hxxp://roblox[.]com

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
01-02-2024 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512818039355242"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe
4248	chrome.exe
4248	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe
Token: SeShutdownPrivilege	3844	chrome.exe
Token: SeCreatePagefilePrivilege	3844	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe
3844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 3768	3844	chrome.exe	76
PID 3844 wrote to memory of 3768	3844	chrome.exe	76
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 5048	3844	chrome.exe	78
PID 3844 wrote to memory of 4696	3844	chrome.exe	82
PID 3844 wrote to memory of 4696	3844	chrome.exe	82
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79
PID 3844 wrote to memory of 4076	3844	chrome.exe	79

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9ae799758,0x7ff9ae799768,0x7ff9ae799778
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:2
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5172 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 --field-trial-handle=1836,i,15135174894396601071,8926877238229635132,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
85bac4ab233b195efd20ec872ffc087c

SHA1
120cb6dc5e046e0564cd4e4a28ea233c293ff80d

SHA256
371f390fbd8bd91882a3818150da23faa2c80376b105b0d8f3c92596ed36af9b

SHA512
539ce43409b551b49f1eb3a2ab26514ae8e534f8005977974e6c7da707d7f1d557fa5502c747a6bb79f8acea92448239ca982e81603d83799fed3368471c4fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
06c007dea0bd30dd2b2ab90ffb26e851

SHA1
ffc4893256f22a5433136e0e5077dfb13bb9d070

SHA256
1e56a8b67b631d1d812fd8e5877cbdf8a6988b66d1e44670b2c702725e34ed7a

SHA512
12dc768cb8c587b91e3d2eb9ade2ef0d9d24183fa296ffe52d1b655e1c2a3c5f36560b57e325ef810d94c1787812fa14a35b6ec93edfe78950eb35d5ab0b1834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2fb56f3ddbd7ff4eb4e07caab225e10f

SHA1
35c6c2d14ccb84837af10f126e58ab5ce3de7098

SHA256
0ca11d62d4d504addb3117168ba543a87f9d639e73c3c9454460bec5c25fbefb

SHA512
3cd3af3a10066bb50d6d8062161cfb0e12ae088ad3efe63ec46ff629ca8a47083fe4403e9f0ce8b9db1fe21fe05bdd689c9e5abd9d88d19686af89921f99880b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b08a940eaccf057c5e8b3a65cd909e65

SHA1
b418ce147522b9902cee7da6c1899ce27beb4578

SHA256
99cb712523c29b1fbda64f7d29c0f11fa15cf6683a11882e3cb380a1ef277704

SHA512
6455b1f0fa579864b81acfb08027d3f780bc10b1dda116b37622f5e6c953f79fac639f45452323e86fa8ad1c32353687f3b036b175c8130849c2225c10e26045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4db04105a3e371e13143fce7fa94cb06

SHA1
f4c1349aaa822a6644e8f7a2b4b9cbb474510911

SHA256
38e85153400e8f676464649d1cb4ec6e64d206d28d3227d31ba23c18e5bc8b5a

SHA512
2929a5ce2fd71917465f88909c2c1f16175c55a8ba5bce68a3986bd343e19a6be874fb138d57368a8809357932b854580f53611bb1a2bd39d9ba15a141671799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
55603d7cf5f97b004a678472dbb52aae

SHA1
f2a8542fd6433afcbedf3901be08eb4ed4adb87f

SHA256
fe1d0464cb47cd756ee603a230425b7a6f402cb89c2ef244aa50a3cb6529a90b

SHA512
1e2cecc604e132bae2282e5a90e0e93c678db456f2b2bebcbb3f3b7e14b6b5a38ab55bbfc45839f960a94e4ff820b241c5774b7b8b36b18f41efe86832f591cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fb2f4a89502451ed2cba181a163f0bb1

SHA1
a18fd0a3ce59799b8a28625d076787d5145f8518

SHA256
d5f2b9bee153b895a3232c9b64f78f8abb1ec27952b65755c3d05322ccfce551

SHA512
59a0355260d927dc3f2e927b1b819baa3361ccf21818b6bb224ec15f11d0cf5ad76b49587db1bc5fa83de6999f0a5654338eb6fee4ded1cc051c7cc6fd09746e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fb921f8e5d3fac30cce5b450c96bc05f

SHA1
409be8953e0a10e19a14db8c272215ba8b13f1e7

SHA256
f1268370023f9ba9df41c90347e941759369c304863faef5a4de964702a03736

SHA512
4632229db7fb04241a4a6d1a46541095687db4609d69a912c231b018142cfcc8a7328e49d00be8bc0fbb8537f05b9719d3d7c071803b07914fc15eec928378db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8f29ebeefb6dde6c73cf51b34ecab4d3

SHA1
472110733a037633f8b263095c6ec79de8788225

SHA256
9f893f29bf2998734bffa0d909da907bf2a70ad13b9ee7cd8c30267736d31abb

SHA512
4e15aa3c8f82eeb03f72b03f8cc26ddcc0302d61d0205b8b6ed3088fe11144c3eaa8e07c4b3d9382487ff63a18048d9cee35ee01e8b563a2aeeb9ba66945e599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b61543cdcec9bdca7701c04fbc92c1e7

