Analysis Overview
Threat Level: Known bad
The file https://www.r.oblox.com.kg/games/89298961651739/UPDATE-Better-dont-play-this-game?privateServerLinkCode=639454715585395230358511284729 was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-10 20:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-10 20:33
Reported
2024-12-10 20:36
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133783364495459447" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{EAB1482A-15F8-47FF-BA10-CCFDF62C23E3} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.r.oblox.com.kg/games/89298961651739/UPDATE-Better-dont-play-this-game?privateServerLinkCode=639454715585395230358511284729
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff83148cc40,0x7ff83148cc4c,0x7ff83148cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1816,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5000,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5112,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5288,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5352,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4964,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4984,i,16861998201315295356,16433357486168717883,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.r.oblox.com.kg | udp |
| DE | 5.252.33.158:443 | www.r.oblox.com.kg | tcp |
| DE | 5.252.33.158:443 | www.r.oblox.com.kg | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| GB | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.112.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.66.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.33.252.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 94.12.20.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| GB | 128.116.119.4:443 | locale.roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.121:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| DE | 18.245.60.9:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| DE | 18.66.112.18:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.75:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 9.60.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 90.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | arkoselabs.roblox.com | udp |
| DE | 18.66.112.34:443 | arkoselabs.roblox.com | tcp |
| DE | 18.66.112.34:443 | arkoselabs.roblox.com | udp |
| US | 8.8.8.8:53 | 34.112.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| DE | 172.217.16.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 195.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
Files
\??\pipe\crashpad_4824_HBOJNRFOFVPLTLSM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 2bdcb26c0ce26b8b816af53519ca60f8 |
| SHA1 | e27b11ed9e3bce236569012e7b3662f0ffa911a6 |
| SHA256 | dd0ec9858e48b713c9a3cf32906a020e8ba7667f6da84440348024e7022de17e |
| SHA512 | 1c2d85b467efc165b17cf4a26c07fb654bef4ad5c30827ad77a354af617f77b9c94fa7f21c40f3859ddc30416295029242505039280a629ac7c0344cef6a873d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bc19ea738e6c0dfac26cf5a177ca6396 |
| SHA1 | 1f00c33bfaf0d07dfb6adc4e7968dc0bbc06194d |
| SHA256 | 534d5fda647d161e8c531bc4789fe42ef40f22571ec78974b51d5c37bfbbce56 |
