hxxps://steam-card50[.]com/50

Analysis

max time kernel
1800s
max time network
1802s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam-card50.com/50

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133544585263360323"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4844 chrome.exe
4844 chrome.exe
6132 chrome.exe
6132 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4844 chrome.exe
4844 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4844 wrote to memory of 4080	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 4080	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 3592	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 4704	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 4704	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe
PID 4844 wrote to memory of 784	4844	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steam-card50.com/50
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffa36cb9758,0x7ffa36cb9768,0x7ffa36cb9778
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1888,i,14522935148765119547,4593049129302158315,131072 /prefetch:2
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1888,i,14522935148765119547,4593049129302158315,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1888,i,14522935148765119547,4593049129302158315,131072 /prefetch:8
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1888,i,14522935148765119547,4593049129302158315,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1888,i,14522935148765119547,4593049129302158315,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1888,i,14522935148765119547,4593049129302158315,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1888,i,14522935148765119547,4593049129302158315,131072 /prefetch:8
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3480 --field-trial-handle=1888,i,14522935148765119547,4593049129302158315,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1888,i,14522935148765119547,4593049129302158315,131072 /prefetch:8
  2⤵
  PID:6060

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3764 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:5144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
7e97272e9d7ccd6550ad5b1934541981

SHA1
fd8db19580f53de491b1aee40be1f71e9c4a1b30

SHA256
ec176241ebd45651944ee472a411da82ced277d07a522ab01d4e0afbb023a872

SHA512
f5684f1b093a073cdac7ad6a5ae84dc710c7fe7d935e7f8d355959572ba7908539025c08648c3bdb200bf4a4662fff4065928d18bde556d569bacd74e41bcf84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
51ee6f4d5b9ed4be6d34a49ba6e28b7a

SHA1
7a9f5c66e60b739d7550e4daacfb9f6388c1d966

SHA256
939d3d0187829089cdfeb97dcb0dcfde94508b5435fd12c98af6525eef086496

SHA512
35a8d69ba4f172f5b57804d633e17d69ca6e28978689756b9dc9cfad51b5a0f6843fe8c9dcb18eeb479ecde92737d9031c7c9e6971181207ab3844e18b30e4cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3796463cc8e094225822cecb6bb9e675

SHA1
b304d2f04288cf6d43d7686806ef8e7da5ac55a7

SHA256
3fd2fbe6d78e7090e0b53f429aa61414c7653cb039ce979b2aab1d6f7cbb80ff

SHA512
f4e9ee5c08ab89b9d5fb48bd6cfdd9f6959d4e9aac86862a3127eda9b1d8af5209c581a701af873b9eafd1162649835e768a6fe49252e9ec544f8fcbeaa31fd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1545421438e7fd411c16f0c868506488

SHA1
46d52e8fd8f06b291ffa4bda2952ce54968a0349

SHA256
ab43c1624f3b88c2f360450641bc96ffdd06e9ada2c5b9fad77f22873b001d94

SHA512
e54aa90424e530c4985a246ed240bb8b70c05fecaa06c86b82c37ec7f76312aa7e428d497d00e83cd1a232b5b3d0083655cf3343f6ee065e2b0b825e06c53bb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4694ff2de9e7c8c99298051d423b9bbe

SHA1
9aff2a2316975adf2ff4e655fe33ad2463c211e8

SHA256
5eb441330167412e505b419804c440607eb5107529d900f3ca987d8aa168e8e8

SHA512
d75e669ca05201b734fa2b6e5ae130815f6ebff2de4f083f368b6df598cde0f2bb4e1ddd3d338db8f88689076007cf0381498061b77f885d665eed2457edac13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
0d372c32fca9283048b2ad37e8a1e14c

SHA1
b05f44d40774db4d277b9bd2f7e9d0dc5b9fc94b

SHA256
2426971a6e97923a63299259dfad829ab74a467c324d2bcee10235a69e982841

SHA512
c99c4eec03e457b097b3ca6f431d614931fdc2a7e7e987281c874c4b4317a3bf9c5495f49ea9102d4cbd3c0af0ff0222b3e9df12284ac6dd51d117aeb45287f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf0786d3e89967733a4fb2806b271a14

SHA1
ca1e32ceab4416967dfa85e7c49c0ffa783e7a8f

SHA256
2e33889f3e9feead26b78893fb873932b5fc686b980fc86dd96f6e41aa4120d7

SHA512
ab2b1ec0c0b344f85bd683791ccbff43c451fbf752563185908ee403a2add3f7a797c7af6e9f9b1cd2e5b985c7f46e9d82a862c9f2764e72056c7d4d436f4810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e3f10418c476f3cc4c614f60cc084e1f

SHA1
7369c63e073a076c87142452ce1aa07306bc95c8

SHA256
1d932cb11322a0520418d9f0e4bdaa189c4c28f8208dea6ccdfefc3821b6e1db

SHA512
aa157e0f0ee6653f30f6082b4067738e8d892ab03485c8c8693456868990b67c314197e681751de51ed7fcb81d7b79aaff63ee8700b70d27e88d795cc48450f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0337dabc85c741245c5a47ed37b99574

SHA1
33c634d472b04706318602c4a667f3756e4ef14c

SHA256
a48cb51481fbb9d30a12dc65df03e88b1cde73e05322da101b7f38a77b278856

SHA512
ee400c45312174f1cacb0e8ea9d770a291f2454abe020d0c44ee09592987879f6c5012f67d270955c9cf6355ace62bff99f0df45e93aceca8be3a5669b3e1c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d1ffd2efa729cab6d1ee321467ff5da5

SHA1
2474030778fd4b75d241ea1240f8810fe76f73ac

SHA256
2038fff96ed993f6227fdcdacb66d46a05c956073fb1aa893133d2d4352f7a9a

SHA512
e6ccb2bc5cf429c2777e31673b4a782bdfe23f85e32c33e05850484866fd166f5f73dd3203e4790a870d415ff3740598113010f84674f9f69c1aab3265858e89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
cdf044470b544403d63cdb56e8ce3156

SHA1
61e1716784701dff01a1bf4fa9e955edec99af3c

SHA256
d42550da5902ecaeb0ec3c9b059a42bc096400afd55abd372aa6bbf6a72b5173

SHA512
7a24d93796083847855c238c60fb30c22927334aeaf7b9ac77aa0a1a3430d516ac3000ec09f1b39532a8bd97b31d0d5cf5ec83f6618cc2620488403b0666a92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
dfb4c92ba71928c3b235ee7e31f19c41

SHA1
782ae33397087b964cfc97438940422c03b0f446

SHA256
e9a2848695979623e2346767586b4d5c9522ff3389517d096ccd2bea448c2df6

SHA512
211e7c0f55183b085d9ec6169da20a7ad5e57c269b68ac2b83738b516637ca2e71d0c1a3f4ddc0bba17fe6fa45daac1ef397208817810b222c17f622d9da4c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
2568c51c3564458fc067738b671fc678

SHA1
9f1bf60e1d1c968a183746919df98f74a2a1856d

SHA256
8dc47702e26a8f6982f5a12576b0f3115373ae2db66e5229dba5a8d44f1f4b26

SHA512
4be69cdfc46daad5487167a9d254861a9c5cafdbc8f83e69429ad9d8df788791378ae630e07a6bd4edc8802f20d8cf26fdfeb1668dd7de3b91d17fdb61bdf5e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c08c2.TMP

Filesize
101KB

MD5
173f89f7be22f22cde96e6e0724edb94

SHA1
08317c31025e761559e25ae000b6e7190b40f242

SHA256
be0923f16cfa5d20173377e5458fc56a45e010e029ef0a7b01f30fa188d1ebb8

SHA512
579dd5af077c1aab6701c76d3429913c33aa588015eb529954f0f7a3b40d0565236b7bc22b32b4528503cbd3b39f5621a702945f5e8a2915572de990bec341ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4844_FUJMHVHJCAIPDNFI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit