hxxp://roblox[.]com

Analysis

max time kernel
1799s
max time network
1688s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
22/05/2024, 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608661428292988"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3120	chrome.exe
3120	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe
Token: SeShutdownPrivilege	3120	chrome.exe
Token: SeCreatePagefilePrivilege	3120	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe
3120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 2760	3120	chrome.exe	74
PID 3120 wrote to memory of 2760	3120	chrome.exe	74
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 3716	3120	chrome.exe	76
PID 3120 wrote to memory of 928	3120	chrome.exe	77
PID 3120 wrote to memory of 928	3120	chrome.exe	77
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78
PID 3120 wrote to memory of 1288	3120	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbc4c59758,0x7ffbc4c59768,0x7ffbc4c59778
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1760,i,1393421001239440701,9850371983351450514,131072 /prefetch:2
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1760,i,1393421001239440701,9850371983351450514,131072 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1760,i,1393421001239440701,9850371983351450514,131072 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2644 --field-trial-handle=1760,i,1393421001239440701,9850371983351450514,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2652 --field-trial-handle=1760,i,1393421001239440701,9850371983351450514,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1760,i,1393421001239440701,9850371983351450514,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1760,i,1393421001239440701,9850371983351450514,131072 /prefetch:8
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3180 --field-trial-handle=1760,i,1393421001239440701,9850371983351450514,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=832 --field-trial-handle=1760,i,1393421001239440701,9850371983351450514,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2e5ff733-b5af-437f-a35c-c9fef99a4b15.tmp

Filesize
6KB

MD5
b092f218945afccfa368ac5d6389bc27

SHA1
a6c4982c6667c895589d06dfc7169450af612e7a

SHA256
8e25a88b90211fd0288d63258e732a7e1557511824a459a74d2eb25bfff07e99

SHA512
3c981a36a76e7fbfaa1752d1ca40e80215007a0636a0a214044db6c2cb2faaf4f4185818b340422d06ece7c154fad33a59c1d15a6264a85ff98375b24eba352f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1d837833d55e3455fd668990b6558d85

SHA1
8d26982bcff23a5a78d3d17ee47ebbbd2aee6368

SHA256
7c6f43aef92f2c0f5cbacfd4ec93abe6bd00567bdff990ee1eaba700a4d054e4

SHA512
1e30a0df2b2676a48f664c3c404765619b6091468bc32d89bbed07f61ff11005a0615f97d522961852f3e5dfe9f8716550252c67d5b6f0f170560b0412aff4e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
9bc2370fd6bdcc768e2cc6de067f43ca

SHA1
0aaf9a626e030c6748005720dd5a2f45ae861d5a

SHA256
e20b47c3ea6eeb87f5b13281ca471cb468a45f19768d25f0915fb7ae3dcb4e04

SHA512
507005945fab5807dbbe7901e62392bf308cb1c1fa25aa1cba774b0f556ca334a20774ae8a599c0d8520c63b3c3cb21ada53f67cfd2ba90c62473aa2a27de9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
5f45810e5c0250c514d2229c11ec56fe

SHA1
4aae15f32b14b3dcccb746612bba50a9c840d74d

SHA256
7b70b1c7a6e72420736409079e213a9a4315daa191af3c26b41f7cba31052338

SHA512
8d3f15d92502ffffb6aa1ee37f9ee967c51ad31d809ac374c3d991b8e88c20cf5f7e0b22192f0d51bd6348cf2a719992f10462caf1ec21b657325a94bb34043f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6921855b531938a889b977574523b93b

SHA1
039b00a0caf40c8ac50f997433f04d4f47a11b85

SHA256
9dcf41bb91c314425143fc8f90c8136fc72671388973769e77fdf01dda81ebd1

SHA512
59ae7d6462bd070af7582585b8aa16924f68304e8316f12c1ca21e232171699c69c5a0aba7337b06c0b253f812800d02ab729191646da96b99a5518535814c11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d667551cf34a53420ffa82b12040924b

SHA1
a918a616d78696091f49527abae8f24de00804dd

SHA256
b2b00f44e174b588a987b2f39899a96a57c5095f7e41638fc5caea51bdd5479d

SHA512
cc4520aa566ffd61126109cd459762f2ed3a00f5e4bfc1b108a510b3175ad2b9aa15ee7c7a7c959e8796e2123fc1dcd67936f870e067336a38bb516095f5717c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
baec0528c79ea43b7c10aa87d4575eb3

SHA1
9ca24778495f6575a51449d8d391d995d3119112

SHA256
e933bd9951ede7624e65af12e6d505d1d2967602301f75098faab3b301bd5fcc

SHA512
c60346a94a1d6d8cad417ab905302f460c431f3d2eeb630697bf682bcf322194915e5c653aa1f7b3434556992b71dd1276be1f70b775a4106a4a242d3501e88b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
07eded2787d02d243b183a918b0631b3

SHA1
9c930ebda183c6813ab95a172e725565ef29f0c4

SHA256
66c1bdffdb3ba8d3acb94095bd53833f48b681c3ee06fb3284321826ac343531

SHA512
ef4f1a6e8a350492f4ff5fec97a9ef2ba6fd15d65064893180e77391853091eeb7f9071a5fedfc04105cf631c7ce160e09cb9140be6d862c34e63b724a90f7d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
32a1c391e015cd7d9d3a53dd17839558

SHA1
606d535927c1facdcbec439673c7867ae101aa65

SHA256
a5912c5c8e9e24b3d7f20ddd4a6abd499e167f06d620b01cfb05842699b789ed

SHA512
5a93a7849d52887bddce6456417b78c0aaf878c65476fc20d45fdf78235f40ed784691723b890ac98dac24aae0b5d4e1ecf9712fbc212b016148e7b14d9d81af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
74420364eb46731f3427bd593b0a059c

SHA1
5290c96dd5152cb634c48ddf950d97bce8d5081e

SHA256
550aba04b7ceca86f51c987e8fab48020452fb3acfde24ff315321aaba0cfc1f

SHA512
6d1344d7d7653e49c7ce15d6abae890bd5eb6b9467aaaab0eabf91f57797598096670abb9e7b0ed0f52e34d5c72a8305e4e9b33e32f683a4725e9660bef1f1b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
389b93c799d3b494ff6701948012e3ff

SHA1
a4f6f7f58d24ef07ae1355a66e7b0dcd95e65bfa

SHA256
ba1830e52d23ce9a8fa6918116355d109f5116a3580fc4e1419f69d9b5a3994b

SHA512
a206ccc9c4198c21f44a13766999f260fff289ab6b5ecfc0dd656cf437aa31b33840f0097a1f930a1a707c80c6a3c1d091373002aa8fc9e38e12a033970c70c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fd712e654a78cdd419aba81e493275f8

SHA1
ebf20f81dcd779c41f4cb36bbbf3da2af2c70811

SHA256
afd119190bc8dce2bc76c566a6abdf6b9dd78043eebd9ea926327b455a767f55

SHA512
9954456d1c39b9c2d01796c69005558671e277d0118d86bf657cd9b2c664d2efeb025de51574a4c43dfbeabe48d8dca79ab86a27fe2cfe6f71bc20941760e49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
a82b429fa9908c85625ac46ccc10627c

SHA1
ff1b8b7649368471514a06d84e955c2f0a7b4fee

SHA256
44d1078c410df916702e322fd009fc79afb4299497c2d7a98a88e4ed4babf2b5

SHA512
17c1ad306a72e761186b05ff5406c739586cec3f95509eb95c87a2f26b3acd49ae6ebd381f225b2485e0dd73f626194bbd8ff113055f3e4061eb78183886a93f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit