hxxp://roblox[.]com

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528755083736401"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
1712	chrome.exe
1712	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe
Token: SeShutdownPrivilege	220	chrome.exe
Token: SeCreatePagefilePrivilege	220	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe
220	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 848	220	chrome.exe	16
PID 220 wrote to memory of 848	220	chrome.exe	16
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 4700	220	chrome.exe	84
PID 220 wrote to memory of 3532	220	chrome.exe	87
PID 220 wrote to memory of 3532	220	chrome.exe	87
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85
PID 220 wrote to memory of 2304	220	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb79cd9758,0x7ffb79cd9768,0x7ffb79cd9778
1⤵
PID:848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1808,i,12231536540863213347,13434746131320865082,131072 /prefetch:2
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1808,i,12231536540863213347,13434746131320865082,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1808,i,12231536540863213347,13434746131320865082,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1808,i,12231536540863213347,13434746131320865082,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1808,i,12231536540863213347,13434746131320865082,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3976 --field-trial-handle=1808,i,12231536540863213347,13434746131320865082,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1808,i,12231536540863213347,13434746131320865082,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1808,i,12231536540863213347,13434746131320865082,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1808,i,12231536540863213347,13434746131320865082,131072 /prefetch:8
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2428 --field-trial-handle=1808,i,12231536540863213347,13434746131320865082,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4de95c79e51073aece8654e61a2b231f

SHA1
eac781f83e4f984e3f4db1c6dc6500d70ed25deb

SHA256
3101666885893ac91dedd5c2fd8591012dc1130e3de2fcf0a012a3339549e238

SHA512
6f8e2198f30a5e8c64970f759fa8e6674127e13b2e421eca7982e9af721d5f4d53cbf63001e53a8188738aa21abbbcf9284e76c2ca54ef032fa38a73c3f3f493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
227e9ce14a2c6f3a304a7d128984e577

SHA1
4ea292a818755de81860cdb9d2e23b1485cb46d8

SHA256
29dd03dff0bd607c72103512e95c130cf579585232e2ca82fdda5c8e49d8a5c5

SHA512
7ba7c13f5ef067e9d7ccee6519253f5dbff09ca367ab99d3ecafa180d0262c3b6f484049b907292aa735846dca8965a16550d52a605c45e080b52e58ded51bb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8d7ff8b94f76256e08cb458840ff5db9

SHA1
33c2dc86232d28d00283923a01d1442fa5c0dfc9

SHA256
72d994f604b8a9e3bd3b0723c3bb71e62c39be86c0f7df76a4410f7cc6017b73

SHA512
d775190cabbaf37e2020d070f34086c7cbe200aa15e52357cc99ae9fca1f59ca0d9fc7958b90fd4a7ebb9cb942fe3171d6ec10bb87dfdd80602166d994f4ead5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
502e17d8d032ef8a498c97fb0abbf331

SHA1
829736dcf82443739bd21f4343dba394acb738b4

SHA256
29687430608fd76354e8c54d9a339b1dcd4efe20c5b3aa9e88a7c4e936340251

SHA512
55e2a38b3f1f09d31cbd7bd356368e7a935b3ea65f27934a076fd3e6f3c86eb8655d642c41dfbd28f3941c4a2d049f52c6705c39a690d307fece2fe96a02072f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7af484f7fad80874e4c7d6193086a58e

SHA1
edbf397db1d92fa708e1e5a43d90de8c2a084612

SHA256
21b56d404a2635afd81caba34f27bb6ee5317303fd99f51d14b18ed1f148a654

SHA512
e280848f617d52d28ce051574dd63ef071a0ba8fe09a8d5a760a0deda439a23177e4f3802bdfe13257d9225c399956d3fb0c7ba77b7dc56994ac0dd7d03a47cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4f61d2eed107511e3ce5919b45dbfccb

SHA1
a3490db7b8c87824108699b157295b072d426349

SHA256
c73a4035fa4bcc9355197b2cbe99a966924b0d54ba4a024297905e7f8f584213

SHA512
0f65225d7255753cc5de8d15b928be434deb8f7d4d1b9a9baa8026f31865e327171765a3e585045d8a404b60b2d21974e7c9b8b166bb9463b396808b31ade266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bbc43a8cbfaec9f29c0dd7d364a7f647

SHA1
12db4fb9d078716c562c2b1d381a424795061867

SHA256
a37fd474415ddf4d3ad53bd0b7b6b6e347a3b4809e87e3f48ad02d252fb331ba

SHA512
de9412fa3a3ae7fa91a63a2ae02bae141c12f6a83d3db3d5f07c1f0c99d3cd100d2baf1438c4b6384e2cd9729d9b1207e0448b56c54a02a2bf016c9a5b6a5288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4960a39e408e620489bfafdc663860f8

SHA1
a37d52a048f194b9c55defaa7cb1e3d7cc0f868c

SHA256
b7747a0c42c204b6b4cea1adaa73360c5159d0ec729d3b979bb6140edf0a772e

SHA512
3a4c1623d4bb473d6de34708421066647889175f46c4fa6bbe94c58a152570199c4ac911ab7e21ca7130de305bbd6653a1eb281afe49ebe0fe798e7a871c2106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
baebdecadbae8fdfc3958aca84c23be7

SHA1
05f5ea0ea69c3145ca27ce314bdac00192b934c1

SHA256
282c5c2f9ad1deece9d1d4e054936b7ea80ada4771734620264bebb0c826c954

SHA512
3336a92abf37505409ff1261b6596c778ed77cc5e502a397547c1ee36a909864337966dc17283b56d1dad8714c40ca733ecba60fba37687ebe5baa218ceace3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\cc4614d8-f07a-4c91-963e-e4f90fbc04b4.tmp

Filesize
1KB

MD5
47bb7152a0a93986cdf7d4f584d928a5

SHA1
2c1260009bbb6a8057bf63435958ef5b881c0148

SHA256
757d8c25fa3090e97cd5fedc178c67774a3fab6a9ac2e10f83c65ee66ac387c3

SHA512
4b7e5fbbada73035a9ed93a0f2760a1cbea66922be91d197914de746dc3e38fcae1db1489a7e671cd593b06e3b95c49212fd9bcd1a70d7d9ad6633f594b2ecd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b960be09a2381108cf5a62b1162fb1e3

SHA1
a1537484d903786c79112999003189e74f85c294

SHA256
5ed1f1fb27eddc826290dc5b7d27b3632b270f164a3d4e42834ccff5a510aac7

SHA512
be93883a4167710cd6c91e4892e3060d1b31832ef52f64e88e5e67cacb3ae3898a6589986279408a96fd46b1fc873c04196c99d792162d9c0649504d77c7a954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
de185bfab3fb84778db628c045b04f1a

SHA1
2ff266be685122b740f6d8bce031090033c58003

SHA256
fe45f29c5195c8b918ad37d20e457cf58b3d84ddee081b5019829db17ddfea1c

SHA512
ec04200f3f0a513209f44ef49ec8ece78e16f3154b1588584e8a1f0384e7ff42b7b0e1a021b21a2267f846948f3007b58b777baba4879eb7c8027c9a71397408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dc1b864b3f9f76162fdca2d0f731552e

SHA1
6e09cd9c1770b69646542384329c8fae2479d482

SHA256
96ec4812aee27049422b2ca51634e903d5e73c5b76c2456d50cbcfc679ce04f5

SHA512
26abfb13e3d2a9bdff61f99cb7af352a0bfa6d70083d60c8b92ca16bfe96141d2126ff67d3530d16494581a8a9cafe6d8d5febf8a87ec0642d40b730887ab0c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
37c5e9f0f8dcaec713227a45990821e5

SHA1
26de6e8706bf7424655c443f70f3f80223c1333c

SHA256
e515f9cb3ce22ed1e927b17133d18dc9325f46cbd927146e6c0fb602ee8283aa

SHA512
b67b36c9e16fbce185b41b3e8b383c9b186d7992aa2cea48dc7758fd8d4651a64e56ae28370cd8dd2eadee8d7545fbd3a7cb8fc5f5436a89cfc30c1cc7c1668c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5ba51f5091e04ee229210f0ce862d8e3

SHA1
269c14ceaad5a86c3f598fc5e7b3f90ced443604

SHA256
b190448c9b2682ae49c8cbd7a152a79dde2a65bc8491086dfbfbcd32e0654ae5

SHA512
e00191c86f88a422d02211c22337a7faddfeb2eb3217ee0c611847f742577ab3ea22eb43dfb5093101cd72ea1098e88c01fe33faad91eb46e8e50af56dc8e864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
1fd2700195d3e6c89df7a97e34c30d89

SHA1
dc6229e4f19d6474bcc69755eab5e9b4422ba29f

SHA256
ad44dfabdf9c08e864443154fb49e397e8dd1b40a37246ab03c6826219906b30

SHA512
8976cd6fd953c7637e00d72b7b57f2b16c210ce5db5b7159961ca12a0fd0ac8e71263cfb3a849d9d0c68e2c3c4df43fe90fb602abf8c9c3f7c03eb58ea476315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
3d4f7743569c296b65bce5d96760a06d

SHA1
9a532df3de9673273fa3de608072f4048fa73f0a

SHA256
532a652856f73650f6a7544d5d45426eb2143a9ee71c614dcff9f0863a1824b7

SHA512
9a39382cd3e852548f8a3c0f895adab74bf9440c8b13a87f4bb8d33c5c746351bba5cbb3a70f06897b76f77aa69f30167a374f10e379e6e9fb1ecb7dc6046f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59df2b.TMP

Filesize
101KB

MD5
e71c048c8c8aba2f7a81f69352700184

SHA1
969ab47b86eac37c2110156b5d5f25a5f76a5617

SHA256
7c9d3c244d2c23ab9c9061636d228d8f75d54ca91858258b130f8418a3389714

SHA512
4f3bcfda793ed71f10f283f0e57d1b827e45865b8b2de5df3c6e23aca632ba4ccf2c9d2bdeec61763f333827e21b46c01fb1d225e6ebb9cd9f26d24aa6105d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit