hxxp://roblox[.]com[.]fj

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 20:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com.fj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536241051507973"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 1724	2140	chrome.exe	97
PID 2140 wrote to memory of 1724	2140	chrome.exe	97
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 4080	2140	chrome.exe	99
PID 2140 wrote to memory of 3696	2140	chrome.exe	100
PID 2140 wrote to memory of 3696	2140	chrome.exe	100
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101
PID 2140 wrote to memory of 1776	2140	chrome.exe	101

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://roblox.com.fj
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ea589758,0x7ff9ea589768,0x7ff9ea589778
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:2
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3900 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2952 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3884 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4604 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3252 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3408 --field-trial-handle=1852,i,17013354037307676591,13991801937513689394,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:5352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
848ab786ddd3250f07b53d115d552641

SHA1
bcf9eead1f099cfbe04fdcb8f681d7f8722d368a

SHA256
c09301b63315bb0103590f91f8196993009df45cae4fd149bd8837d54e0439c0

SHA512
babcc38dc02c6bde42efecd80c0f8269cb828a570d0662a0c5d1be48c63007510da8aef9df7a4f71a2a4ad53e4643a81bd796bd458e52c323beecd893bf91dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c32e6a2ca8c024ee717974c5a69972ff

SHA1
4271f1915d3f54426c803ee3c3415b7e7b04da59

SHA256
573a8e68834ba1cf947c297e39def395c50f3b35ac9eeec60f06551e2bde7088

SHA512
18588bc2f58d172cb25cdaa7c20be5a2c97d59fcf32bd6927f2e07a40fe0d964118808b5192a1b18348d72837d1f48bddad9d7cf9963ec7aa3684891b1e62b90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fb909277a017bbc48d4d1fdc17dd122e

SHA1
94a528533ca005d710791eeba41ff93031bc7870

SHA256
18f5b68d92e89c6387a3c53c592c323ddd622686ceef62920fce59e9269cb716

SHA512
72c79ed8ce6108783a1111edfb63907ecf71e704e455c68d891037949375d7b48e3fbce42e3d14ff1796894ef68ea10b2cce96a60444d92f6596c19ebdff90d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e30a430fd914e499b4cd77eb00edd54a

SHA1
a244bdc8bdc588ddc1f837e13917e2cbfbf186e0

SHA256
c60da172fc07566c34ea526b6583d7ccbfb18f6b23523793692887a64bff12cd

SHA512
f66d2b29233fbfdc1309a7a8dc5d8bf928e920999b151ff88bfc47ce0f948de73d3b7c6ae50a733058dcbb0491979520d86147c37c0902ddb1aafc945f0eb081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dabd0a8138259bd5c74b3963d3cd698a

SHA1
4b5796ba2cdd270e05705b691ac2ec1f57c207f2

SHA256
7b4c043e5a831a48b962f6ad78b4862f2595b49311454edfbb025ff0bbf93bc9

SHA512
be411870159d91ec943cf34991e2ffad48a4d69e1ff3fa3b015fb20605377f0ffa92dd4d0565b81c12655b0c83f6631b6380955a1e2cdf8e77288f9ab11dacd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a2d4ffb07a40ebe5cf139ad4c79dd519

SHA1
7569a698d83b24d31a8e8a020e69499371c0429b

SHA256
e0af3a5f535f5ab67dd27e7e4f6da93157d888ca9142b30256e7ffeed2206d2a

SHA512
4685fa582797eb14a9ada2cd7c8c0ddf9792d22957722a44ecd882ac03a24302351973b1d8ec5e610e846b9cec28e61a95b585606b79fd1ae906bfa67e0b5567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8b77cbcd0d6b4106931de2b70bc4db82

SHA1
2267e206192899e8b9aa267800c29f9d28d8db9d

SHA256
1ae3a2715594ab98bf75766d58d5b549826d56460bf136843e9d810f5f2f19cf

SHA512
0b1db83702bd8d76bb0594c92abc4e96da805a4ce15df03e7b508a8aea733d08186a207533bac87ed7264f5dbf1e5f51285f0e0371ee137197f4ea782a48389b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3c21a3c6b35e2e94d67fedc92cc1aae6

SHA1
d0f01a53a0d8795e8bcdd673338b83ab30a2dd00

SHA256
0d81f615956c12d6d25f0f65f91bea676cd32ac601d10c5b173e79d135b05ba6

SHA512
cd1b2e93cc032e3967a21575a28c9be778be634d52dba4fe8268a7422224df881a63b8bced15b6dd6ea7ffa13469660ce9ee6adb003149a518e65b82ed7a1798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
79885d0fff5efef4fbdc0d413d1c7478

SHA1
6a65bd5332981c0fefd5cff5bcdedc1147336579

SHA256
e11505edcd86c7039097ef64cd8426884d6b0ff590270171d622b1b5838204bd

SHA512
ac380e348aac409f2cb9120c9b450ef1260ac1ef0abc2beca82046736eb106f6f8ef09ab2d069764becf42eff4e9a35469c3dcd61fbb49ff28b9b3bec51c8d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit