hxxp://steamcommunity[.]com/gift/76561199446779484

Analysis

max time kernel
60s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2024, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommunity.com/gift/76561199446779484

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand steam.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693480599734492"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3236	chrome.exe
3236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe
Token: SeShutdownPrivilege	3236	chrome.exe
Token: SeCreatePagefilePrivilege	3236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe
3236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3236 wrote to memory of 4904	3236	chrome.exe	84
PID 3236 wrote to memory of 4904	3236	chrome.exe	84
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 4284	3236	chrome.exe	85
PID 3236 wrote to memory of 1712	3236	chrome.exe	86
PID 3236 wrote to memory of 1712	3236	chrome.exe	86
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87
PID 3236 wrote to memory of 4404	3236	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://steamcommunity.com/gift/76561199446779484
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae86dcc40,0x7ffae86dcc4c,0x7ffae86dcc58
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,6910655858937374395,2368548702790716205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,6910655858937374395,2368548702790716205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,6910655858937374395,2368548702790716205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,6910655858937374395,2368548702790716205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3052,i,6910655858937374395,2368548702790716205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3856,i,6910655858937374395,2368548702790716205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3376,i,6910655858937374395,2368548702790716205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4868,i,6910655858937374395,2368548702790716205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4008,i,6910655858937374395,2368548702790716205,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3808

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cea17a240798e1dbe0d995aedd58dbe3

SHA1
1f4a8a9cee3c73be05a80589523b9df3e649a9c3

SHA256
62791087a42ba55b94988876e64371a66f3ab3c2f09ab019b927fd02720d5949

SHA512
344f3a9ec919c1bfeb4604b1da305f553d9cf97335f69129872c827a6a83fe46d90d1568926ceed403e1864b1e8d579b43afc68be218910d5a449942c15e53c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
2b0635262f22e0ab7e91c5b766a489db

SHA1
4053bc9d6583c509ecfbe9888cb3034906bbdded

SHA256
80c15eb585c61de69445c5c2c44ab27c3119ea791449fa4effdc3a161c7ab6da

SHA512
a35236e3423164ef0a2d98f7029dc1de2f0f3b4e884f603899f97045a71ace23459e38bfbaf942a5a2982ba5a783e01e0dad8660588f51ce05fc1b35ad7d1df8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
68687f5efa3d2d5a25facedfee4234e0

SHA1
e64e0671e63f40b8e132ebe030463afa5a8362e7

SHA256
4f7364e6a586cb6eb0b659b65233c4f32b3fb8605affbeff2dce96274d03c65d

SHA512
c3cbd3f44ad1b6151f31b81c36829eb52d4f8aeef3a778cf78490ae5504af1f4286905232ca62753fc8fe90a959ab82c0c8b63cb33955fcbc3d976fd74512b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1cde901a78a31b70ee322006568127ba

SHA1
46df91335999fa9deeae960375169f73d160eb9f

SHA256
b2ced7fd06ef843c0bfded03c518b6e38e7993d4756af52f705424a0c8f98289

SHA512
de7b6f1ea5e6e9f5c51bdf121c47f4e05bb4057626239071b580f748bf9f8e57f054db22c6e6dad81934d3d4ccf5db96a3e5bd28a9259f71197d03cb48067b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1af3b91c09206cbaa072e904c217c4d0

SHA1
077836dbcc79ab5aa6878c2baad5876817aec529

SHA256
64c1cc772ef61e08f0cf5f63f4676d730ef443df050b810c0f6afdd145d11778

SHA512
dc90c2929d6200e3805a29c978897f8f8a01e66c4f4aa605210132b017ab11000338ce4950057d4522b062420e3346509b701669636d0e0f9cc627ea47069f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e26b20341088264fdc020ed9038dcea0

SHA1
2c2af21c7dbe1d1ece61cc0a58a1f1040efa5506

SHA256
ee8e7a718ebd2f0d0e6663eeca421dcd5a0504479f664aeb607a29922053959f

SHA512
83dec0b803d9db72c340a17e4f0342a8fee21567c42394d36201a1d686fbffec2a0675afb06bb8a383178f11c376c6e1a3d4da2ee7adaf35b2a418ae4937183e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4413a3cdf0496d47d429c9796f6bde3f

SHA1
73b4b9c4e247c8723df453a02930a9a1d7621676

SHA256
cbd184dca9464b76f0d487edb3e4935c9b1a3817450beecb9b688e5a80c62acc

SHA512
0e8bf042820392d893536976dc09ef85d021490b51b92ec10d829483777fabb692c64f09a22467e2d44da7739b5441072c985e618f69ac79a1dccd7ddea7fd7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1c2a2a12d5ac21ffc9e037b2f121557f

SHA1
efb0ffe0d405e8c21730bbc2c3c8d9bfe28a7266

SHA256
ba580598285ffae349e38a61f1c2687bf97182b1bb229057d40aca721893a910

SHA512
deca0327e7334f0393a0a9c04145a75a434ebf4cf2cedb837d0e64fccbef93e2eda190f19999a91b31be941a5295c6febbbbe7e8b2ed67b9339e7fb0371614f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
232462738d4d5dc6e0614fa659983c35

SHA1
85fef82a0ee0ee26161969bcbd4df41af0f580b0

SHA256
9b7c962cc7b346c9f5f52b5a32fc397d6bbaf3054ea33e57a56e7420d64d7737

SHA512
94a184ea9de9271e9d1f310e8c29568d4c3bd117e245966a26b2d1af514c107de2d4eec2f29ae5dffa9a4b1e5be2606d403fb96a16c9daa174910b2170787258

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit