hxxps://www[.]roblox[.]com

Analysis

max time kernel
62s
max time network
59s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133732871429753014"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{E13317D2-5F36-4FDB-89BB-0AD26EBE1B12}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 4904	2200	chrome.exe	83
PID 2200 wrote to memory of 4904	2200	chrome.exe	83
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4956	2200	chrome.exe	84
PID 2200 wrote to memory of 4020	2200	chrome.exe	85
PID 2200 wrote to memory of 4020	2200	chrome.exe	85
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86
PID 2200 wrote to memory of 4964	2200	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcf8f2cc40,0x7ffcf8f2cc4c,0x7ffcf8f2cc58
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,12608811489321978655,16783941517869256750,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,12608811489321978655,16783941517869256750,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,12608811489321978655,16783941517869256750,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,12608811489321978655,16783941517869256750,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,12608811489321978655,16783941517869256750,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4648,i,12608811489321978655,16783941517869256750,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5012,i,12608811489321978655,16783941517869256750,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3892 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,12608811489321978655,16783941517869256750,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2404

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2132

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
91147aff5691c9fa5116c263edd7356d

SHA1
2011e16bc52e342caccd808658405af67c3f276d

SHA256
9b0bd39565be16225e2759aea8041bc2054c919283a68da8dcd3aa6a353799fe

SHA512
58ec13510dc22c4b3c23be0b5e5d9a178f60a69eeb73aaa44ee21565c001e8fe9fa2b645a5577adc71987c84fcec541c43a585206856527baaf3635848dce38a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1acf643cb6f12ad009f09d523e3d49b5

SHA1
e9a5c968dd3b1a1b319d893f3eefb20780553469

SHA256
1558e9ee8d3257c3fbac022a64e450b1b0e1523c4597899adef4557263ccb7c3

SHA512
bcf52ffa9288e08579fb451bbdb5b4c838564e8d436cbcf2432225431aadf40f9764dca2df54aa3aeb92a00470a3af299e8e35e0dfde65e8679bfc27db976841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47697e611c431e2cef9194e60df97d89

SHA1
06d78a487302396764df6c505b47a91a09366fc7

SHA256
c942350fb480dbef458d2a6c9afd79a0b4d0f81cfdb88ff6f456e4e28aab316f

SHA512
4e31a5398adcaa69cd9f6857d718f9cf5251469ea509f517a47cc8510e9c0cb257303af4e85a8ccc02f1eb983fece5c7af9d629a93c8f40a4c4fabe698115b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
18be4acca521c306ea1935910b4da15c

SHA1
08a085a10ed139d8af3a522dc75f055d7fee7850

SHA256
d5f578e7ba6b1d18e0aa07e8d669be7489e9cab8e5601287155ede01f6a2e64d

SHA512
48e6ce269c207918a4d019706aaff1155533411f60cfa3ac17e779bc999ba67c8d26d71d0568eb76508469997133e082a6bf51f01b24e5f0641ca43bd26ea9c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
90bef8c449813a7e7fed80670fdbc5b0

SHA1
664f892ffecdcdf2fc52f909877d8214fec02fa1

SHA256
3fa147b90448095464e2daee9beb8ca738f1b717daedb39a2f5ebc6c15b4f9e0

SHA512
2284e66f0d59125bb69a7294d141c87d304a93f1a1cd1ae82fd508ef3ac23a4446e7f92c3841a3367ed8595b6b53cf4aa9c12e85e8210306277a1e6eb5042a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b065ae0ee3c282652549179c1560c81e

SHA1
44df41f99099e169183d2c018897c4f972f6e9c0

SHA256
7ef85e996d7680278c64b2b7ee213cabd5e1e12eb8f40c3a7377a19481f4fb56

SHA512
601de92f3674e9e009b8d49b5bed82a18bf3f60d54b3b441a30117ef44267b67dc35005bc5727cea16b3507bd711365c16210dc9df78f2977cb008fab39c8c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
33f318670fa234604d295a106ede9fa9

SHA1
fe218672e7de591cc44843e0c40318a2aa9483f4

SHA256
7bc2135ef60b93ad454df8fa4eaed3bcc6fde0729f4239c6bfc6ed77322b2ee2

SHA512
e2795f416710028bcf83924df8ba9a00a0325984dcfeb3a8d7a096463b988b043e81253fb70b5105aeca850e3298fab34f8b05c291cbc839cced44e7f13ba677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fee45f683d03adde8a9bb64ee6cc6256

SHA1
ca1d8c332fe660ca676dff20a645bec8dd550fbf

SHA256
f43f7d4a4a0eb9311352ff45f3a02067822bc6110c0e6c3bd872f6de9ffbebc5

SHA512
581d2ceb676b1a605fcaf216050a923f5160ede4ef6c85f8f7be87b2819f55766c92b4ae7fa7a9fa08a365259cc09b029a35e1a1f1379b1736252a5957850083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
967a17c51cdf87fe2b972283fb13875d

SHA1
b14f4f45e18f3bb3c6e84679815173e8d76349f1

SHA256
907f6d6a418c6b5a6993f66898fb5344632bdc266e764374f046e3c71bd35434

SHA512
6a6cc536009d0ad0c59fdf330deb0a0eee4b28bf4ad11f81a104a4ac5b4d5a334f772d578a144de9650ac9ea5f86717aa4e8dc04886a959f7ee0402a8494172b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7dbb976e60a9429079aede3e7fc3d58

SHA1
6ef77a06791cb8bfd3f8de990029ae1296f73d74

SHA256
c9097352b10488a7a1d3aedbab074978d2a87ee3fe02a048275d4c91acf89998

SHA512
88dfbee492930bc060cf2d0defcb64ea19d1417e8d4210b3f19b22c53d2c8e81601e2d2eece811c2bcd5b675fe388470189b8c7330e94f8bef87bf3d3520bcf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
daa6090637efc1227ad443826a4984af

SHA1
60a57b42367133f71db99153be8425fbd2487d5b

SHA256
7ffd1a82243287992d4435ba0355fe1a63e9ad7ec4f383d390c5247ba36ad697

SHA512
872016a108b15455e2ccb57aa5d9eb47dcbe123d8509ffa17a06bc15a83a47d13d6ea1d57b4c1d5acef7a0a3cb3d237a2bedef156550e9bba7d4f0a5c6688c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
08a40cc3ae4b3ab713fcb48923d62495

SHA1
b79fe5146b48810f2b87d3724eccf4b384b24674

SHA256
98188c7c56edbefbb1c70cc72fe399120fd5605b615189bbfbcdd1908c22b8c7

SHA512
df759084f9a7596a74942fc18bb3422707be4e02c02ebd8b2818886814632f762ce1e0501a87c45d65e18186e4ec30f78c0565a2762292fae7adef1f4432248f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
5b6d90c31093ec9f6db04426f92e951d

SHA1
8b6fec46fc6fa1f83c37881392f0028e3fc164a0

SHA256
dfb386b6b70246d4a6b24e464ff493efec3a796d02287a4c9f53cd3222007c05

SHA512
96fc53abdd771bcdfcc49573a230057ab07d870abb99c10508a16a55c385f8266649a7cccf48b8838fd8f81f9f0ab7519aeef82e3ec8672c6842affaea25c83a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit