hxxp://www[.]roblox[.]com

Analysis

max time kernel
46s
max time network
50s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09/09/2024, 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.roblox.com

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703596344361724"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4128	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3924 wrote to memory of 3416	3924	chrome.exe	80
PID 3924 wrote to memory of 3416	3924	chrome.exe	80
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 904	3924	chrome.exe	81
PID 3924 wrote to memory of 1644	3924	chrome.exe	82
PID 3924 wrote to memory of 1644	3924	chrome.exe	82
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83
PID 3924 wrote to memory of 3616	3924	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.roblox.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbbcecc40,0x7ffcbbcecc4c,0x7ffcbbcecc58
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2324,i,5918226117250653768,8740443678137244693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2320 /prefetch:2
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1704,i,5918226117250653768,8740443678137244693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2500 /prefetch:3
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1880,i,5918226117250653768,8740443678137244693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3000,i,5918226117250653768,8740443678137244693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3012,i,5918226117250653768,8740443678137244693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4136,i,5918226117250653768,8740443678137244693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4308,i,5918226117250653768,8740443678137244693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4388,i,5918226117250653768,8740443678137244693,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4500

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4764

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
16623ae42bc4b5d3f3603885c92422c9

SHA1
847df5ca544f5de464991b7235ac80666148f225

SHA256
eeb99d9159d8818a247848d9304171fb984cac7b64fd7e9c62c9415ed0804f08

SHA512
a474dbb2797ee9aa2b68fa57cb8dbf846a03a1addef26dc7b5db8574a756c5ab25a463d4df5adc11c7a7649f639d09de60b1aeef1c963af59bc90bdd4250f53d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b8fb574339f4e6fa87b5cba77d2efe72

SHA1
c2280cbd0b21f57e88d2b7b0cb58f91cd036d5e9

SHA256
2f6add7e664d3fcdf7de2e61dbbb03eb363bce6c9a546705591c8da2ce423609

SHA512
c29c10c0736052409fe3a15d96fe65103b51daeea29f2e94748f0ead5fc5f6bc5fa43a433bdb49ff7f8fa9202155f2a5c8e5205835dfd44ec8ebaa7b6e53a4b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dd06cf126d80805de8971bc00b7ed0c7

SHA1
6ecb7fe7c4b56290ac8e62e69d333a2da17bb582

SHA256
238beb50277c1fef192eed27ce26138d73ff2fcb36416a0e3e40986a1c6b3fc6

SHA512
dcdc0fd193b05b4a9c7ed7bbded1126c5845ae9f54f4ccb18fe8964c365840a0a0386a154735d891cd4b24ab571d39f13bf37f28f16fbe15536a20a3f203c679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
df5f4e0ed3f2e772dc9e96d2a93ce73e

SHA1
f2de05e4e7a30c05b359b99125499ae8a579fa33

SHA256
86651c1799e8989421ba8ba891d54cf90ae182c2bf90288a8f5bba3c5be067e3

SHA512
861e511304e44246985f2a497025e764d4d73c098ec48a3b3da824404eefa0aa124f93420cdf1e5f71422a7ef32ba87d2fd8be363d0e6d8ed8b2f39c08a2d85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d6e592911e4d5b26912a868f8c9f8ad

SHA1
32fd7a64986955a28d4db1c28293f8c0ffc752b5

SHA256
d21057b27260e435d857bdadd2d174d4a9f1e86c8d7cfe92a5d89fd8e3422dd4

SHA512
845b6d582578d01000d508fcca21e060baa650bad4407cbdd7e911c37611b21da053dea1ed70135bdd1f11244a42d5329c60f4e68e825b40817f3da5768bebe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c6044def61961112a80d656bdceefb6b

SHA1
1eaa9d6ebb983d63c1414088e188678aaaf87bf3

SHA256
5d4a41e5ac081e76d4742a4c71996e67128a7535343d7ad15ac82c6433c53274

SHA512
e090b7a1773005ec460b2a41052094e84122ddf60849fb4763cf72c4d7baf465234e8aa0150a36792fd45a8cfe8d1c587e13befc3a655655fdd23eff7c549152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
76be1cf1159ffcb74deddade93c8eef5

SHA1
c3cd016b8687c90d8b3d16e5ca20922b1bf91e6b

SHA256
32700e52084993498763e07bc4d141e860aef6aff5dd9007749f7641fe36eaac

SHA512
4e62925c4ba7ac5dab0e2dd0dade30e10f8ecdccc6e223f57142c0efd67f07e630cf005b9b4a8dbac45a67da955c387090430ea01cd9a423a25221b6020e1400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18e2a3f1e45bbb0b5249dd586832d785

SHA1
6191b106bb7a829bb159ec086e4b811588da6d3e

SHA256
85ccc00b49d6f794d9d8ae74ea1d4870bc0242cd750c626f8c358d4251cdce74

SHA512
7fcf067a9847a9fa3d6ce35e4a8331749c8be213d81be333b9c2865ac46b854ef69d649188303a30855847309ef7409886549a758c1284252638852b758b3617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
920f749f30a766a8428f5166cfbc16ec

SHA1
ae8bb5939dfdf10e7a4c494566961c9fa2384a8d

SHA256
b77bedd194eead5eb327a66db12eb5a1e02945369cf3942f3adfc471606b701d

SHA512
0abb9449d9d8e47bdabb61a49470ab4b14d324cc537ba20cae9dc9e7ba41fd6ae5a5413d5507e7dbf1c0b094126dcba7dbb0192a101d0f9f9c1a7c6b7e64a65b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
fef5fbb342fa7069fc406729bc223461

SHA1
7ed04f73ba4c2f39a2362701265c80717f9753a9

SHA256
a97f629eee5be41f9d595c736147d913627f6e5a53072b1664cd6050e47ccb0d

SHA512
e3268b945dc87d3d3828d368529b7fc283d5f0ea6373188f6b203d5f8d8c1e2c68f98125e3cc9450aaaa89273b66f6545658372cfd844e8b0a3afdfd7784f7fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
ee2eb4984489fa602bd4ae931e0191b7

SHA1
f30411d3d1e484818c5b0f4e774ea44370d324b2

SHA256
6d949675e808095721f60d888f4582294654761b340a7bb33c4123d8e1e41b6f

SHA512
672d20a46f15d51a316d7a006924c5feed0b23c6fa9cbed3548ca69823af85eb752d1864d149c09ed78dc5308248d8a0ce8cd7930a970746e930fe52d0066b7a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
a73ea6e1db27acedbe4055c448f82ef7

SHA1
01769a266d26c4b4b374099606e86b8874ddd55f

SHA256
c3059c62596021e555ec7901361fcde75078ad931bcac6027539930bef8b77d9

SHA512
f9cfe99077e40ac3ff11ab39020d6e159ec06cf50f9b1d156858198d48851d29de8882a18609a17dd30ddea421c6c415683b8d7b14fa30a51ddd1cd76032deb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
c08cda8b30daf0f971ed3fca378d480d

SHA1
8c0a3593ff62ec10f1c6e88d448eb8e23aaf7662

SHA256
1af0cf8b1e5f3299794832e511471afa6fcd4a10987464a7c043285cd49f0c58

SHA512
3cae2439b79bc45a0e233e9178224eba4164e535f7b94dbc02d703db37513c73c4ea6cb94cd2f37b2c5e3c37f807555c51bb7902679db2538c3f16a9db1114a2

Download Submit