hxxps://steamcommumnuty[.]com/gift/activation/feor37569hFvr1a

Analysis

max time kernel
78s
max time network
83s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 04:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommumnuty.com/gift/activation/feor37569hFvr1a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578878927812568"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4508 chrome.exe
4508 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4508 chrome.exe
4508 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe
Token: SeShutdownPrivilege	4508	chrome.exe
Token: SeCreatePagefilePrivilege	4508	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe
4508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4508 wrote to memory of 756	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 756	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2016	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2840	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 2840	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe
PID 4508 wrote to memory of 5064	4508	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcommumnuty.com/gift/activation/feor37569hFvr1a
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9cfbeab58,0x7ff9cfbeab68,0x7ff9cfbeab78
2⤵
PID:756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1800,i,15922813096954444293,7181500961303403495,131072 /prefetch:2
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1800,i,15922813096954444293,7181500961303403495,131072 /prefetch:8
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1800,i,15922813096954444293,7181500961303403495,131072 /prefetch:8
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1800,i,15922813096954444293,7181500961303403495,131072 /prefetch:1
2⤵
PID:1228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1800,i,15922813096954444293,7181500961303403495,131072 /prefetch:1
2⤵
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1800,i,15922813096954444293,7181500961303403495,131072 /prefetch:8
2⤵
PID:60

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1800,i,15922813096954444293,7181500961303403495,131072 /prefetch:8
2⤵
PID:4164

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3480

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\67c05863-3b4b-460d-bf1e-7ca3c8243b5a.tmp
Filesize
7KB

MD5
96e251b5ac76544a7e4888fea17e4a45

SHA1
4dc297f952f1415a822e65398dcaa9bd8e232cc1

SHA256
6ce7a51280f9b32698e399972329bea170b3f56fee049efc23c2329dbf2673b8

SHA512
eae0a96a8224f24219b4f0dfd35259eb2f1ab6bbfba9392b73d0a2683b9940bc517c67a5954a2887e5b173ed784a285c11706ba34dd648a26e71dbf9759d8d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
16241083bce2ce83948d923a9b39532f

SHA1
f6fcdbd54133ea215897950b11306d8904b8a339

SHA256
bf8cb342fb2e47b68605a6654f24c791c3f3b3fc387e95380afebd8ebe7b0d72

SHA512
6c441b5d9d7fac67a8244f1ef98bf23f94cc3e2342806cc1385bb62357be0a3eecfb31773ecb30f83ea09dbdbc592469fb6646af20e502f258218a7064edaad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
bfae33d2de6e50a8c4643ec23fa57e0b

SHA1
3ea90aa18f5e7a44c4abb654d34474ec32de74a4

SHA256
704e6a450dcb1783a46569926461634356ea9348c844e10a323f18df74528987

SHA512
eb220c3c53852d5d69a44aef270976a34cf336131ba6a12f49e5a6ca506e9c19aaf0e6a17d39b9b93393e27a7b5bae3ef6eb42faf883b6ce87d0eac2f0ebc13f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
0eccdd548060d7bc4bc1f42f0a388d62

SHA1
ed230a86b204272c680a8befccca0a21a09499f9

SHA256
5a854946eea47ed5928fd1089310366cdfd4b2d802b2900b2fafc9e262a5fda6

SHA512
b1c2bd2a3b2fac60fed875bfc0bcf771ff612a0518ba11607a0e45bf2618fb7797933b0a6cea545d951527e1f13a83f37f3c9ca7a36d021e424e3feec5882b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
fb31d7f438abc02cb49a6b08315facd2

SHA1
6ade145c787cdb247dd2f1244c4a9e0faec1d5c6

SHA256
133311913204af6ef1b4cc2f5f88fd13f37e535bdd9f383d925041345ec239e7

SHA512
af2019e9f0e3aa686c1698ee6801f03220b4a2dc6edab9eb509e7f7f7af031610f5217780630163881a77cee2b3bc0230e61c57cb4c5bd7ffcf025cdfcb9c2f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
8319bccbcf951361a4b3650c0af66636

SHA1
77ed11e514ded48fce5e5020326ac39f79b7ad29

SHA256
6754dcc3c42ebb18ff3a66c5f64b03aa2d43b84b119ff816ffe91791cc0d4b85

SHA512
edeb9db4f8055f50062a464e3153fc7edf77dc4bbc9dc7aedf62079e3991d185c082d8d5d6ddecfd29b3b3d2666167050aff7e41a2d852bccfc0738b7fdc845f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
afd0af48ab539a58f8803912f14b358c

SHA1
cfb9cb1e5215b2c61a99b90df41f4cf1a4447c9a

SHA256
e61f43425060e0ca0ee5b1b864eb063ee6ae5f6492487986cfab0c4dc5ee043f

SHA512
77d5fb9b9ed8684589cefcc82951c190f3570d9cbd793c4d2595a33ef79db229e94e343fb765266aa20cafa024124aa5f91f3232bf1668f97305a7b7dc9f4809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a1d72a0b85377af35201b0fdad56c309

SHA1
ec57c2b78d146316e158f30fcd33bee218ef5132

SHA256
7776da8069e0a5701b5c007a6052d8c04ed42a83b69549dbc7934d3ae841c7cc

SHA512
9f62345a313693add3260b3327556826d3a53d037fe24b5057514f04ce3bcd781dea633e9ac5ce3a45767c7fd1db4f8351b9cbdc9fe0ecfc94a942982b2f545e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e062f1a2379dd205a0aaee888105aa0e

SHA1
d076338c18ed6840487e935745000b3846ecde20

SHA256
9b896fb0ad55d7c9b47e50991ea8260af5e81542dbfe8bebdbaac7ad6572ea84

SHA512
a57481862c0d0f60bb8f807931e404fa3e19ac8f8681e6c0734c467f45bdc749e9aa80824eeadb0ce25866a62efbf051152e2c7e039b0349ad5ee6efb4f2b2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
990ef61e3fd1719d338e83c0b880f634

SHA1
7c8f3bf26d0c37dc564b455c0f5a0b3a03b9f2a3

SHA256
83a93bfc9be43be26750869a55c630562a73df8155feed6707fad8030033162c

SHA512
e7eb3ee6804434c87adc7d0537d61431a1a9664a5a520070569e010abfd79194ba03227ad72f892fd89dc113810b6e63d9bf81d6521c5698466f89f84197af1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
127KB

MD5
0e77f5cf751068f67f02fec6216bacdd

SHA1
f0cffb165a50a6e692ff3a56c4609a68f0d03ae8

SHA256
1c27df003365c6de08729a04865957cc276b9270198a4dfc9c0075c7887c070c

SHA512
9a4fe193f8d6e19219cbfce99f12b870d2cb93cdbaf679da30b1b23eca287d4b75bbb1f6cffef1a6145d1fb2f0ac7235850248ac85c6c31f0a33eef8794accb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
127KB

MD5
0faa951d39399bd2d5f180f43e4822b2

SHA1
67b00d6b3da592916eda2de9f69f12ddbc34fc76

SHA256
ad7dbd8008c87908e317014d749c8b5ad2f9a93a0a31132c36430452ab45c9d0

SHA512
05e9f41fbc7d93895a8bb4994a4b0677621a2986fecb95c3402170b92835b0c98813dd742517ac92775b615dd1079beafef9a7edc91b10bc7aed87cc00e85e74

Download Submit
\??\pipe\crashpad_4508_LUMAZOKEERGRWSIK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit