hxxps://steamcomnumnity[.]com/gift/activation/id=9567453697

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcomnumnity.com/gift/activation/id=9567453697

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587062879893446"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4888 chrome.exe
4888 chrome.exe
2432 chrome.exe
2432 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4888 chrome.exe
4888 chrome.exe
4888 chrome.exe
4888 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe
Token: SeShutdownPrivilege	4888	chrome.exe
Token: SeCreatePagefilePrivilege	4888	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4888 wrote to memory of 4656	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4656	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1192	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1688	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 1688	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe
PID 4888 wrote to memory of 4708	4888	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcomnumnity.com/gift/activation/id=9567453697
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae9d69758,0x7ffae9d69768,0x7ffae9d69778
2⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1888,i,6069136138409584597,15330865309171593563,131072 /prefetch:2
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1888,i,6069136138409584597,15330865309171593563,131072 /prefetch:8
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1888,i,6069136138409584597,15330865309171593563,131072 /prefetch:8
2⤵
PID:4708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1888,i,6069136138409584597,15330865309171593563,131072 /prefetch:1
2⤵
PID:4684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1888,i,6069136138409584597,15330865309171593563,131072 /prefetch:1
2⤵
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1888,i,6069136138409584597,15330865309171593563,131072 /prefetch:8
2⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1888,i,6069136138409584597,15330865309171593563,131072 /prefetch:8
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4820 --field-trial-handle=1888,i,6069136138409584597,15330865309171593563,131072 /prefetch:1
2⤵
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4868 --field-trial-handle=1888,i,6069136138409584597,15330865309171593563,131072 /prefetch:1
2⤵
PID:1152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 --field-trial-handle=1888,i,6069136138409584597,15330865309171593563,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:1652

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
02c94faed2ef61c2832be226dbd806f5

SHA1
94b82d298a9a5fac661dfb422947915db77ac7dd

SHA256
7324b91c3a19a7509ae40694a27060c164f9fa859d2231a6a6dded59629358e4

SHA512
aa1a20e99ebf485520f9d775c69738f8d83b14454788f8dd8fcaac8edd627ee40d2d0b694508239631077a439ad8e5ff4b1291e6092cf0ae7f8ae7b47e5d7f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
c4439a732e16856071b1534ceec748c4

SHA1
947423635bc4d33d5d47b891c23ba930b2d05851

SHA256
f3a8723ca2db512ae47cbefa0d6609ed9417105d4a99a0d4ef84aa028d1a57ac

SHA512
2991906963b128483c9d4cc4b28efcd7842f999285c52ee58cae24e5ba69daa7e23c2d6ae3db17d5e12c791537f02bfb3ad5dbeae7822c2276ee6ac61649e246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
4da0ab437d6322de9777eb70f2ded904

SHA1
1acbb531649abe5c0fe5b69798f4751ecedd566d

SHA256
e91a8d64252b15a2fbf84a052669186fcca51399aa251eff346c4a2b1565df41

SHA512
4da27598dd2e44e3ec1dbc061614c5bc335885ea7fcbf06bc1f494005e0a8b2d21e6dd64e81d50931d0df79a418e73b84123472db0236e70c0c9bd7978d9ebd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
702B

MD5
1bd27eeb62b5dfaa529df383ec486181

SHA1
8a67f1570311a24a53c57b3265a4ddcd80a04ee0

SHA256
5a3b8e617ecc7f7883d278e9c699c93c8f19b48feeffe8d9d20f14275a9763e9

SHA512
3f40c7c5f1651e535d5ff98925a43272680c8c58bec83aca832480d68ba8082de0a5fb24cf8a976a508500b27f33286f51dbe45d9c0974f6e1d911b1a9e05cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e369ea692cc9906ce648254f5072b4d8

SHA1
e67cf442dc47f7805adc8267b9ff84cd44b7cbb7

SHA256
b35c983bc30ae04f53dec1c571a919623119f15f9c2870355db058a1bcd42d09

SHA512
0250bb43a9d04b1b4b988d73762dbb2965ee573fe14ecc4baf9c37b8cf236b317911a4ab8f924044211beb3eb8d6a178d9b5f60189724208ea2412e1c0fe1f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
69ead7073ccabf8ef10c1df9d466db40

SHA1
c7aa93f3c938190b26618db63c25b23fba6a3c45

SHA256
f871897f1a71514c6241bffb7325bd7ab79783b4a68f506d0db5e54b7d555eab

SHA512
a125e11204866479a6d6a574efd7abc170d001e62495d759e1f636281e9447c2767b60ea494181058273e6e7a16e15160f65b7436e86acc1eb6137aa3df0a92a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
e0491882b33670dabd50ba5ed9c85e6a

SHA1
91f27d8cb30307344c4dea2fb192e8d5037b62bb

SHA256
b397e9979ebc83cd299b3175f7cc4c03c36c3d07bd8cb0ce9a93c29b164d893e

SHA512
6506d9b7c108b724c328a65526f4dade9b5646e1ee035cb2c198365308108bbaef6feac0c4654c767a8d5de286b06b674d3dffdd2e3125b373d12ee242a2871b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
62e15387f6fdfe303db3ddc32238344d

SHA1
b9e4c870b9861c8f6225625020f758221a6a06c2

SHA256
6cc94071b0723c5e33157845c679acff87b6233c19e81a79d8bb5663a7221789

SHA512
2bd14a00067e9dcaa51b02ff1fafd2227ae3258d1f47ec696480cf8e6a8179dfdfd2ffcdde358fea728fa1368ba70a5a1a8a65d6d0f6e8c028ba0d01364c489b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
8c966bb05ebdf550303ab69733b29b39

SHA1
1f98d1d105faf127256e3d7a753e1be71d1b7073

SHA256
f487e9be24eee78633a316427943cbb878c8a00d7622c2914d828cf11e5c3d8f

SHA512
abcae39ce8c7a84ca20ddb977acd534a85e99394de38af9cdd2b41fd80a0ce88aa1704dc60e6d4db33b0db39a6d10dd2df0de6a75be6af7a6b972c12611703d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4888_MXYXBNDCGHWRTEXQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit