hxxps://chromewebstore[.]google[.]com/detail/roblox-for-free/hchahigddjfnomcffodpdldcelbdokca

Resubmissions

05-09-2024 21:46

240905-1m1k4szfrr 7

05-09-2024 21:44

05-09-2024 21:25

05-09-2024 21:14

05-09-2024 21:12

Analysis

max time kernel
71s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 21:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chromewebstore.google.com/detail/roblox-for-free/hchahigddjfnomcffodpdldcelbdokca

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700443870357342"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 2580	4948	chrome.exe	84
PID 4948 wrote to memory of 2580	4948	chrome.exe	84
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 3616	4948	chrome.exe	85
PID 4948 wrote to memory of 1492	4948	chrome.exe	86
PID 4948 wrote to memory of 1492	4948	chrome.exe	86
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87
PID 4948 wrote to memory of 2208	4948	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://chromewebstore.google.com/detail/roblox-for-free/hchahigddjfnomcffodpdldcelbdokca
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcb34bcc40,0x7ffcb34bcc4c,0x7ffcb34bcc58
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1948 /prefetch:3
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4424,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3672 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4492,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4796,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4648,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5004,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5096,i,7565699433375425924,9403436133697212084,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1396

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d11e2528f7d3a8fc290188de626116b4

SHA1
fdbfe053f21e32fa9d293c0c7f17a43ea6baab53

SHA256
6c1da495da89d9469613e9865a1bb19e17e160152fd9b61662c682d259ffbc02

SHA512
c31d15dbd8f10ffc302a8c89baa7178bb71d4ec178e15ce4554d6fb91d2bce795f98ef9d7f9508c0b2363496ce0fad8f0a0c51c184ee309695a42dc55286fec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
41KB

MD5
0d17932e0626482afe8b6f310e47cb24

SHA1
78dd115cea950e82c6428486836b1975b6630573

SHA256
1f5b32a1afcdf9092cf1f0bb84eae0a6be1c8b4ddeb4d2fc4d271d1314aab252

SHA512
75e51a80add7329ddf91df268fe15a827931325283f15212b55a2dc41b76c1050863b0c0eecc4e7f20c069c0b8cf0c5b4e666ec9dca843c37a8e25867785edb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
237aca5a8b753094a8ad9076dc32cfb5

SHA1
7bd34493c285349854e511fbb8f9ab80e5ec09df

SHA256
e62a530747bc5da06b21bb221e83da72f6882eca8a005a73762a9cd2962cbf50

SHA512
22b31744d7e937bc25d776c0ff3671f231d07949a8507aa7092ea10a0c5d8537aada84fb4b8b642cb21c4a9a1f312a0a77a0f8f515852792f68297c92edfaaf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
f6f188207ebf255cee247275efdd8a5d

SHA1
f16d3ce43db63098814def17b155bd30deb3142e

SHA256
2675f2f89e5def8800a34a982663d7af9d67131f1a8a40e8ce564dd7f893a652

SHA512
fefb03e6c5f6ff47b86b7488fbf86800f041a0a48d3aed1f969a46c316000522a03dc46e47f75a13c17e41808f94bf57e5baf239c060575783c2d435ebe36ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\22d5c0c1-e2bf-450e-8ba3-fe7d80996b2b.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
6eb1f963fd856b47d988a9315f4cd906

SHA1
1131176b2f945c8baccd249be82a29289aa2e611

SHA256
a05271a8db98f60565094c26d6cce2f46dc906f95e6eaf334d715b9df0336afd

SHA512
b8b9ff438b7a6c64e16ccf152cebf6d629bee24b311f0e9b230169257e62d3f27e1e06ac92a64fb4e2fe982afe4e6fd370540cce74720e26a6304f6bdb614f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
93ef23153fd382c292e51a9b24dffdfa

SHA1
e46682977049d65bad0e824ddadb168fc1b53c22

SHA256
75e6b2ea660f3750d1ee2c01234d557b8b03a1d8f3c3df559415aba330bf8fe8

SHA512
1e1a68d1e5384033ad5ed89f970bcf5102ac5b473a7aa5c3e982273561504c3fd7c334b7e637f80e73cfc21e10f0c5a5f41856fd5702e8d40449f58b0da3340f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
1ee2cfb58d6ef17ca1675ca4c926b218

SHA1
82d7b58e300636ffa8a9217c9b01a63ba4256bfc

SHA256
01530fea22ee6bc289557cf440444c6b5c5d8c7774bce6b5df5dcccf0cf5d105

SHA512
6e83ee277203da08f737871aa94c028a7bd2ce171786a108adb3af18687b28235b06b2f8f07cf3838d75122112f1b0e3a783b2174b583f315d2e3a70c79ad996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4b2fd4049009f4b0e5c8a821730b9e9d

SHA1
18527962c4717afea6dfe98469e11fa454b6dbda

SHA256
a880f9b997f7c6d2386f28d8a9fbdf5e9d1bd4d05386c398cc9e8f3aaf54624a

SHA512
ac97739d4079183fc26fab346862df835b7653094687e8a90c1c26315ed8dd928d86a73be6727c01677842cd5a2e42ac8ca801e741c6a515025c44ed6e0b8be2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b5701fd638da74fc0fdcdfe104303b35

SHA1
f3e99e243dfc4b7e7ee00b58cf49e43c169d46ce

SHA256
46db18cc9e86729303ab023d3ae6412983c2e62bfb892b2ee3c431af397002a7

SHA512
564c9b348640cf8a8b09f4fe562e8ee9642fc380f34aa7780fa473e3ad25370e1ca38fc15443fa3360b0e9b5cde787a530df8abda33edeeed4062fbd51fbb5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
641ad07ca6f8f3f09c6b6e4493f18c94

SHA1
9da540415a380b33e048426d32404795c1ecb468

SHA256
aa6af9c280c339e685e9c420c37c592a9d508182eccbfdeda323d304aeaaf526

SHA512
36e3f3e7f8c06cbe1e75049c1a4587c7673979641b82c2963cbc5c20d889ea7fda5fa9e60363d3ccc53cbdf94877332b2e4670c86102546d4c936b0a6b639839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6c49dd6f54b34c5682afcc3d44b77dc

SHA1
283c14b60ab1f0259a0a24607e4ec20e5cead2ed

SHA256
b547a0065c81f978eaee5da39325e010dbe0553696d7bfab853dffe04e18fe95

SHA512
f2e61d7952a20ee59fb6f672b3331ff7245f4a148e372670bb796dc8a9b5f16abad2f71111f229a24f1b84bb5efc15cc6709bfbb0f5d6e0f247ad4045a78f36f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b17e910bfbeea73e7b573fb8c055428

SHA1
45617393208fc82fce54da2629c3c00eeaa9ff73

SHA256
5826cbeff5b250c860886ad09e4794dbc35f281ecea128e43381af562f11ac2e

SHA512
780408355ee50319552b452f284cd23771009e0c1043fefe8ef091a45c9d50717cad9345b0f4ca777cde352e77c37e4910a7973fc9d29abcdd2272c2e12f16d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02b916d3274a0bab9368f0af02a3d879

SHA1
cadb297bb1d56e05395a8e333184039f6952f6f6

SHA256
9d1e27e87d56986856b0fb70e4297a6afd9b367410488c8e6cf88e6e7d53e5bf

SHA512
7fad38f2c78d9f8b2472a791af8e80843d9406e4310082a167a283499ee46a83755dac2e3e97e3075638522c93fbfc932080c804e59feb3afd2bbd4a989540dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
443bbc5208fae440a8f4bb8c7231f8b6

SHA1
163b6525f14d5fd9c9b239fd3a1890f1bc14fee8

SHA256
35fa9bb748397dd4967f131e615bae6d633f2a8ea672a38cfecd4d09bfbc6bd9

SHA512
f8d20c61f8fbe2069b3eb9988e2311087638731fca949b1ac09d23466f6c6a488658b2bc9a5fb68568b2fda613f97c09d64805a50b2d4040202a976c2087d7dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
c35a3a6a27d2eb6a36052b3e518c6a1f

SHA1
6694d88b14b800a7650c25bb68cd0947ac6349a6

SHA256
fcd8ad9490a2e8f73b339fd8a2249370de0a38010d7146dd914a2b19d35bf8be

SHA512
c43c8ccc25314fca37850bd45f6a093f9c87fdaa89ac8f5d1f2a80a177e2ff5d285ab8e6737cfc604ffb1249c0b5d8da6858b07dcbe12f14c59822efc4dca9d5

Download Submit