SHA1
c8aa2c0158debc495c72ecb469690d461f01f641

SHA256
4854d5f43dfd6151ae49d051cee790207088388ee5814a6bf401cbf40f41ed13

SHA512
eb6a4052eb345904d7dfdffb915cf430ddbd86068ce8c68846777d93eedbca1de6a1e1f08d475da8fd99b1b5404305d428abdca44128afdf1090ff9e8b162c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c4c8a15ca91e84a6a19742233cc66978

SHA1
30dcf7002d28a1bc3dbd9e5702217620f5416d14

SHA256
80cc4be56c6b0b1e7c3ad8983de799ebe73b439327dc4f0bb3a7d3ff26b60cd0

SHA512
14eda70c38ccb5108a1bee7d2da9179dd76f769ef72a8d6fc97e75eeab31571bad62c20a9b04f155c8c27114ace33d2731b7db9656a4b0d0abc4f46e195783d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9a4b9a99f9758f489ea8f4d4c4db42d5

SHA1
6bf8674b9bac12cf99cee1be836e90f4b8631290

SHA256
cb5ba18266a898a78d748988c11ddd2295e1de8e005a773bdc3b42a80f52ebca

SHA512
01e4e936622c75185f8f79c57a463e33dc99d082d799da4703450a86da0a0f5173a4294bd4bda7b5fb7d1c4744a84443aa58892970fab373b7d2dcd02103fb8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ddc61746cbaffa184e6c72e7eb9d919a

SHA1
a2d567fc5943da2b11f10d29d4f3f93f6736ea50

SHA256
9bf4163825e4ed7325299ed57d311c3168d852680566a4a2b74d7772e731d2dd

SHA512
9e73c0805bd5859f1312856051afdf587665bb6d2e33df44007a153ba7011b81e858b44d5a453187f8f01b2c824689648a836ac299a5593d75410c373b5362c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
234b7b7091e7c1b1bb02b440fa60b954

SHA1
81837f5526226298c71c2e1e2003c99d934368c4

SHA256
ae280c74a8b0aeb0d49cee79ae46bdf39d5983b701146bb3dc903f3e2590d5d0

SHA512
118cc32183e6463cbecc22c008e8fdbe92770e8a25509607bac05a088300b1f175a908cfdde01e7231738fe942e6657eeb322a009a7b31492b662d87962c05f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
caa0161fd1afcca83b1a1254c0562e5c

SHA1
1a3272d14367893a1907c6065653afae41fa6af7

SHA256
6a4be61ee4cf4102b3f758de25526376edd64f4f680eba4dbcd337ca97c7585a

SHA512
21ecaa87fa2dc0c4f7d66da27a19aee8dc1ff011e8801ed3748bff6615e4a814420ec9a2dfef6da5d1bab5ff0e7156926592cfd868c01117911b6705b8314742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1ef778165f564c13d92f9fd0908405bf

SHA1
032541f98d42f87dc34ce2f13f2fbb66defbe6ae

SHA256
b839a1291dd8222c3eb0f78003eb67c3e5756eb4552117c445c782eae84b73a3

SHA512
fc6cd52f603d8547ec39195e0521d4d2739166f55909adb89abd15fbf2e6fb674e2e6fe870d830442d7af0c67e0488b6869e6267ca27cfa0b6de1556ba12b476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
5725ca8d449097140c1f19c749d4525e

SHA1
600209ab4ffeb774281661f73939b78e0bf5bae1

SHA256
a0778a84c9103410c7e094d0b2daec20cae4ac18241b730161076c20d3747775

SHA512
1c3ce09c94d9d60654beb9dd61c2ef0445794e5a266f78383d682ca5660071c4efe510aa1ff0e8da1035d3967be31b1ea600a920f1ce500d569aaeb0801f9667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
4f969fc0abd8d8880a21d60862711dd5

SHA1
da0fffa48fe205c577168c75a8fd1c59e3a7c09b

SHA256
44a206321e8aad5ffdffed6c88dc28c9c3d4cbbd7ff040b14285b85a0505bc0c

SHA512
4ac40e6c946e1ba46e854544a26f17d8422cf2c0f7f06dbe0367907b38bcc33c1bdbd447daaa29fc53a17af489f463ce8dcea500154ac1c14581d9e18f3a577b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58214e.TMP

Filesize
92KB

MD5
4839ff645af29a5e75e6f9b054463ed0

SHA1
3de9040fb1c63300fa996b88c21a308fcaefcc8c

SHA256
8788100de99810e8c3f7a5cc9de132031807d5c0b4f25b92f955956d5cf39243

SHA512
407f513e0ec8a4388e73a017e647f8ffc5af4e8d241dbfc3026fbace0283e5c46d68182056cf0f435e9669d40c6bf64b93c921b4c6483e27ec3020091ee3d92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit