Malware Analysis Report

2025-01-23 13:47

Sample ID 241227-brhhnaxqck
Target https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbGZhNjNLUlRLVUFURF8zWldNV1I2cndIMFphUXxBQ3Jtc0trSkRTa0hoMFpZT3JDZWYxOUtvYmZCZG5iOFpQUGNiSU04REtQNF9DVDFuN2ppWEc5M2ZoYXB0MkJXcW1hWHcwbmxyX2k0SWw2RUtVMVV1akd5LWxUZzJRUzM0Mk5OTnFpVWFJelF6SzhjckV4R25kOA&q=https%3A%2F%2Froblxgets.com%2Fwave
Tags
cryptone discovery packer phishing
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbGZhNjNLUlRLVUFURF8zWldNV1I2cndIMFphUXxBQ3Jtc0trSkRTa0hoMFpZT3JDZWYxOUtvYmZCZG5iOFpQUGNiSU04REtQNF9DVDFuN2ppWEc5M2ZoYXB0MkJXcW1hWHcwbmxyX2k0SWw2RUtVMVV1akd5LWxUZzJRUzM0Mk5OTnFpVWFJelF6SzhjckV4R25kOA&q=https%3A%2F%2Froblxgets.com%2Fwave was found to be: Likely malicious.

Malicious Activity Summary

cryptone discovery packer phishing

CryptOne packer

A potential corporate email address has been identified in the URL: [email protected]

Executes dropped EXE

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy WMI provider

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-27 01:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-27 01:22

Reported

2024-12-27 01:25

Platform

win10ltsc2021-20241211-en

Max time kernel

174s

Max time network

172s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbGZhNjNLUlRLVUFURF8zWldNV1I2cndIMFphUXxBQ3Jtc0trSkRTa0hoMFpZT3JDZWYxOUtvYmZCZG5iOFpQUGNiSU04REtQNF9DVDFuN2ppWEc5M2ZoYXB0MkJXcW1hWHcwbmxyX2k0SWw2RUtVMVV1akd5LWxUZzJRUzM0Mk5OTnFpVWFJelF6SzhjckV4R25kOA&q=https%3A%2F%2Froblxgets.com%2Fwave

Signatures

CryptOne packer

cryptone packer
Description Indicator Process Target
N/A N/A N/A N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133797361743092997" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1411052346-3904498293-150013998-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3172 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 2044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 4000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3172 wrote to memory of 3024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbGZhNjNLUlRLVUFURF8zWldNV1I2cndIMFphUXxBQ3Jtc0trSkRTa0hoMFpZT3JDZWYxOUtvYmZCZG5iOFpQUGNiSU04REtQNF9DVDFuN2ppWEc5M2ZoYXB0MkJXcW1hWHcwbmxyX2k0SWw2RUtVMVV1akd5LWxUZzJRUzM0Mk5OTnFpVWFJelF6SzhjckV4R25kOA&q=https%3A%2F%2Froblxgets.com%2Fwave

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff91578cc40,0x7ff91578cc4c,0x7ff91578cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1896 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1904 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4628,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4644 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4712,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=5784,i,690293423614796501,17475910179943560176,262144 --variations-seed-version --mojo-platform-channel-handle=1836 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5012,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3188,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3496,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5240,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5116,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5236 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release-App-Botstrap-x64\" -spe -an -ai#7zMap2093:110:7zEvent20878

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release-App-Botstrap-x64\" -spe -an -ai#7zMap10471:110:7zEvent28700

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\" -spe -an -ai#7zMap27593:126:7zEvent19659

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5564,i,367383899422561377,205220506134297060,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=3792,i,690293423614796501,17475910179943560176,262144 --variations-seed-version --mojo-platform-channel-handle=3700 /prefetch:8

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe

"C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe"

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe

"C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe"

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe

"C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe"

Network

Country Destination Domain Proto
IT 91.80.49.21:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.178.142:443 www.youtube.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 142.250.75.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
FR 142.250.178.142:443 www.youtube.com udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 roblxgets.com udp
US 104.21.87.13:443 roblxgets.com tcp
US 8.8.8.8:53 13.87.21.104.in-addr.arpa udp
US 104.21.87.13:443 roblxgets.com tcp
US 104.21.87.13:443 roblxgets.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.ckeditor.com udp
US 8.8.8.8:53 rsms.me udp
FR 3.162.38.53:443 cdn.ckeditor.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 104.21.58.14:443 rsms.me tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.58.21.104.in-addr.arpa udp
US 8.8.8.8:53 168.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 53.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 8.8.8.8:53 roxplo1ts.ws udp
NL 185.212.130.11:443 roxplo1ts.ws tcp
NL 185.212.130.11:443 roxplo1ts.ws tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 11.130.212.185.in-addr.arpa udp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 104.21.58.14:443 rsms.me udp
NL 185.212.130.10:443 roxploits.ws tcp
US 8.8.8.8:53 10.130.212.185.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
FR 20.199.58.43:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
IT 91.80.49.86:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 2.20.12.95:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 95.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 105.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 195.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.11.108.188:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
IT 91.80.49.86:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp

Files

\??\pipe\crashpad_3172_CNBIEANFMIIJZXRB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 26d12de31204be48f0e21c116a0f6d2d
SHA1 0fa8a45b8955c810cff0437580a3dc1e61d5f4e5
SHA256 f9e3fb3e857be9350d48d3bb41fcf01b7d9a958c9f5e1ccc638a952e4b5f3838
SHA512 6c368653dddb59772ebe938c054a3909964a4e0732ce2f8d40f038265cc916cd21ac2761c98e5998536253e006a7a2db33182b4597d60355ed13e34398f103cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2ffb981935c4aa9083ae08c8b458f792
SHA1 1208e49cfd0733c11ab0c6f326bb5fdd179d3262
SHA256 321bb91a86033874250edec4e080c8854365ecd8cc796e04bcb09ca3478c412c
SHA512 5dce99255e532d58c2452a048341daed9e68c937bbac10848aef834189ee45a4fd6c3e22b0f6b98378b2772feff60c8334c5c1803abaf0f055a179cacd5d5706

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 85a2a3bdf8ee681a793238624ed448af
SHA1 838e5366bb44fc56cf238cc2b9847cbb5704c36c
SHA256 bda3d45440b0500c7f478b3e900250bfa0387977fd4cbf03906fb10dcf3f9c35
SHA512 1aca7975e710c95cdcb417c8f6af00c38320f00fa36a0efda7c8bc97dbb032a63e5da868e3dbdb58fe074fa335bb3e3877f1f5ed9172d9124fb6b84f533e5e16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c211c12b7e8362d0e7e42049b4fc0912
SHA1 f7635ac6d0672bf3314ad23cd2bc7829d03e219f
SHA256 f6fe2e740507ed865f6d2d9980e82349958ad0e4875b27e19d658a016dd5dc45
SHA512 6c4fed97d847bb334452fc818a5bc05fec778cb9fa343cdfe354ffab3c02bc8d0b14cef37454f38c73e10c7a661b0118b2b52d62c2967a8124f2c10581d4fec3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ba1403367eae0b56188028ea7a265178
SHA1 c0be7566f0f5867719dfff767858c249ae5053fa
SHA256 44cee06eb50c6b44fe8db985c8c344024d23ebfc868325cbfb7e3a7897948213
SHA512 b2f8085b051049525970a1967023dbef137c4087c3ecbb019038de72580c74c25309dc9d74f7090e479ea7363932f0b04b2306aa0e93fa693cbc9b9c0f0577fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 29eec8b21296f54ae240c184f96ca3c3
SHA1 7426455962010e45336e4c739c3a6b1baaade016
SHA256 d666d25b1b3140c07f1cf00f3e9efeac819d4d0c0524128103d8707d1605fe15
SHA512 32aec2b60085cad7f6363bf7fca15bb64f56f99c3123b36e0be7bbc7882a15536dbf88b3e833e21e5898fb8d07c4d2488490d9e28d580bf02f59fc3c88ad9eb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7584f62d92567316b87f0de77f3df309
SHA1 6ae29c1bbbdbd20ccae3771c4de648f54d09dce6
SHA256 bc3f325f00654354c3bef16516cd898db0fbe8ca01277252948f4aa095affe1a
SHA512 c7ffeef8ce309831f3e144d317281638538d5dcd179ef418e4ffa790b09b7594e0b2c50115c54979bba1b19afd3a1268643fec31c0df4da9ff08d1d5f6b7763c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 443862f2bcc112b0a0e51fb57abcdb9c
SHA1 a7761c1a1fd9101c8cddaf923a759d0d9ce3fa1b
SHA256 2a258fb31d58216d8a32a5ca6e2262bdfde8eb25cb7e34ce1537f61daaded1bd
SHA512 1f001f00a4cd68c1f16e762ee8e82333be940411f1fa3e396d74f60fa4d13ddbbfa6b8ca7c180b703e12bef62b611f7cf51a12e7c6cc63da450e7e1d9006d75b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8ec60bdd5273c6288931c5b6571c1282
SHA1 064efbd2cca7fa8ab7a3de97f311991a6a5cbca2
SHA256 0c112a22a40b2a50112342e66c97d8fbdd3ff787898c33e73092f7d90ff1b9a6
SHA512 d22c0459d4835c5606d67a4b5ed516d37241e9b45d01e1fa599caf452a8e44777b69c45f26bc88683182343760903533a27c8aca0f29f4af6d353181c85395c2

C:\Users\Admin\Downloads\Release-App-Botstrap-x64.zip

MD5 8cad19ffab4ad5ef77a157f29c6a1765
SHA1 fe1bf4608838ca315cf844873fc5ec05ac40ff1a
SHA256 e60951d343f7560c7fa76b5a177e819fbb440c68ad9ea55a8a2cd6b1abfa4dfb
SHA512 c42d055a0589322b93c40cb3b809488b8f96f78cb9aabf54b44fc42cf87e1ac4bed6c5b383a17732b345fea3676698768ddd3460ba81c689d2a580804c21eb10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a52c140f7cc79c271e39b97ff80e3c69
SHA1 3b3c813ba79f0730022c811a23ba37ccb88cbc9b
SHA256 2fa56fd303d716ab9e76a6bbb6c4c2c2ce75feed5def0702db8fd3ba87c63e54
SHA512 a3d5654f8e99ba2662efd086e565131e2242ac5bbb7b6310cf08278e1349fe084651670c9f91e208fc8cf3dd588e46e48dfffbf37689e371ae3f454ff5fa82dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4eb5617903c7de57e2c5665d08bc9109
SHA1 c652ddc7245c6f58ce84d90fd5da04b4f5ddb56b
SHA256 94d1e21ccc339ae1daf161ec9d7ab01e67bc45638072ebe188db991542ec9eb4
SHA512 348c86c1df1e5232dd930b5c1bba7961c7d3d058349f44e0069a138aad26588ecb4454f179bc30bfa6bde47c93ca0b60d9a9448245e08da295028964bd2c102e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 109375c8e71c5d219542a417411af2c7
SHA1 bf58290fdeee87bb6ad6ca1b70b8dd6f7ed67fcd
SHA256 d361e18b0fc7a78af62472249fd5fa2e5018c1fd28cd51769c29f78b90aae2f8
SHA512 ed94b80f215f3abf410edfd396d505d790ea7e693d1077efde0c3a884c6c80a62f3289afab14355c27fe1784e97f80a9cb5b6cd842840eca09e086572a50387d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a7ed431a3aa6d1cd40e5d5c535e2c5dd
SHA1 c507e2c6aca4e8acd7d7b65a9904f73dc14837e4
SHA256 68bc90a57602918c9d3035deff105aa970e9e58ebd0091718d887b87af0a8b71
SHA512 e5f899e51ef9b38ef9d68b0728519bc3741ea3a847415b0a714b4bb3e87ced68373dfb803ab17b03e9f0cf830075ea15c5da31aefbce4e60872e965185ffb6bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a09e5ac9aed666547d8f6d4bbab5110a
SHA1 04f5974a918b52754b4828dc8edfafc09aea3616
SHA256 889a99038911312034e81b15dd262826393a8dc12a0336e6772f8826da296acd
SHA512 dd86041af47a280492227b103f32a3ea93998493ad329634c12b13626a11893f04a8d711fffcdd4559ad0a0183aa29ee1b7a97e7bab870e9ad9a17dfd09de220

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release.zip

MD5 4039725a454445d3e01b3e7da04b491e
SHA1 06b5f1ec3ba83f039d69ca483686bd1276919d31
SHA256 7ca62473a19301f7e7e4bcc11711036ad0d898627b31407202c9385c09f95e6b
SHA512 ff47ac04a0207fd9d4bb7271b95ab9f6efd694d05f3f126e07631821db2d188cb9bc7c6d72af9d9389ea5e263420ab4d0531620f3fc743533bbc668064a472ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7ec2cc4467b5c2d94b83ad0b3b4f1442
SHA1 9c701c07d52e7386bced2bc81a833fb512a7fc52
SHA256 bf087fc92321e601014bd928a1ee1af50f3146222e869616b97f82379fce1093
SHA512 0b1e9b310d5cb9efb6cfa1919e20ea23b5129830077ab8b4da62525f2d73726d187b8cc7c7dc75bfb6f3cb70d221651b33d089d0dfec9782a4a2f34347d35d3f

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\autoexec\scripts

MD5 88fd7dbf04bcf75123d02009aea3f7f7
SHA1 cecf16bdad71e54afc941179ea2b7438a04efa1d
SHA256 01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
SHA512 2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\.tests\isfile.txt

MD5 260ca9dd8a4577fc00b7bd5810298076
SHA1 53a5687cb26dc41f2ab4033e97e13adefd3740d6
SHA256 aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
SHA512 51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\Extension State\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\GPUCache\data_1

MD5 a833653a021f29ee2ec1a845e0c2308f
SHA1 05071159d3c2516d67b765cef012a0a2d3337759
SHA256 8e9f3538e43a68caa472fd47adaf43906e097cfb53ef55d1361caf1cc97efca7
SHA512 0902a886c95cee1b34f9419ab0a10ce0fe96eae57c59ab4cefba99ba3fc2a0237741f31076ce065db14fe3dfecd325458209f0d1e9fcc8b9ac7bff8328e1744f

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\Downloads\Release-App-Botstrap-x64\Release\Bootstrapper.exe

MD5 ff6c56326f0ee63ca9360576a7449ff5
SHA1 0ee6aa098523f43dcd93dedaab26b7a13f37aec7
SHA256 aafa6952bb4c20240c67300a13ca97756ac5907f2abfbad9b76a6377605e3bf4
SHA512 631308c7104f958d8a36e9eb01a7c00c35e2092055301cca89c2669b3b3ee141129e7ff7838fb4c6d2af20fd1f3b6e57035f74805c2e02d4ed68c4b4ac7583d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b600174a49fc393f9d143129a3e2eae7
SHA1 931fcb8c544a7c121bcf9ce132a3afa2c2d3b83e
SHA256 1855b1a09d2381d727ffbd5089dc7f66c98b4e11cae1a63a68d7e8d447d4b60c
SHA512 9c0ca59a3debfd9f2f203e0085ed0ef718fb79bd11934b3531254f9971d9a1dfe8abdbb3818ec7d597d571a20531e570753eabee671ad699533fc82b20de8edc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c24f323495ce336e7c3f9a7e5bde39c3
SHA1 b2f1b3b23ad76d1b04818f4b59b31500d6d27ae3
SHA256 97e3310c4417786437669a415a256db479242c72cc566ae0b122b31a9d3c5bea
SHA512 1be9dc0a6990556d5587e669c144eb3a173b715ef5b4e77556d8605bffaaa2d84956c7409ff75c48f288fedef75edbd93873256f8de2225a71790a89c6d97948

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41cfc910df8b47ade7cad2f3466a50a2
SHA1 334b79728356fd004598454253c35f3f8dc1da80
SHA256 79fa45bb9d9034ad9e0a428b09ba777c066c776f34b969953d2dd8dbae0e7cbd
SHA512 62952c54940b761fce7c4757bf7cb4d8eabbc823a06b78a64620804ba35aa3e8fafa7de2133b3edcb2d29d3cb02ff02445ff6e0ed09aa0a569a89270faa95483

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-27 01:22

Reported

2024-12-27 01:37

Platform

win11-20241007-en

Max time kernel

899s

Max time network

845s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbGZhNjNLUlRLVUFURF8zWldNV1I2cndIMFphUXxBQ3Jtc0trSkRTa0hoMFpZT3JDZWYxOUtvYmZCZG5iOFpQUGNiSU04REtQNF9DVDFuN2ppWEc5M2ZoYXB0MkJXcW1hWHcwbmxyX2k0SWw2RUtVMVV1akd5LWxUZzJRUzM0Mk5OTnFpVWFJelF6SzhjckV4R25kOA&q=https%3A%2F%2Froblxgets.com%2Fwave

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133797361741541577" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 944 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 944 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbGZhNjNLUlRLVUFURF8zWldNV1I2cndIMFphUXxBQ3Jtc0trSkRTa0hoMFpZT3JDZWYxOUtvYmZCZG5iOFpQUGNiSU04REtQNF9DVDFuN2ppWEc5M2ZoYXB0MkJXcW1hWHcwbmxyX2k0SWw2RUtVMVV1akd5LWxUZzJRUzM0Mk5OTnFpVWFJelF6SzhjckV4R25kOA&q=https%3A%2F%2Froblxgets.com%2Fwave

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0537cc40,0x7ffe0537cc4c,0x7ffe0537cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,3254687325651823716,3468481453117768947,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,3254687325651823716,3468481453117768947,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,3254687325651823716,3468481453117768947,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,3254687325651823716,3468481453117768947,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,3254687325651823716,3468481453117768947,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4344,i,3254687325651823716,3468481453117768947,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4804,i,3254687325651823716,3468481453117768947,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
FR 216.58.215.46:443 www.youtube.com tcp
FR 142.250.178.138:443 content-autofill.googleapis.com tcp
FR 216.58.215.46:443 www.youtube.com udp
US 8.8.8.8:53 46.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com tcp
DE 172.217.16.195:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_944_HDVAWXPXTKERHRKD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 61d8e3c9dbf3c6038860eb65b66f463c
SHA1 113e73a09efa5c7d057eee9c965b3d227aa454b4
SHA256 f433b34be1a39256a658d4fbed240677d36e60ba4581ea1d15d469b58cfabc28
SHA512 3c40734a9f79c2f11436e383a5ed3a1dae0856eac48435de9af2903fde20b3d9414e48f4683b9c391baa3723728f93a286b25b90e29fea0ccee32a968dbc791c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f9bb17a6f1bbceb513e9873c069b7c09
SHA1 4a6c6d8357aa027a5fac3fb20071df0c63574181
SHA256 2faac330530c3883a307ec933b36d783401209e58085faecc2973930759fdb35
SHA512 b492c191a75ef1ad2751bdae3ebc21a421997ac4e29ceda527852da1db87ec851c789060c036525ec0f8616623d975bff023b42caf9b9d327c6ca063a8da687f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c3117681630c77a98f2f30d43086499b
SHA1 726fb3499c784707fb2ae1b7322c3cc6a2128197
SHA256 e07d05c826faf3931acd0949d65863e6c153b6a51773e3b25c43368373b340de
SHA512 6845937cb3deeb272676c9ffcd77c3560853c99fc82e8079e3d2b3bf5c7425f90baa61c3223e23a8a4b3276a538524a59961ba0516e5c3c4fbc3bba1d695ce4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0cdea1109a978194d3b0d5b949aae906
SHA1 1e9f31117791bca5d320d030e738378ea391ef83
SHA256 69546987191d11b44e6d58dd2329025ee94cd09df7d00bb0f536b3aa4a21512e
SHA512 129864c0a6d1f8336bfcff470e14a9275cc4e63d3e5ae1a3c0a35c478ea21da45168923a9d93b2a93739733288ec123df5c96f937681f108cb1096aae9bb3b61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40a8441bf126527615caf7edd2ba8362
SHA1 39bc84be27e3cbbc9047de81c4c07c270ebf50fc
SHA256 17d7b2cf0e22173764bde2c7b93b8baa55fd467705715bce087d738c271d1a6c
SHA512 ac38c5f6c6e25be45772df57450ee7aa023620f4afef9530857956bc291ceb2544db40438e94296b499659aab613cb5158865459517c22065e15c1335250572e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2ad1f8f7c218a92cd7c88cd77e8c1274
SHA1 f3fd1b1a41a845e0fd1fbc2693fa9efbe497ee95
SHA256 af5f5d762379484d7c698c089c0e7f7ff0b9871f32856665a759f686e9b8b98b
SHA512 ea0734970b9becf62dda608ade395940b5d612c5ec1bab970e71b6c51041fcb53579c6ed46a31e81a98667a4c3a34d8d773b1db4cb3885bc9236a17d15ecd7e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d5dfe7cd0c2da2813a76260e45ba5b90
SHA1 6f6db7a0fb98da1d3ec6875a195a7f68e246fca3
SHA256 8bfbf08706d60334fdb34a3fdcb5e241ddc7a8263600088cd3ed64b7ed2f8896
SHA512 802fd128765a2d2188047a6545da161c164b946cddde75135b48cef90fbb2f3588bbaaf90a8c22a42fa01866d30710d617f9b42778b79e5a1ac861f6c22d217f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 af590e87a9d63f0148c008c95735e98e
SHA1 1690b3720a392389c9f90c9ea89eb98825d1b32d
SHA256 f10986561790ccf055515b4487ca83fdec082f85122db556f8888963f49b2518
SHA512 9666aa83b171b69c713f1b08f81a2b3168215863d5e78abe3c0bba320a6447f42e6413ef70f68eab82996f10460a082fdde917b2ef365e84e07d9bc662e00247

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5f6c754642cced3e3768e2e9f29a243
SHA1 1f9960dd3d863d7c59e296a3519cb6150c8963d6
SHA256 8586e29882f334ea4993cf581422ff77882d4614e3205901aa808749c51976ab
SHA512 1b33c9500d62c190a6347af75574a3a34fa9b6023f8f08ca4d1b913ab8bcf1791f975ace64342ab8c5458fec2e191374b7389bdd4627ae4b2f795532c307d3cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9e1b3bf631bf24af99b4770056c6f4e0
SHA1 d0572e64a9b4304aed092d0fe7aa928a6f71369e
SHA256 34f2c28b256d63ee0b0d21897dd66bfb4cecd0536a6d8c7a51784ebd8b0040f8
SHA512 f5f1d64874a419fa533540a9293b335f6616873c222ad5b17fbe756932d6868d36b890d93577c75ed1b75bcafae6b8c99cf1d671598fc79358a82440d18f3106

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dcd82ee1fe1b4153fb5c925ff9bfe03d
SHA1 6d2917cdaf18d0a1a9d191364490c1281c34714b
SHA256 c301de1c923754ffed5a83bca4a35e06821ac8227ccdb38944ddff7a67b1495e
SHA512 d236442e761ce65bd6ccc0ebeaca35ffe33be90c0f01edb74d2086cf256b348d46153bcccd3e08538c6ef6caf7a65a6ac999e264bbbd75b00e29596cf552e903

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2b996f4a5557e0dbc9fd4bc3dd09436
SHA1 2bc2fb2ce4b54f3be6acd9eea40efe217006807d
SHA256 477fd474cceec5a307f6029d4c576510a64a61c162bda5e74c1fc08561477a06
SHA512 67e9ad6bf99be58691f4ac73cdb55a65ae2bccabc526514f5c38c1b844e76dca90ce84182c25ffea7065d9973de26ab60badbae5a1aa9888dd35e5d83b0b2deb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 209fa055e8805cf4c35d1052ee2bc6c3
SHA1 80302c5326f4c7649509b493842153f42245792a
SHA256 548e8630fd4ed43c4764add9dd07f355b89aafef4f83cf3ccaa3b38bc9e14728
SHA512 7f4f3618d8d57dc213e818a0a435fcd665896df42b4abfe913a527fa19e47165c28e71be895a708cb83fbd52c6827ef588a80151a77fa1b45a863fa7ce08cd5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18128ba83ee26da6d1c8807d22dde6f5
SHA1 4678e9dab3e859564d7da6b55244be445f1d3d63
SHA256 48f7c9590c2342e04f9122d87ba5d6b65d3e5372e2d140c2a4b8c1badb9dd724
SHA512 2e1bf1ffdc08151c8264f7c70f17c1a5df34e4ba621b93ef1c76b0c82cfa7e28b0b6a97616d298ba339401ff48c05ba5fc3c1ca1929295beee12785987298086

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 98f46e98dab1817d0f199f02ba51f950
SHA1 6b063dfe95414033904fcfdb701095587f1c0283
SHA256 67a5aea26ff69c0bbdf129aab91ae283377f056d05842f3cf8c293817a688c8f
SHA512 850d04718b7c2af5f7b20563fe8685d551a056d3d89eb797d09b4689d5d02d607e81c607e9db2855bc20f2777a1e5d130e4e305e5047bbb978f6dc79cde11234

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbb28c385ba41381696d40239f5ef007
SHA1 c67021ab6a07f3f9c74b1958d89dadf4a9b4f067
SHA256 61ed2dc2e306e5c18a529740fb615caf3dfb7161e9b24bebe9552d20d8181f18
SHA512 f5014307436cd90848743529759ebcf5a63e897988070730e2d226c3fe9af6b00f07805fc77756edaa684f439a2457be3e4d512908291a72cc46a03f2adfc7a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5708324b6699fe9b6226131f30df93ff
SHA1 6a4830b8c0008db2f2bf6fea382f093e9312208a
SHA256 a807981e3c5f9d764b03d5bc3f19e0d4036e7de8e5d034f90f412caca950b045
SHA512 9fc6c15b105dca6f92bd783eca9795faf111e0beaafd47d817bf4d6c381293320421a00d6cd179880c2371bcb68311efddb4fc8ee6a79185a40f3bdc3ac216c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aef819b2d9d6546c4af55a880ac77d59
SHA1 f69f9203214264a147c5413757dd88fec5b4fb9f
SHA256 2a238af688525547bad5f8fa7cf8a9163633468e70517dac1d15e684d86a7028
SHA512 161520c09ad96cbbcac2ea6819b6b49087f669d16fe6c2c456c97753c4fcdf695cc3b80b84705de8287bbd65fa2054155521430a6a521b10239620c70efdb3c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6639a0ae0837a65e23e3ec814fc452c
SHA1 e24e84bf918527a16d776888b8206e4ee8096b87
SHA256 e8e8111ff749aed308385c50e28e1140eb147ee0acf720048c5707ebc2393455
SHA512 baf0abc93f370fa895473f372ad70997ddfe9b22f564e558423532502f1eeb40ba06532a49ea0c6b52c41c81dac1ab40ece3bb2a80fdbb845a685969812fbc0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 033801d6b6ffcef535684c1141f69d97
SHA1 c05235eb988fd6609fe39e476e91003497188b99
SHA256 4b638bb6d96946aa828a5f7e445ecd793edde1cf3ff6550352f5bca55408cb60
SHA512 205988f00dc991f0b847db60914c33367e311a6ed4f94311c035b1524eb8f1165b632c27f42056c9f4e16ff7b87ea91b837dcb3c6a294fe218e58811632b96bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32bafe308b6971ad611f36a045120583
SHA1 d5556137b8bb3857ad2f93122f3666fc2df490bf
SHA256 cdeea2b0974b4b76c40f92026c8616823ea1fe7429121c33d2f27fd3917d8bab
SHA512 ccce09b5eeffb1942d8065bc71b4d958ad2ec1221ed9afbcb90c9c8291bf6115af94b50099ea8a9d90e28686c63945036328f86fa9363857064ebb684f750027

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da3af2a60cad969e4eb04d90870c2ecc
SHA1 7f48180a2b4a6767ab9639485ec246b299d3dbaf
SHA256 f4c856f2a99e04266029619437f4f401b06799e23f5163c88b60393c26614fa7
SHA512 a845bcc1e1cf19df94bfb99342c0e6d42af9fb54fee3abf3bd34199a2bbe573f92a1ced8a2f5022756283fad42641c1e67f1d4a389afb2dedbb21da4b51f2036

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e60d4366d9a271f99ddc9c52354bae44
SHA1 cc1c89a1ded109493130f7896d4f07bbe524eb33
SHA256 3f8a927d57a711f1b6f24804b2c23f051fd35d9d3af023763a2d53981dfeb2bd
SHA512 bad4a6fe3642cf237d63a522bcb81e36b90182edb4f72e3b2d578434319c3742ff876a24e4398760db0cdaa4f47c2d2c5d8fe6918b7cc0c4bae78d17062d1911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3a13e486096b7d122dd3d14f196abfd9
SHA1 353d2686c898f035a9df79eb84cfbe9c6a1e06b5
SHA256 7125771ac02a2acd3738e917d2f453660a3c897ac483ea3505f3593077b03318
SHA512 4b59f50486df15c5346de0dcf9d4c6b0d94ae1e45646477709b9b7cc5464ed7c320e286a0ef583e159163c2a447b6b7ee61af5c2e6075377d1e688171df84790

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68c86ec3c8f72ba206c54125eaef365e
SHA1 6df1fb8ac5612941be3dd88e6c000ae0b7afe2ef
SHA256 e2ff57966d2c877c5ff95e12ea6dfe9a28af970df7be90e57e18e44643bc7a0a
SHA512 61e63c72acbd57201c57aeac30ea68fef7cf399862cf4d33d0832275ee5426f3a8171d886725ef7537c64a8d4f361a8943c90da6ed326180bb30493dc6305ba9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 94a8fca240835c6f77864c57b76415f2
SHA1 c3377e04388e5e9837a6c91617719e159eacd03d
SHA256 04b56d8cca50dff26714c3dbca9e07b2b5f6ea6ec38b44ae9fcaa7985310b761
SHA512 f62790e8b8f5f28bcae7ed692581fdf1a4111e35311d6fb47a2904334ec08e3d54461e7e00ad497052af01534d6f453c1bfea1563c5dfc400d584d368fb89c0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 671e2b62f8eedab9ee20bffac22d58ee
SHA1 07fe9f17e191751abe40083dae3cc65d672bea76
SHA256 66565c5f45e9e3b5893dd570d2e2a236f08a53942910c390634a2b4d98032d9b
SHA512 162045b7a00ac00db69d5ad0987db5f8e798ad2ced2fc0ee0832e55c212fe9e1f3c469e5b7ad8da6187cd49102534e87f28650fddfaa4f80f5527e4baf6d05be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4741f191b45fe02a64da871f9718795d
SHA1 1d155eb38bbaef440920a43d752bf49203ee4262
SHA256 a0a49e99df947e9a27af4369c5af7bc2168e6bef348ca0265ac2a8d3287304a9
SHA512 ce904de2abd787804ce828dadf613d0045369357c892e4d9cb0c3aa45f7acce4831509a288a59252360e1380ff21684f2e1e21cbb0f054a5cae7f67aa3c9c89a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc86436622e573ab3c8531b55314db9d
SHA1 e59879f817123d4c491ab2fffc415eb9275ac045
SHA256 f0cdf39b6ad748f10b181b1a7711a0c119eb7b12339d854a7f3a18627dd35a02
SHA512 36092f93f13ea80dfc1345d60a8f32f413aa59230a06ffd64a6d5de2e10365724c55a083c26bce3c06beeec45055f3c6deddd13870904c46d7a7e2661df53ba2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aafe484e10040b68f150162e0abb6273
SHA1 ec7a2b7f6291e4a4622b7e3e3131c9d665969338
SHA256 ba2f260cd184c7722346cbaad9eae55f841c7009b084ff356598fc94aae77969
SHA512 7bf87736d54b2b2ab78a1e2086a645f80bfaccffcebfa819f493228577160ebf5f381dff33a778f212bf9579fd07806204ea7deb8c25871c0996cb478c123ca0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee35c61069b7143c3270365e7550518a
SHA1 ea24457b17ab206d2e76af47751f52d3b0fe29cb
SHA256 e20bec586def7b9f468f7e567c62127889c5fcd869f46ac90825308eb148f502
SHA512 01b3f6307e98492f1cabb19ab7b4db82bb2903b0f3ebd6d55d8df1283d663116327faefc02e571ea2064a24d4eada25ba1fe48b57ad54f14c2bd6a29d573cfc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b317066b5a44c1e241b2e9153d4e51d9
SHA1 a5272b9b0fb9f5421b313343c0716dc603733349
SHA256 633f454a3336ea51e2bdf25fde7eac35d318890afb7238d352e9d806b6dc2306
SHA512 c2a08caa4529057d8523e380d308ccae501b4dd4da4cb6a6bb3d292ca41c52be0b627343608f08270f5511d88b8b33f8bb730014ab82bc4b243269db46cbebd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8881b2cc2e2f7b63146456006279e2a6
SHA1 23663610555fc3133c5090fed74a6c4ef35dcfa9
SHA256 ceb4629359984eba44e855f3b904a111eb3bd8c3b811a865bce04af523c0dc7e
SHA512 c93b7479b5c7f76430049a1019c2271bd0c26111bd1c592c029a6c12ab3465d157347f80480e0fbdb18544b5625527b4f38e0b240753482e097d446d9f7b8b37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 03dbfc1e866e637146f7e90b4488222e
SHA1 5b4214958d261423b9c4a8aaffef0630b95f33a8
SHA256 9fb3e332f3d29745f10398394d16b1ec2a203141b3fe190614464e3243595533
SHA512 02251a5bc93d8ca171b94b71e74b09853310d398174f984a67e9556e9cd9705fd6a2b1818df654310ea24c54c8389b9d5c5462e92251e9093fe082fb145441bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34f862f25a3505a0b23eb116095468fd
SHA1 c801a6f174873e99bd458f107d3e319fce0476b1
SHA256 5ce77a2a01941fffb992b81b27ca8c8f048c8fe14d5a78536516650f02b13212
SHA512 72bd95cea931cae7b916407fffe162dbf939bf204b8b6af2dea2325c39b16be374b335c62e4fd0bee936c6c27158e743a64f01e532310bfdae2a383f17857f4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd18145268d4cada6bffaf8dbcb4d81d
SHA1 a114362f3335ecae127daa8970cd9d72182754c3
SHA256 ff11c5842d4b57948834e94e911a292896fdcac8765da97a505fb9374252e199
SHA512 7640c21f173bce95ae7a1169c925f6748812c52713c3c13c0092a7375b3baf19a97b0bf6571c4a53014064669a0748c74ff430a0b5961eb57a7f8ceca98b89cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f3c1e0202c7c57687061561bdb67ddaf
SHA1 69c81cb32ec14e364aabb8b4ce238b48810c9060
SHA256 1cbfa8f68f5b444d8c0c19342bd2be0886478f388811a2c1b82009407f9ae26e
SHA512 ab28063c4b0fbd156600606a6561cd2ac34e5d06cb93b2654ac0ede46c63d863a0ed8ed2a343ef6b2bc8fe6cb34fab7bd3ff293f85b49dbb5adac4a6d65b8937

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6013383d5809320303e0c1e13ca1258e
SHA1 60708629a9672805182d6fac5724511085c8e239
SHA256 b1352c1a91db763aa1bfd50c177dad011c2ca10a2f55bdeec22fd888df913424
SHA512 83b04f6a6eff22117aaa3db763b8df287e74a62b42a9549356084baeb0744313a9d1d7f01da1c90188244efbce94abdd5aaf1661a0f515b7b98a1cf9569c8d53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d2654a63ae5ec416bd80508d8648a7c
SHA1 7de9186ee33c53e4fbad165a43dfa389f2f6747b
SHA256 b22cf1222409563e2e0c94d00c9eae663376ee130f0a731d34c8adeecffd4670
SHA512 58f5d2eca09519a598ed74abb341a92a5f778f59efd96ee26df50b28caa46399482daaa971048c192f672bb260af8cc67a3944095edda7a8b6f18f92c46c6299

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f44f974960c9672159953dfe7c216222
SHA1 a6ba4a79c0e954d662a321c3e65bb8ee614c0cb6
SHA256 edb3bd1cc36f33bd2b3f7c838408bb764bdf950b0240e7b42623919854aac0f5
SHA512 48bdbcb820d20ffb9c59d668305ce9bd4eb94329c06752ee3f95d20db45b642bd0e1e76c2ceb16326e990fe652ccf800a1eee33eb0b40dea9585639e0a12a4e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 edeeb8702ecae7f3ba27f2c8b9990a01
SHA1 51763b87bc88bb6e2ce99264c474dcd04039955f
SHA256 88d3dd6dca4847d7a18c249d3f40e4a29f6b8b0debbaf39a004227642ff32d14
SHA512 a8575cd134f6e11a27c9bd051e10afc09663b38a706d5298851b2f9c1227dd39aa03043eb622668985811d84297a9e2fba64e2d9765122e456bdcf7dcfb90285

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1516e89075583e379a5638d96e61c49a
SHA1 5e10272cd361d057155a1d42bed205e62303c448
SHA256 ac369690b6d8974510a3bdd0617c8c3ba1af03d6044c0aa183b95d1fbe12b4a3
SHA512 745e268e57f64696af535997aec8d611f0bc1677d57e73055d8906f81b51a9971c218873c6786d3bab049b57986ad8aad837d9c4a2a3358ac933e630324e3906

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7586e5916d2c48349a1bb58def23a754
SHA1 0966bb6bd74c7bfb3bc37a64e673897b5c4d6493
SHA256 320971aac6e4e3d1120117e656ad2d4e89510d1bc2d9cf96332f0fb1a89c9bff
SHA512 93b76ea29ac9a4473c6586c50c31d13d9e0faa903574a2f80d63d3972366ca3ea63c51ac55eb68ac53862bf8c84d16afcf2db3980618b8b2c67aea246c576ae6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 865054b12bbe7452e3898975b168efca
SHA1 b7260ae5a281f0b8ff41fd4f779128c6ab38a703
SHA256 4216d9972afdaccdde4998a88de8b756d173701494804a17944e9f838aa5c5ed
SHA512 59621ce30b115be058f2119eebe76e9c71bdbf9fd79c25e3c18367d12c03924d7f7b9fc5dd2b3f5ed70ca255aa3a1e5cae658a454d6e03a3ba2d8b278b752da6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2448254c913236e7f002373f4409d1f
SHA1 9ab268b8233d23b5d42f3b67a0bdbc539a784fbe
SHA256 4c14af392ccbb9359a44656997cb2a7c1bdb39f87e97b832b56e6508b4051df2
SHA512 cf7b64af9ffdddad1165e0cfb35ecbd4057717e51f15a80e81c73d783729c1e49767e16f7d900fd4792e071073b3ad6d784678eac3f4f2b9a236feda181ea503