2-49c9-b912-2d167c0c9e93.tmp

Filesize
9KB

MD5
0c414a27bad37554648f87b03857b5ec

SHA1
98d2c2ffc269aae270b8f4ec8f04fc9220f30a6d

SHA256
7ee887f334499589d8f40e646c05616fce0517bb932f2c27e1aec3928a5165c3

SHA512
4e117844d0da7feae8315814b5532a3da1345760b880ffce0d6ed360cae20c0123c7cdeba198c75145384e76dbf649435f3f8c7572cef4b0cfe9573a42b6fb69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b1d074edc0ccfe57c97ffd2c686db23c

SHA1
c2bd171f8c17277e4d099b7b993a8b7ec9b85a98

SHA256
db4bc9ff69d6d25701633f3d56393061fdd852f02ae879c31e6e82eea1e8c81c

SHA512
646619707a4e76224314e21e527c32208ac05c2173d83cf272ae503a42f4b1d87f311b75f1765ff64ab886f12c8ec3e874d2ee0a7f61fca5dc1d45211ef2d9b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
974ac5b3bb9b9ce781d655d3bc1355fc

SHA1
a0490dc67a3bc2ab8ee32c86cb97b6be581f7f34

SHA256
526b07a2220b10578e1dc0e737df42d19d007018a78e36e2f2ca59a27b3274af

SHA512
dd99ba39a97c49353432af3474398cc780f153b0230dc13abd4101f74bd1baaf6e2fa3fde7be5dcee568976cd09b0429389e811260be1cdb29b178aa8ada58eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c133eaa9585baa70ad96839a4c9291f8

SHA1
8e9dae1c1294e2172e62ff54e4d765a1dd1a4d99

SHA256
731d3e4d4210b72769739d37df1fd8c544aebf0f1a65e6eeac538ed442e6f318

SHA512
fe7b60fdbdffcc5b5e370025ca83a79b15add890df2cb3e84571c060c2c8b230aebaf0337af61a00165468e68a3005843786bf16cbe01682df93a6d542b68e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
61b2a3d5a09dd0c186466f571e4a6327

SHA1
f7487cbb3fdc6488b9bea66a5d1aa4dafc336586

SHA256
de5d64445a07fd42f754bba81ec9611bcbf4e6642aeea461a3188d807663f716

SHA512
f9baeee320db86622b6a2314d05df733119c4d5eaff4acd30f2ce8451ffd6b31b3a6c643c392dbce92eb7602d6652c9b23bf6895cb880c997aaa3edb57dcf8a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
280acb2008537297b1bf3df29373ff18

SHA1
f1210665e33b8291b10bbbd422ffa26d79229788

SHA256
183b25bd86fbd11ef0b9dc3c204828027758920ccd41b47aa7c870090edb1c4d

SHA512
2c00a9ee6ce1cd1e6d230315e52d239b89a8f4a21fbcb36a0b9373fd829e4dc4810a1449bc1c87a0e70af1885b3889480e5530088a38c7cbcf330b404cf6cf83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1a2365d02432e30b21f71338d6a76377

SHA1
547b542b2186efc517e8fd33156efdef3e4bb16f

SHA256
265f38c13d4c0edc6c7d4e39a68464ba05a1b03508619ad542980ad379e8388d

SHA512
a043bef0156d21031218bcf550b3f47ef38a6c96350b88133a6f697375b596840eed72c540eba33294bc455fae8a468bac5f4f730652e271ddb0dc2713fbd413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0924124df639bd7994198ae672b5f33d

SHA1
e121ac4e2e38e76dc412bc9694cbb868d5623903

SHA256
1a5cecd64a2de6d55420e9cd9b3626ab644698a90f2f85a646ab4738b5099bd1

SHA512
bcfad9d382568674302f390ec8fec4d71d5514c48204844fa32ea6ae4028927c07fd50c35172a08a95cb80e12323d8eb0700b490daa341c279996a22b6c6f3e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9b440de50c0aee42599bc510499fc704

SHA1
623d7dfc901a58e9f1482e999bcde9e4fdf9d777

SHA256
970284d43b03aaf32e0e55cf6e0b2f0bd7ef30621c0496c84746963a00efae94

SHA512
5885b95446914ffbae58e465c3525ee38def5b94696b3f3c9c256d260c103162bd1bde94ca01254c3ef361d3f1c1d868f17b14f64f0955b01a4d08d9bcabaca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a29071e3ac61300bac157c35087d6f83

SHA1
415950abcd2b54921112030e57932f86db1d8fd6

SHA256
811c675d2cb46a67357c99fa88593ef3f022a912ceeafdf4ebb210b5479a7a1b

SHA512
e689d58457c3de106619e89fb89de26b7b88d2b2aecdbb0c42d22d0f0aecece87a8f873daf9e5a4d0509ae319483794c1de3241f045eef234202588febca9a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8fce8852a625ddbcc44eea812125bb4e

SHA1
1358ff557e7e067e48e94468b8a7bb8774ba0838

SHA256
716310a367d5efd0b51ed971d8731fe77d93e32e36c19c3fb2f367d0111b9f38

SHA512
db80949bc6009607146ef48c6fa844987c40a176fd00d9bd73968d9803cad62cc06973dd41b8f17ecfa002d99456b594c4ec7a5fddb3b81e74d49f982be4d040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
31fc85a735d3acab5f2f355970b8c5fe

SHA1
8e9788678accfa97fd7c098662ca611af7f5ee5f

SHA256
1fec017ae03a30350413a7add0329cdcbf11b943c7b8f870ae5a0422de4ec1bb

SHA512
f2d1be8574d3a6dc2f7da8f932af68f916faa1ab869947631b802976a40e49a5198240443e3ce71972a101824418326cffd133ca3cb44e95c2c055b27e30fcca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a0b0506e6773f2f627b8ed2e15d3842

SHA1
f7cd48329dbcc49ef4daff24b43918c726a39a1b

SHA256
aa41b15a79fa8a8dcadc8ca68bd7b58584838bf6fdfe6429187b63ba9f99cd73

SHA512
7419f08038f8494e0979c60213f95bc20112ab1b5f8767354f021a5fe41969fa55597bffe31e74da58c46aeeedc79503e815ffc058792e42912bd694a02f3686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f2f8af1447ea28298e7d2c72cbfa3a1

SHA1
b3331dd9033e73292ec15d1c5e73a0c4af202485

SHA256
fe83bb0ad53253cebb50859277b430deed2bb3cd60a0d3cd0a7a66aea06f8b7e

SHA512
fd499b2e1c9e63d64062de1243f4df6f72bfe63a955ff023b2aa2c7d1df9c9dad16326b7cc0ac65436c10bc1b8c0140c549725e7d419f86a8b0971abdffa50b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5029bdae64ad67fc187658bf6897d366

SHA1
99f3eca4ca2829c6e75a13afeac6dc30662ea100

SHA256
d844855dc71109277c656d8478c317e9c9165268358138d380052c3e5114380b

SHA512
4683007f32e3c4b497945005f3701301d08017eb081991b4f154731201d8cf6ab230f83b75f24365d9b243ef1c4d6066ae688a7e191bc768621d4fcce186fcbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
334c025a63bc09e6fb525f1d7861b8e8

SHA1
de2f0a300d2c4369ac3a4017a1871d308443e30a

SHA256
e6b3a5a4a2a20f5027b40a3d984445efa26e505199f2db85762066fb513a73c1

SHA512
989063078008fa7d1b6167f85ee8c5aa4559d38c5a7bd8d92eb7b76bd47a5ae308c98d1ac7475216d3fe2795e9ef1825add6c4793c1516172e8c1ad098bf813e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e0d4125a93b99452a97e62a980d1a4b

SHA1
f2645e99fe4c08841275f4bc65a855f9286e3cb6

SHA256
24484eacb88ea7581cffd3173e93f66b38215aa29b182323b0b8df0dc1e37116

SHA512
ca054eac0cc33ccf66db71f9d816cec3648b8802c6e95d791162180007860120a87879b49c75d9efc5a0adeca1a381b8b265c89913f34d385bf6fac031f80f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98aff07ee1b3080717d5db1481bf1428

SHA1
d90e58f8357085e83a9cb7973f11bd914662e922

SHA256
d15e77a002c2bd26b88c344784cdb6bb3c56244f2258582a40d9bc97b57daf13

SHA512
b8255e4db8464e5fd5adf6370ac82492f4d69f886c56de733de2b41442003863cf89cc4793d402d7a44fe7609c33be4b67f6308ca1028c1a959409b24bd01101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
472e35ad31af114c9971fb37b407a9d8

SHA1
cef0f7c4a0645ab32aa9bbb578be114b61785130

SHA256
3b9076f0959a6ebad8e0d24a7b790f2cf5241a554fee58ebd557c4e151eb1d53

SHA512
e3fbd7aa35df25282218b8b0428867f761600de9c2b1f02949495753c51e5346955d1b11064cab21b98939c9a82b6e0a174b8d8bc84501ad0996f6f44d7926c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
40a514ffc185bbca26616855172c8367

SHA1
36a4a06166ab8d361311f36a4e2f2f40f48c3775

SHA256
20e9b6289ae99a1bab05a29a264c6ca5960992637934b0eb7b062b74c9079daa

SHA512
d74d54b6312f2df0fd5c49642e2ca113c7a420a805d434d63a1acecd1bf4f05520045d3d8746c74d75b66cfa2be58a02fed39250bd50985503817d249b9b3c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
30c5ea0a7238d86c20b9cb6af468fb47

SHA1
55edcd16b2abac1b474e38b60be50d06a29ae4a1

SHA256
95992178186257eafdb27f54fa1e37d78295970e030e31fc01895b6a33df7e41

SHA512
ab1e3d0036108986acaf61600f7afc76bff68c87d996b4dcbdadb17e661e93f36b85c34f0f7955da87551228ed750c5a93f47e7a06b6fa63487a2ae01f524528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
f8cf3d558cf13c0cd49e477196136076

SHA1
f95ff1caf2e7e4ed62cbb3a72c5c8b9540e6f5a5

SHA256
83894f2f13447cd46ba4cdb1a16c873c96a7fac7bd9a5621cfd15a00349a58af

SHA512
a110c850d9f43992b3452ebfcd8f79e4a822aa2309e0264c7f98205cec5533d748fbe141c8bfcdc47449dc474ca4b4a7cba2ac4cfd631f457ebde55057980ad0

Download Submit
memory/1536-0-0x00000000014B4000-0x00000000014B5000-memory.dmp

Filesize
4KB

Download
memory/1536-12-0x00000000014B4000-0x00000000014B5000-memory.dmp

Filesize
4KB

Download
memory/1536-5-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1536-8-0x0000000006E00000-0x0000000006E12000-memory.dmp

Filesize
72KB

Download
memory/1536-11-0x0000000006E00000-0x0000000006E12000-memory.dmp

Filesize
72KB

Download
memory/1536-4-0x0000000007550000-0x0000000007ED8000-memory.dmp

Filesize
9.5MB

Download
memory/1536-1-0x0000000007550000-0x0000000007ED8000-memory.dmp

Filesize
9.5MB

Download