| SHA512 | 1a986cfb8cc2323edea5231c665e1bae0294859732cfcb8cbe67cd56a92ddcfef853df1b27b8967e8416ea9f8f029fc8694d97ee9db9c94a064a6e45f6f18a01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c4d60d9a8477e0f6a5d3aeedfbc7fb5 |
| SHA1 | 68a952b22d7be7f687ab4b6af5895f4a15752ceb |
| SHA256 | 583bff9a0910ef9b8a617406476e7d746aba1a28a4938df5731402914b7ad952 |
| SHA512 | 89e22d561719ce23f825b681515c113e19735c9675e1443ec144f0e3c67b9a1f6eee13060a725f7e34794e6c1a6e642d274c7f8b1f9caa72b01a37cf4ea5f757 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d14095e4100a2c57fafa5f84e16a52b1 |
| SHA1 | af7d37b3d3d532c4dbf3450e955f8197bfa3df16 |
| SHA256 | 97697ba9c6e1941e867b72ba46f474c5ac6126479d6be729327a4ccd59dbdf3e |
| SHA512 | a7a42510e6c20fc5b93f034812e1f2bdb0a736ad6f66f5b2d1a824126a19ae91e2da478b4f4d0246c1779ce41a3ab1fb73f763286021ca3ffebe38294f57e021 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fabfa7a6a464b665773c8c5754c3bab4 |
| SHA1 | 4acbcb486c3fa165388ad0153b61fcfacdb988d0 |
| SHA256 | 662c02a75898a3523195bf75ba5c5f09e64fbd98652a69b42cea2124a03fbb95 |
| SHA512 | 5508f3d4da32e49051f6626f151b58dbf5849b7d7186b76a37cf55c1c411293b010759b3ec2b2479708893af75a1048d347a7556cb6e602a98aea02da25b52c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a728f55fb8ed5398ecffc6699f5eec47 |
| SHA1 | e66747a5de0aee32a0ba6049d526120c5f42be67 |
| SHA256 | bacd4038be08ffac268516915705773170b953fc0b01a828944895ce0bc3f825 |
| SHA512 | 82943ce734cca18b7d593257b57c7fda3fb4b60e486f9d63728b10d47065f6b83c364ad1368d50e5f6cbd614c608a2d8fdc0261bc7cfc3dce218eeb40be46561 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9ef30c2bfb68adca9c3fded982b463ef |
| SHA1 | 15aaab6110de19ffb81a0e86390d5151d6586918 |
| SHA256 | 46eccb0ff7b18805f0d76e97a7e8d3a3f7f3f80f4249ba0343c05ce8be41c388 |
| SHA512 | f2d74a59f089f1e6b334a4fc957d078f45b46754ced9a9402f1b3c4403a2f79f32a3f64a1f6cb4c156e5616fc4b3b201def51e00ab17c056934acd29a59fe17e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 082c4cbb3b3013f8c507f4d62133323c |
| SHA1 | ca4bd97e149684404be95fb5d92e1f4639f9ffdd |
| SHA256 | 016d4c9eee4396bfc2ad9e2ecfed6451fa6fc2e1e5ae869e14f4f9139f627aa5 |
| SHA512 | d7ec2bbb527f2dce0ee23e8a01d8e438bfc2db954345be6837feb70e17c40115df94ef931074158b60579bdc3ff12b06850106fa66fee066198eaf1d3949d9c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a358f05bf18c936e57ce6dc545bc7b22 |
| SHA1 | 712e7221a3446fb8a9663039f7d5a9ba916a3765 |
| SHA256 | c36df78d30656a056ee72cb9ed0259aba0c634bf34677b04ef65d3036b0492ed |
| SHA512 | 1c5152eebb81381bab750c2a0363d66aa77716facb5e1c60542a5d961a1a3a7222266ddf20aa153901257c7e2e29b66852c9fdf0b0260d7be0745b134a9cad79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 887e77a1c0fac4094b996b1fb0a9b531 |
| SHA1 | f4b76d5d61238431fd6b14bd268836dbb25e5dd3 |
| SHA256 | c9bd4c7e8d3454c72f87a8fa7e727364dc0a63ad2160299a8641a5143d9d7455 |
| SHA512 | 751e3307659b303e78c94798405f7c6e9230c1be03d3000b90e63f76096dce5fe76eca7ebc243c797b1f3d1a2389aab4d1a544a1d40965f217ffdd61110253f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
| MD5 | 700db95cfa2fcac3be6b694fecd627cf |
| SHA1 | a2a1223671a8bb5c88f330a481587235930a4ced |
| SHA256 | 2914ec7a29ee658022d985263799842db3916cec965a0ef2829be1957d33e482 |
| SHA512 | b6b096bc026b0a8ed3c796c4ed3a6fb73995065ad6a7013bba8b61426ff1fd69c275cb96de6fad0ed26175ebefd5f7d220538403c4c6b13e5d06c0e65d1991c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7ee9109221fac30a3ed92ca4936d0927 |
| SHA1 | 6643d62e19f7a37a1f57cdf73ad41e544c6be5ea |
| SHA256 | edaccdd6e18a3a7f1552045f049195b3c9963347c92827039735f793467cca6f |
| SHA512 | 87bfb8433d03d7ed9eaa9a40223774d521554035b14b6f0aa04b1fb4a8b381df5236a63e62e8f07c99f258d5bb439d40020d059259d2128ec0821656b5772142 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e7efdf99a1d71a9e8716877eae7691f |
| SHA1 | 50674e4949e71a0e5d6abafda92d489557f97b93 |
| SHA256 | 1ed3f75537145d4959f67917551de233e11d1ef7fa98df8cf090b6916c2a7b93 |
| SHA512 | 9cf31b3a49ea33844d7965a7b5e5de09a1fb737a55e69dc2d19cbd7a1f762a467fff0f003090bff9474440f2122ddc436588bbaf76416f6f9a7bac7b5856507e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 35e217b55c1a2ceb47c5cc836041ae5a |
| SHA1 | 0350c9de0cf89489870bbea2fee7c3d7378475b3 |
| SHA256 | 514513666d5cff55aad7ed0a9d4e43adf93e6b8a8952b8f801b0cb187877c413 |
| SHA512 | af7c9331c2fa4e96c5f531e43559e5ddc79231a53673da7e128a71b9ca2bdee9f65854343d573f7814d55d4a1580e086bb4c750f1446ff2bb1b7046c863409fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 192ac3344af9cacded479ffba00bb269 |
| SHA1 | ea946870ba65a26125c497b4cfb7507dd1c64021 |
| SHA256 | c7541aaabcb3ea347eb94a3be00beb3fcdb43bb393ffda2de733053b70e21222 |
| SHA512 | 2d57bac6f0580708311e23ed70b4bbc2accb5342bf456383800f89205ebd173268c19d33b629226333aadb6e9627f0709781b245d984f7b9a19ba0d6be6c2f58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 65dd18dd2cf20187e75c6258ac1a93d8 |
| SHA1 | 4e0d876efc390cfe31230d00f49e60472656326b |
| SHA256 | 3b791f00e5aee47dcd868d281d42e494a2abf8d474839fa62512f1ed6f0ffa78 |
| SHA512 | c15766dfadacbf22e3b7f3a5aa4003f51336039a34b1db5cb4c4a928c3007bc9b115f8ddf6e259c6c9fa9744f0b8927fd95153e8576847a4c15fb0c380e49268 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c93cadd3bb1597a13109d5804e6993f5 |
| SHA1 | 5e2aa35f233ef87c56027fee077936c564df3f1e |
| SHA256 | 4f88266122b28818609bade377d4b81b5340f55daac62b6117db73f0666a6384 |
| SHA512 | 5c5cbf90514bb8599d46733760c366120cbfdd537ca85db0112a9ebf1fed825d55463a60ff8d4e764ba7d5aee298f7f173ab85e1b2e977baacf8c03110e286dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fff12bb668f57ce89c13ed5007b27e84 |
| SHA1 | 3082a558785cd78d0dcde108621dbe529545858c |
| SHA256 | dc6846887d26738a96585e9cf8f2ea427a9e7c82e3c6ca754edf1c05fd826c5d |
| SHA512 | 512ee015310fec5645bdbd750de0e08028d39ecbde4fbfe8f859e45fb7eb763d3b4c5cca9d226e0fd07d7fb6350888e7fda6c5c77ec74a5b267b69a482d02aa9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 45772007b85cd373a18be00a19dfc04b |
| SHA1 | fabf179881a072c769deb77352d5f2ac5397ae1d |
| SHA256 | 03d01a7184725fa1578c57b35bd287bab1a19f1627ac0f45c6cf5214f805acce |
| SHA512 | 6fac99563571d61d04d9674e86e104516628dc4c376e63bd6ed5bce39cd5cf941b2e74ee65afe422103cde0a05a0565868033d98d163fe7df2276a46c14860fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 29799f021a2fcf1e3b83de29cfde6d0c |
| SHA1 | ace301fbc9e2e818ebdbae069cf4347e94cabc80 |
| SHA256 | da264aa7a7a40e12f492da8daf99a936b8deeb23ec8ea1551bdb02471d22b204 |
| SHA512 | 9425b0fe691049ea4a476c14accdc9c72aeca6b1800ad8319bf601485cab350aaee27088107cebe7c9e1a4d419edf966c7d1f786ce546fdc21a357e566ac4d34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 61ea36ccd4e18342b6cd379e1b9aff6c |
| SHA1 | 1e67b88a5a53f19885de22623116ac3a9ff4c4ee |
| SHA256 | 0c907ffca5829bd70bf0c048a3c8e565774400c6ccfcc2334a3bf1c91bb84103 |
| SHA512 | ce8c5aa4640fab82a69934cce1e4b8fb9d2b1f341b9154bc4f258c2f7255142222fecc7b0dc0bcef5d3b019ba4f82598748a5ee921057e0bdede86a17188ddbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f1239660-2f17-4420-b1ef-22705e8a047f.tmp
| MD5 | 0c478e293b11304516160871838e189d |
| SHA1 | 061768f03a7ae228bb1bedb8a6251e842495f133 |
| SHA256 | 19af2148c1f903d261f78a8f1f002431f1cd7cf75a86a4e3af3ed0b100391fff |
| SHA512 | 6f6f05a7ba3ee01713a4bf9fd84c6206c309791bbdb93c88dcbce0ddf34e0d335ddfd350c7444b4175d42f396cd8251623652df026f6290c27c99b2920cc9455 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 94936354259346ab90872d10bbaedef4 |
| SHA1 | 9b23c245ce80b83cbe2021e4d28e4af9a5a5a090 |
| SHA256 | d6378c9e31760ca52476e10d38e7aac682f96e76e19a9c8896eeb15ccdb53ec1 |
| SHA512 | cddeba55e539ff296c4a9741e96ad6b400a95ad8c44aea52c079ed41652810366ea0b277b424a4f56be99ba043eadf86ac154224b2d09745a3e48ad9fd4cbd2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0a2ff49edaef6f74392b0c87eaa4e52e |
| SHA1 | dd63516b28df25c7b71a6ae44abc110d12b1ecd7 |
| SHA256 | 0f7877cd05dd47bd209418247e6abcc408ba2c2154038ceab4b6c573d317a759 |
| SHA512 | 15c01f1d30279fb221d722c95792412069d0ff47ba2be71eaee2f468438cef7aaa8fc7c6c1d02b756f3a743a0a693b7255e329ad8ce8d941a480a537d2aed6f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8aba7caf654f8c28ca9f5e7b6d769661 |
| SHA1 | 4e7f5fc9f9d4500bcd7ca0052ad3b36c93ef8917 |
| SHA256 | 1ec037de03c36b260e8ab6a6446dcc112c67acb6cae04a1fcfeb774e6d05b3b2 |
| SHA512 | f65ca62a0ca24b80ab6be93d33fc46c759dbf77e23aed092f8b882ff2687f1e86c3a55014fce46cc15a3235720664804425ff0c79bd67bd5d6e0af94268c3012 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7dd8c3bc0b659ab420c1d514f3d0fee9 |
| SHA1 | 39a583ed870d52a1978be79f4994896c1d3c8767 |
| SHA256 | 6427661b38276a5db51e3fbde7bc7741ee9ab501c3c51202adf89d71b1ef80fc |
| SHA512 | b4627c0e8685d71f3de09b0f35fc31cbd4f5a2f83b3582e84d6e2fceee26bc1be3ba69d09d0e6283531f73c2a5ae56795a49661a1e10eb82148c5927bef18aea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 290377003263ee9600a4bf2234dd485f |
| SHA1 | 2af4bb11fa55d2630b7095b61dedc9ba29fe5f35 |
| SHA256 | f5a77937b8b89e1506e6ecf5c1561b07e5a6bae6cfdf287869d8dfdee0fcfce4 |
| SHA512 | e72b0111eb163f1873ee8a9481eaa3632be78fe8de8a960d60f428777266a3469c852d61532adab387f5076a8c630f46c471e152714ba9e866227a853ae04558 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7494739d51c3e62e2f6290d491bd1fc7 |
| SHA1 | 750de0b9af354adafd3d8694840c65aa827e9945 |
| SHA256 | b26c7436eb69f773844c47be0c7ec7c5ebdf1c1d08f1d7eeff1984401ee4e53b |
| SHA512 | 317713ee414079fd44bc946bd7b7683320eb272189704305cfc34ebcf141244db0efb1f117d358ebc14660ba048e4ad632ba9e3f47711bc4e8f56f81307eb995 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6605976b54ef4ce6356102cfa5b375e3 |
| SHA1 | bb98bdc101dad46238eec1c18e03c56aa3c66ca5 |
| SHA256 | 0be098198bf534edb095f820431358f1ed0020fa04864b8bac250de30a02d73c |
| SHA512 | 3a08257bc2d699dffc22c0b7520e751c2c6d2324c057d220db15083bd35f213053a989faa9dd23b4a0ece4b47731f0b24b0e5818b07a0b0ef909f368449a12a1 |