hxxps://www[.]roblox[.]com/

Resubmissions

09/04/2024, 17:12

240409-vq8g8sgf9t 1

09/04/2024, 15:50

240409-tad31seg8t 8

Analysis

max time kernel
1799s
max time network
1689s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09/04/2024, 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571577026530213"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 3200	1428	chrome.exe	72
PID 1428 wrote to memory of 3200	1428	chrome.exe	72
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 4672	1428	chrome.exe	74
PID 1428 wrote to memory of 2176	1428	chrome.exe	75
PID 1428 wrote to memory of 2176	1428	chrome.exe	75
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76
PID 1428 wrote to memory of 984	1428	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.roblox.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc1cbe9758,0x7ffc1cbe9768,0x7ffc1cbe9778
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1828,i,2130348015922899284,8256508309417962455,131072 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1828,i,2130348015922899284,8256508309417962455,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1920 --field-trial-handle=1828,i,2130348015922899284,8256508309417962455,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1828,i,2130348015922899284,8256508309417962455,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1828,i,2130348015922899284,8256508309417962455,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1828,i,2130348015922899284,8256508309417962455,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1828,i,2130348015922899284,8256508309417962455,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1828,i,2130348015922899284,8256508309417962455,131072 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=776 --field-trial-handle=1828,i,2130348015922899284,8256508309417962455,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
43823e93dfa20ba9d216b57b6271dda9

SHA1
9c6ebe8830a6f46fd9fc510d95821c6bfbfe08ec

SHA256
ffb96f285737c2c73f0cef2eb41f85153907c02fc3b488a3b0705ff0b7e6c770

SHA512
07a93d7ebb76fa07ec8f1c10b4dbced6d59b504121a04cf5c153ea83c376fda16c5320e794e77f6dfd68d9a2872685094363ac447febcfd3f91f069f64a2a6ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
373760c2591c255cec5b7ee3f4143636

SHA1
ce3e1dc544157d230c6e4091be3d0805b8186a20

SHA256
2dc070e3227af23e2dc81e6b01d0dcfd3e60875d6b5cf6fa950fd703af750ad0

SHA512
0661826c3d279682a071fd616a7be580042920980edb3ad34b27615c96f7fcb5f14b4c18fc276becf0612ce9b79c4219502a8a3e4dbe7c697967910d19d35413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\688fa9bc-8428-4f83-8bfc-d0b27d6f21f8.tmp

Filesize
1KB

MD5
c3651423abf5db7cbacb1783070970c2

SHA1
4988e956ac74e1239f4b23acfd8200514a782300

SHA256
71b28ead5252e341535b48f314e97d5b0fdb540c02a7169dfc2b9c6f2cef09b1

SHA512
0dbf625950fa5af80ce871abe49d6dbeea427561804a3129d110711c07236a68246634554e029a58382b2d188c7754ddf4af639d59982a34b27fe51de6035f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6164926066f87d91a322e392db8524c7

SHA1
ce67808034aaf638d90c982ca9f79b991ad603a6

SHA256
5e1b0da9ba9dcc0888c6459b89dbf8677eb8f0d1240937871b6f4a10dc4132ba

SHA512
cd628988513be660d7075ce3f148c66efd49c1d27d77dad2018ab41119168db40a00d244739fe7b5e6ce211b161a40e1b70d1634e1098dd807d684cf24f136b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
31efb123a3527f6d9033a556508a9fc9

SHA1
21c9a281ef836dac1868d425235c405a8185c0a2

SHA256
9521df90e72f7743b767f16120e3680fe00363b51feb5a94443028566c192589

SHA512
fa1a6d66bfb7324576e7f912824c6746a6b5f824513a7057914ecb9bc862f180f9d639e03223351f62d0e196f1d8d953e9c700b01723b2a587cb3af3d0fe066a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c1a46068adc5e85e40ef91badf47e2e3

SHA1
5c0a182642dd1299cecb32d1a3d8f63c386965c0

SHA256
5aa6688bd70a51e45eb1145352b5856f080b7d4dfa5d9ef6ace6800787669372

SHA512
be8bc248e83115ec5da7d2915017d22422039b6deac70fc8f8a2ff501cfb63e86d0a45eaedfe149c0854a7dfb8ebe61d0e0c8f0f2b1415b9acc9f59bf1bafb6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
36a514b9578688b2519ea7807036e350

SHA1
88fd4808a7e73682e746ea006ed439b6df8843ed

SHA256
c371a9d36130acb791a691c6420b5fd35585f3b763799d8ad84134f2e8c4e1ff

SHA512
153365badb19ecd16975ecd30171e1567182971c853af4148b21b926dfa7fdbc7c278857dda2d511b6cc630fdda207b3c81dc615829e702dafb6d3ef2778fd2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
187ca156152c36ebeee2cfee602721d5

SHA1
2df33aab2f8786cf91cdd3581b70dfd4c629ea8f

SHA256
3d17de88e92aa30fd32172cf4691e33e54124bab24249091d16482849517fc03

SHA512
530cdef8c3a4abd52d1e52dd68698d554b5e2582aec4dba80215be4dc1f5ee85f976a9b3f18fdbcb021b14577e0ab17d218d0390c59c9ee0aa6dbd909e3ae5e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d8a0dad03588e9ea15fca54ca880793c

SHA1
f32dd22aaa03deebe9b14ac73dc8ddaac6623a9b

SHA256
0721c2eaf0eaa08b40d5d8d29d457ec7ccd744a985294a3f7a3f565316c5b1c8

SHA512
ec23d0107e2ddfb24af094223e16b1f6d9cfa93cc0aa0c052978d8eb79a3cd5360912b10743ef717a563f04d024b018df9a26f1663d2c121146caf0584743eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
73d20691aeca12d0b1b700f678172154

SHA1
f5b407fc32cb9056af99772b636bad3b10954489

SHA256
4b61923d88bf246fe921c8f1d021ecea4b97542b1b61337675457378f6ae7efc

SHA512
8a2c8771b0f526bd872bbc32b622b4a53c535e5ff74b567e0406a6aa4c909229cb4a181f9299c051c7998ebde5171b5b104b349bbca428cbf0179fb547ebaf6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
98f40463b3e4b139aa47d65bb39cefdd

SHA1
7a3e18f55b33438ac79ea1bf71721ffc26ce1351

SHA256
61b36d9cc50d5f63714e55973d977dc5b849e7dba2db33c10abcd61b1bddcc8b

SHA512
7bb05a12d142362f3f0ec4437d4250ad39bef7cb5bde6a9824d116cac4b5c895640b1ca39992ec8c3a9840e53bc61c2643a8e781749f268acdcd63dcedafd087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit