hxxp://Roblox[.]com

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607778364205097"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3036 chrome.exe
3036 chrome.exe
1864 chrome.exe
1864 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

3036 chrome.exe
3036 chrome.exe
3036 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe
Token: SeShutdownPrivilege	3036	chrome.exe
Token: SeCreatePagefilePrivilege	3036	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe
3036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3036 wrote to memory of 3380	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 3380	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 4940	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 3020	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 3020	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe
PID 3036 wrote to memory of 916	3036	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9cafab58,0x7fff9cafab68,0x7fff9cafab78
2⤵
PID:3380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1924,i,5145509865361511631,6826459302464445704,131072 /prefetch:2
2⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1924,i,5145509865361511631,6826459302464445704,131072 /prefetch:8
2⤵
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1924,i,5145509865361511631,6826459302464445704,131072 /prefetch:8
2⤵
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1924,i,5145509865361511631,6826459302464445704,131072 /prefetch:1
2⤵
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1924,i,5145509865361511631,6826459302464445704,131072 /prefetch:1
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3904 --field-trial-handle=1924,i,5145509865361511631,6826459302464445704,131072 /prefetch:1
2⤵
PID:880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1924,i,5145509865361511631,6826459302464445704,131072 /prefetch:8
2⤵
PID:3168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1924,i,5145509865361511631,6826459302464445704,131072 /prefetch:8
2⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2644 --field-trial-handle=1924,i,5145509865361511631,6826459302464445704,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1864

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
64354df0acb0c70762e502801175407c

SHA1
800edfd1087b925c0b83679d0098e6d9b2224e1a

SHA256
a146e28677154c158d885f6fdf85182c70c2356d6e4719f32c537faf0a69eb8d

SHA512
98501686ba551232db37ccccf6c281f0ee4ba079056ce5abcde63d40c70a2a877b790354c674ff19820eb786433683718df179a9fa9a9b2cbe6491a5c334eaf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7a497f397d87dc24acbe123b36679f79

SHA1
b584bacb9dcb67fd9a7bb10fe055629423464f88

SHA256
5f63b2fdd83e6a1267f3de6bb08c4f3efcd0866042f8955a73a2c6e9f71f3a34

SHA512
196fdd9777f8bd1f4a14327ea811df2f3cb45eae23262fe2d14daf1f3669bfdb527a4999ec514fa7fd0db79830a18c6e75d3d37c384c273a869c24c44667b816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3913972b8fb4a756d101a45fff49a4e3

SHA1
4196d198f8b81d9ffe3f6c48e596d249e48e7bd5

SHA256
eb5a327be6713e267d61df8b9129e91edef844d1aadfc526a7abfab03f5a54e1

SHA512
eb62066fa652694574924de7cec2cf25a6883bbcc1239dc38eefe28726c9bf5cb541fd6c5c43a7e8aee9b0b169b91287b1d2152db23f69e83d46490c0fea3422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
770559a07c1b8c6232a6e9c28a3f954e

SHA1
62a035ffaae66940cc53cf6c3228b2319610da8d

SHA256
d2916a9963a3352521cacfcf2868e07d08e5a7c52dff66b88487ca8d8ae68e13

SHA512
9d9a8b230c914c600c6eec7a79d99ce9cd91380334c183e2738cafe3607688ed308a8a5ebe81bf18d62f97598de8db053731a6c4e270144ce0bd03e893d4fd1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0efdbdd2a6fba3ce3e0aef37a4cd508b

SHA1
519e22c4ff0c27746470e430598399ae01f0cc81

SHA256
ddefba04a59d086f424e282a21a45daf82d4ba6ce79464c23a857cc787683395

SHA512
5ee088be724bce093ece65770c6cf8a07fac72fbd4d48a46da713b61e3acb39f14e53d138f0dbb3c1fe8ddc673c9e918a11682b930f07e2b1b1497385b081f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
63c67a810fd1c63761c283340894deb8

SHA1
4a8100a6d916515c87083232412e1ac6af23e2f6

SHA256
adbc3477f169f7bd7dd7eef5dd315aa7c68e554972ce228de620bb5a537c0bc4

SHA512
907db54428ef7854e8230cc912c1aad322bdb2f52133f0d16f5a7c714568deafc894b3a86c80f65e09d1ea3ebbd7fcb12ef3b9fcd2713340c51d50b45b5aa0d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cb5b3bf5f47217ca287171f4aa9d8c2f

SHA1
3979736bf4e4ef8f209af951f42a9869c8c67a48

SHA256
fd57d3a5cf73a8097030357d06f7b55233a9a824dcf67ed9923533f68d5e020b

SHA512
56919092255ba6c68a2b7a295d071db547e514effe5db9c26abf7447b6a851b931b3a6d5ee3c49f7b3aa9d76b5bf6f063fa721f35fbb721adb5b533a1dce9278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
359e76935847eb8168c7abc45c4c25b5

SHA1
fddcb212cb3d8e061d6f0447bd67d04d9ed36848

SHA256
fcb098ac0396c563277481adbb9ab564d1971a26d0fd9ef599b8dddb9e85d69e

SHA512
5363ea6c7537dbe8dc196aa2ac4d4ec20a81e7deca3e85beda2d3302f936991725c22e0fd9dbf48c690bebd34e6ac8b8e0cd51f0c78518f594e4febec3defe00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
52b99524be519d0e52d0118c2d8f083c

SHA1
e81b2cd4e59eaf201130392bf3594f4e7ad12cda

SHA256
274e876a3c3121b042ada64b0d162a449c3e7e2c234c19622890e1edd6cc345d

SHA512
f67382e3e63a3be1237950d960c2ca554939ee31cebfe9198aeba0f2bd564e05cd673fd702e7bb38b8294df708ec77249b2d686553d332856eea6babad5e0432

Download Submit
\??\pipe\crashpad_3036_JXAYGROJONROBSAX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit