hxxp://roblox[.]com

Analysis

max time kernel
1799s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2023, 20:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133398020552806359"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3760	chrome.exe
3760	chrome.exe
4364	chrome.exe
4364	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3760 wrote to memory of 1960	3760	chrome.exe	36
PID 3760 wrote to memory of 1960	3760	chrome.exe	36
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 5076	3760	chrome.exe	87
PID 3760 wrote to memory of 1800	3760	chrome.exe	88
PID 3760 wrote to memory of 1800	3760	chrome.exe	88
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89
PID 3760 wrote to memory of 2716	3760	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd19099758,0x7ffd19099768,0x7ffd19099778
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2732 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2724 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3884 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3156 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4932 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5208 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3016 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2840 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5192 --field-trial-handle=1848,i,2830741698202848791,7999714605024714996,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
72KB

MD5
aabe4cbbff35f2c2d5aceffce0f181a8

SHA1
d7712727ba3aeac0a659df0b3b788edb8eb44597

SHA256
625741af909987181e10cb499d19db246626b10a45f10d705f1bad48a1504492

SHA512
dcdc988cc99532bd57ee2e6ffd913c75a00499c83b9570f2b5ff005bd2c5c7029ce5943b985bf8ef2635cde426fe280044f1d0cc2572279264b0851a186dc78f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
40KB

MD5
7af63db34db605d8dd2c1c9a01b1e053

SHA1
0a78f5165c37eb51371afe2e9dde9ea1f70b8912

SHA256
b4f04e6c5f7e27398f72dceeb47a4711f6b4d475c4a2c8c23e8930d6718ce938

SHA512
78387a5038d814c1ac71a35bb44e0e1e9a49456e4b0da8e38766f3ca3f4ce9f973926697701bb1cfc47552dc11ccbb1326488e0a28f1b1f0cd96e60ace05a8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a1301ae7f3abc2a9ebfc3e88c14d71a3

SHA1
ff440df80cebbcd8b99d5a0a78062354555094a1

SHA256
72f3268d2add729326d264e63a5609812ac5f2c9edc8d08d74095990d838d377

SHA512
f7748c3f0465002b66cd9eb07d819b43f3df3322be7685f8e65f1afee26262b9420e2b3094c7ba8ef2e3a2f1997dec03ac3738501a60427e30cf5ccfc9862bb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
29a7b148b78fece86918f6fa7336a03b

SHA1
cb213d827d333c4f8bfc2e7ef12165014cc4c40d

SHA256
7f47cfb98ed1fec08b516fee73f09072c2914cc57c3cadb66e35460dcf5bc2fa

SHA512
7fc0c0857cb2f2ff6b1582499f069fe5165cbcbf3b44ea062842a6a9b0093d787f34cbdfc499cded57e036e52ea209420e67427c4effda12a471c7deff4ebd68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7570ce61afd2e0f30ecdfb07ed0c704e

SHA1
a4d101280a3b4a13a808234a116bb0ecfedc32fe

SHA256
8686c37169e3681ce1464f416275276889e7f2a48ec2436d1140ce1309c19287

SHA512
3cf9e560d4d1e064b430a1cd9b8f094b5ee756a27639a3fd3dd40fb4142970ba98ea68eb910522fcd50119e599ce182871b3a0da4083326e3a3198c0768c1813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1c3f7c017ca1b5fb984914a4033fb968

SHA1
33ca32f4f3c598556c289146d0326be2471d6f9d

SHA256
7281ccddf68934f86753b264c938c2a2f0a85e6e5767525ae89430e2435344e2

SHA512
c592b7f5ec15f551f24927af324ee596149aad2e48efa25d78611de79f9871dd19dd4023b0a727bbe33ef633e41768d08f7569a49b8107986dfa79f595b150c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d9a70fbd4b63f3d30ea96398e2e875a1

SHA1
1a6e94410debf9cc55f3d92ef3ec7986c0a1e8cd

SHA256
9809e1d488593dde369eeae541e66e4ac98ed231eda4e2b9b887ac0f383d30e2

SHA512
49275ed846c4dc714de2546a040c1bc3658c23baa6ae425dc106dada64ecfd953dbf89610b3a85e6821f88a5b8288fb1e40279df4f3a2810b05de045badf0ace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
56f6137cd5854106199f2425e434734b

SHA1
fba1493a57ca9dec17ce7f8366f10addd5492089

SHA256
bdd36cdb60145fff73e51f85b31d44f39348faf6936429aae3a165194e107dd6

SHA512
56247e8b191b489a253ae6629255a0070593e6fd8db2ab1287fbffed5d8d9a185bdfd10f310f8ee05f5cd11c4636e0c193e3e612b680d03fe1c0086bc7fe473d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c089ede35cf6c7b564117a5f7e9d3310

SHA1
d0d90cbf58dde1eab560d8699b2caf49f546bee2

SHA256
700e14c4eb6c79dc531c96a46210a9ad4562dc4327b03cb5e1cb112c086ac8c5

SHA512
e086642fd31286a0c8ea463edef037ba401c3f5b2242a12a69c429bfa2111b6e59561ab0821d0b975050b92531fff1fc1fc3f053bbd34b88563212af9147d871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
56f59db00c6caacf257cdf0b4b16e073

SHA1
ac3fbc81489125312fc5dcc1d5b4384926fbb84a

SHA256
60176c99f4b6c446ece39b10910d79fe22f6cc611188ac741754f5f36ad0a20f

SHA512
29a633aacc26890b87c81b7035ff06f6a63ad71e647a3910c1a62f93f15eb8d63a35ed40e38c18fd24564aa5f3684bf1aef68661a1e4040f2dfbafdba137ce66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
097c66c522803657b480bb1fbd4a5d73

SHA1
f874ae4d8ef1e16d0974b7a21b377fa7f7ad1628

SHA256
0cae3d18b863fbcd78a51badf2029d9493c0eb59d555daca9de28c5b0f69970e

SHA512
2916533760c2b04f1a71a3ca0e24bc82fb97fd22540d8d26dca36ac907ae14132893ebd7b8c77546b9cbed7e3e081b36898c4f9486c43bd69b9c1e3234de0b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc8e6cc8f17d139441b007c5cfa8b353

SHA1
b922f12167bd9136b0f2b30df29ff81db30ceba1

SHA256
f313d03f19b799b09d026f106f2e102f33c3c0cbf357eaacfcc7be6a8900d081

SHA512
7bec23a99b191975987c538678284ea34cc2db870b337fac5a8606394d658976a57285479995d9b6a3ce8364bbf7caf3086b0950ab9bb88a0f8460ca92cf2bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
090ed49afaf760b82f62437444d84040

SHA1
a87d84f3ebf6e34128403a5f7942f3845a3e0d46

SHA256
b3baf9efa4dd4f9e8a16318dfb274a5030da9cc87035915c2dd71213be0ce3b6

SHA512
0a224add0b1c278b008f20d429f166fe3164bc5279d576b708b73f1073331dbf6f0533a61f55346ce92f7764596483f0d236e2586a9cf63999b5fbae19a6d289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
072a600437ce924cee02110b98df6e3e

SHA1
52890f59e3f421c3c5de760178d75c2d69a627dc

SHA256
4193efa0c853f901ea5b81ad328fdfc4f1b16e7e272c8f2940814207215091c7

SHA512
264309e4a1cd612e30c0182712d01bc168230e27a49df8f267c94f2d244bebd986465c7cc3d905747cf299eaa16651f63672ff6b63d5bfc94f7f147c46a5b389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
29e3e3674a2a5625c27af0574f3a1d98

SHA1
576da8bf971c4acd6615cf8c301425daab3236d9

SHA256
390cffb8f0cf4a737dddd3a0ffde19c6cdd4a08d87bc5577cd11b5905f87f087

SHA512
e0d8b4b558166856132f7fbdd098a35471b760865258cbb0749f4d19e2431aceff28e380c43cf62007e1387b719da2671acb283841222b4a34c130c9ac89766f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9d47553b0719c83b357a16d5e6670073

SHA1
daa9989ac29823b189d3f5ea3e2b97d29eb4a857

SHA256
8afe9204b0058b82f29ba0417afdd8bfd7f70e30764b915fd7d478ddfa54d2b7

SHA512
549705f8fa30fd7e046e50a57fdbe68b3a8d5b6bfd896e7f4835c9a31b480fd9d6db085f5bf5950ba510bfd2728b30f2cbec3dfd207d51985149b8f3d86aa2a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
520b3804867dfec3c4cfcbb8335cbb7b

SHA1
938aad0051358931cd0181fe01aac677e8a3dee7

SHA256
fdddb2cf6edfc36540b154df1edf0ec628ed50bfc1816e015a8b51653a90338b

SHA512
03269351d9f068c37fbe4a8f919db34a9076578b81f7172d2f44e183bc319e8096cbdc5c1823010113e81e32c0bf7f89700621df7b21ff566e3fe139c35dc435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
82b9f91c2e81ea95cb76126519e47725

SHA1
f54c14adcf3a6920a80273bb0a0f6b7630c4867e

SHA256
cd283de2ffa719b7ef4be2f2429f521f96895dda1a703f7990c983a61819ca4a

SHA512
c0d8d56ea2a034cc86460320e967a4e8ecf528932e2807c5dd6c42c4ff81de92e602157224c92959267763ba0d0fbf340a9ff0ebdc54a6bafdc9919d4f67d103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit