hxxp://roblox[.]com

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2024 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133517167711692466"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2560 chrome.exe
2560 chrome.exe
3548 chrome.exe
3548 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2560 chrome.exe
2560 chrome.exe
2560 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2560 wrote to memory of 3412	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 3412	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2216	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 3160	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 3160	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 1200	2560	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff815b49758,0x7ff815b49768,0x7ff815b49778
2⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1880,i,17563827649947782958,9672212340888244708,131072 /prefetch:2
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1880,i,17563827649947782958,9672212340888244708,131072 /prefetch:8
2⤵
PID:3160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1880,i,17563827649947782958,9672212340888244708,131072 /prefetch:8
2⤵
PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1880,i,17563827649947782958,9672212340888244708,131072 /prefetch:1
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1880,i,17563827649947782958,9672212340888244708,131072 /prefetch:1
2⤵
PID:384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1880,i,17563827649947782958,9672212340888244708,131072 /prefetch:1
2⤵
PID:1752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1880,i,17563827649947782958,9672212340888244708,131072 /prefetch:8
2⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1880,i,17563827649947782958,9672212340888244708,131072 /prefetch:8
2⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1880,i,17563827649947782958,9672212340888244708,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3548

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f7e42ab5a1486614548987f535df1ba3

SHA1
a74938366d3354952e9aa8d0762a013fd172682c

SHA256
5fc16329e1addaa156e883dad3f77196350e5700e75a9864bb7add1150925fc1

SHA512
151717315305a1f123990461dc17fe085fcb0c2814b4868d188b8c41b02cf81f5b118280d1a1298aa4843b0e4fdf249d17cb247be96ea3aafd2490addc310274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
df42d883554a77c1d5f5adbf995d70f8

SHA1
a497587caaf3f409691112f7e1e93ac0f8cb0aea

SHA256
09dc3d367fd455466d517f8ed58481370375cf5f51d52879f88c7544bf6fd21a

SHA512
2ff5191fa209e69aa4ed9495c94b4e7075930ff4febbd8f57400b9a1240fb5ee407d0083e6af8b23be40111ff76c5644bd3f4a732acd5b3de2cb590be2347643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
71775757cb3fc00f223f7eb8e4e650e8

SHA1
fff741905f02fdd5dacb286046717bba8b040bb9

SHA256
eb5fdbff3fcc19931d5a9b702439a46ac7e8483fed1e3113d409b737eca4c6ae

SHA512
38fc67dc415dea5fda335e04951cf2d0dc655d21c7ac701c0ae9eddbad89d4664e78e0e8df2ba07ff29c76f50d8a30fe20beeb819fce0974e14a1efed4ba1621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
156e8675c9325cb4f3d0eb37d265bfa3

SHA1
a49b520fe6fa1102858df3c6419e9b8f2362d0be

SHA256
4f7a6ae8ea8f730766243a5dd8ae159f1d11094b2538a0e75c806a51f6ebf1b9

SHA512
60d7b566dcc110b6904b8660ef96b97c7251efbccd12050f0882af41f119352e85c0e5d25af5c29666d7f116e52e6ef4a56dc24f2d8fb76eefb5adfe23a7aaad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e7e6b42a70e10702cbf667c693028359

SHA1
d7c0ff97d591cda87c0f76f4ca74280cdd82ee4d

SHA256
3a5c0a7f2044ab7abd3bf4a5e0d0da148bc704e53919559b91a38fe1956fccb8

SHA512
6b07dd56c709aa6db71aec444fb9b6fb3103cda53364dbce6a67a39947658f57d7d535339c7ee61bc57ee74d7a51f706c192da1b8a46eada5b9566cb4e72603e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d2f08306945fa2c856bc1ca30db29212

SHA1
0b1a7c72e18845252259045ebd4469002fa26f39

SHA256
aa978f7206c2df279fecf7186956eab90a1fc0f1509a11e5292acdfa25381558

SHA512
d148bcc3075fafc1111a37f9818e6e0f80cb6cc7376fb9303369fe102431d2eb213a0b0684a0853251580392aba1bf14c4d33cef986ea3c35c97e47ae3cd7f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
11b2197b0e76e594962e5f4542e3f9e1

SHA1
eab5527adfabee68c2e55434041022d67c67d7b3

SHA256
87dfcda970274cae2fe368d13113fd729b733378daa60e0f52ca632255dc7c51

SHA512
d3a772ed038632d45187b7acfb880d829269289dd2c30e1e4f2c82b196266c14869a657edf23ac6d38dba12fe071521f6cbd4c99709ab5dc06c779ecb5a3b110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f2ae09e6cd6c138daaf94fedd50a047e

SHA1
8c6c7cdea7a94ff32ea81e27a42a339ce88139c5

SHA256
a4b1eaabc86712de64e84c0abc9178c38a0a64502ce8920b27b905c7954c4b34

SHA512
090460b7fe0d518eaf022b87b0e3656ea71e40ea638ce8b02db19191612c467c7fc7dfc97bb8df9d39e9a958b5d7acdddbe5be4a82cbb7726a84e7d678b4a5b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
39a75ddea0ff24e8b27def0b21d70e3e

SHA1
350f842e3dbfc56d1cf34ad7f839c82909bb135e

SHA256
da592f1c88078b9f1ce1273358fc3d1aa7077985f5877cecc6118a8c2300272c

SHA512
c1173b6480260b00b5c712270ee983c225f6faa0aa8d5b408ef35f8eb061d35f9e302647730018b538b9c331a076e7f1bd7e990c854b21241563b0813cc6906e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2560_ZCABRGTUMECHBDZZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit