hxxp://steamcommunnnity[.]com/glft/activation=Tvc5Fh3mw1

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2024 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommunnnity.com/glft/activation=Tvc5Fh3mw1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133746761452141770"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4252 chrome.exe
4252 chrome.exe
4136 chrome.exe
4136 chrome.exe
4136 chrome.exe
4136 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4252 chrome.exe
4252 chrome.exe
4252 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4252 wrote to memory of 4328	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4328	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 3700	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 2916	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 2916	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe
PID 4252 wrote to memory of 4384	4252	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://steamcommunnnity.com/glft/activation=Tvc5Fh3mw1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8dd11cc40,0x7ff8dd11cc4c,0x7ff8dd11cc58
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,10616541413035952127,15949739842095265437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1884 /prefetch:2
2⤵
PID:3700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,10616541413035952127,15949739842095265437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,10616541413035952127,15949739842095265437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2400 /prefetch:8
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,10616541413035952127,15949739842095265437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3048 /prefetch:1
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3052,i,10616541413035952127,15949739842095265437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3084 /prefetch:1
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3672,i,10616541413035952127,15949739842095265437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4444,i,10616541413035952127,15949739842095265437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4664 /prefetch:8
2⤵
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5104,i,10616541413035952127,15949739842095265437,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4136

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:8

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8d0ed738-3d40-4855-8e8d-7974551479c0.tmp

Filesize
9KB

MD5
3536c2642c4b7d075dc08dc11c179e23

SHA1
64fb209fd0c7713333b1928206e5094418256e79

SHA256
7ce51fec3cc77b559f2d7b7f8240f539171bb38f15bfc7bfaa9afeca0bd19c88

SHA512
fe7d9fcf5da7d4863d348bc8a3e2923280ed12030499012595928fadc27f268a72da88ebbec636e1913adb463b8d79d419b7bcd76fc634fba6b5b08bcce4db9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
216550bf3f47c5c2a26730ee58c32dbe

SHA1
c75ec80301aa366c3080b402cfca2661237f4947

SHA256
23122a80926803ce7c692b5cbffc9f384df7dca81d368ad6d73bf86ffc6a68a4

SHA512
4feef0f1e159efb24c22a33c95429f23bef3ef69a28748f5a00e322db84f132b32ebd3209cdae239e501cd84ce1677727d8e5fd75810772fad5a6f42b6376f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
409cd329f2d40ec9ddc13a9b5fefe88d

SHA1
005c8cc853b4a6f47b68ab083341b061c41517b6

SHA256
d2a6ab9c89b996b0bed4fcee7dbbf9fbb64e798f70309b09d6baf2263bb65da3

SHA512
ba707347ce9cedf0c3f86949416021ff5dbc67f9f198e59dc9a4f0ab056af0e414ee01fca314037e1d17756fcd3567b9fe07ac6e8a7db04893ff755ef6ceab2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
ce4976008f91b017974a30f3f7d0e08d

SHA1
7ec57a60c57a44b78bf3528f82af1b943e264694

SHA256
fe9cb9655b11db15a429ea5d85bf1c3217559f461f2dd40825e53361aa7c75a0

SHA512
d5ac909c5449681ad0cdf5c7868b81a4e44168d8654a793c4c7a0955ccb6cb1f5c1cfef84911526ccc7815d6dd1c002be508b61e4f8fb5706f7933b58b98a8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
6e82a7bb88e1e3a859e5282aaf5f6dac

SHA1
5fa638d0972e7d43c16ed4dd00c3ddb61b23fa63

SHA256
acfec15f3cf86d93a77f2c0b85ff6f6ccfc4c630e69b901d4c590a1a92f69698

SHA512
4226d4852989a1c1c2fc542b8179365af92b3ec2c9c0a3434bec811d9de0c6412f6ce41c8c4c91b154eebe83cabd2dbba425f21cf4f90ab0c44b9ab6e01e727f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
68724f39ab33142643a978c03e31e2dc

SHA1
6b0c8a62bbcef957d5d0bee4f1bbe67944bbb244

SHA256
20d0f0f1bc651e71074e23635f3bdd876c4b83a27c136ff723fe531694791748

SHA512
74dd79c7267965e95b9603f65bd83c1221d09cfe2eb6c354c77a88a6f80f9ae1fe4de0e829cb07eaa29045a49369bcb6e8c33710c3bfac84241af0bbca0f4748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
06117ade38424f3e9824c4be4a9abe15

SHA1
0b073077202bfe462b5a3796890d7c4ffb1255cb

SHA256
f62df89102c65fecc726f35201b63e33f4c7267403182595670b4c3fa2bfb3e4

SHA512
1601a0ab4a999f44c56a9d3de2038812cb3a7ee8b92da65b529b6df55d88a80560ea189f6f7a855f36d67d6ad93838ad9c86cf5035af725f41d42bc3d9c32b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
938edc4441f9110c2e2db90cb7f8ba2a

SHA1
b0b3afe36de7ee674741833591be10a7344d4629

SHA256
65a11d1e98e8d0342850602d93b3607e716e6ad71f2df02c50c4b56aa6509cce

SHA512
8fa01d2b4457cf121bd976d27f6023fc93bb5b2be16b355addfb197df5189c558af2fd3f59bcafba41a2e56a2e7ed9e49654611d5210acc6c4faf40e151eb0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
41b6fc205161ed9d5fbdd94ace6b8700

SHA1
17743df8aa6854e8b813427dcbec357b1b3e2256

SHA256
b42c55e7e54b074546d67aee1f444d5a3f98c78c401a687b9aae44cd9cbf6ae9

SHA512
682b9c575f21a048dbc76f7864a86bf084f818cacca32340eca31afd5affe72f705c3c7fbe5201a28c3f8e9f15eb2c99f3437390a48cdef55be1071a5655f8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4462048708b1ed6b80a75c1a653ac1e5

SHA1
bfc5367a11deb9ef126178ea02893bab5d683b1e

SHA256
5de5cc323cf3b7623444bdf85df165216bf8e397daaaf7258b4a35d91f52d2ae

SHA512
42f729abe4396fcba34aa682f45be9506cc049221e1896dceaca639ce0612d5078658dd0c186e872c4498b376a502bac93045ba5ccd33602f8573391febf882a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9bcb115cf7c5e4ddd746df411a21101

SHA1
57045e0b8dfb5b4d674f2fbb825fda7b4ec1cc30

SHA256
b4355603cb510eaedba8867d1c1223feaa23ee472da7cccbd75450d64bc6e0d4

SHA512
6734426bef82fc27c4320c6f0f7f6399f16989652aa86a49ca4e70afdf410c3d32aca95e92102ac9f72fe78392991230d1dbf7140bbacb7b2eb6752946892df7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5777069830c63c5eaea8179b8ac01624

SHA1
252d9d520210b7e050eef29cd78c1f8c92aac0b6

SHA256
2791f50afd4c191eb3bb7ab860ecc35923488131de2b2dbb536d5d938dfb052d

SHA512
5bdce774b5cdd8a1fec31ea1185ffc6bff905b10dfde026a3f5ae514f3e418bf02a1474621d7891bf4be691789bbf97726b8689c020da562a7122724978be07d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
80bcacd6118c064719d4d87079bb0108

SHA1
b93b7ad2c52d81d6dd5ec73004e5b2b1e42f6bb4

SHA256
0992836e216891c973e53c255ccc2b614aee4e1d3e671de65214b447b3990d2e

SHA512
bfb3080faf3d7df6ec9e15dd49bd0e08c81b2ac4196b1ac8ed03e8393d8cab18e7aa6ff31bf8274b47382b0b73284ca1c7ccb083e4bb32d73bf68166c987d5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0ada6e03072f7535624fdd219dbf8d0

SHA1
eafbb8e1abf5bd7d95133a5f9bf3efa3b6147754

SHA256
bcb4c27ef0138698cc7aa55c2e0c3ce4f6b7a33b06f6a0ce28fe6d443e9a95b4

SHA512
0456b4549ce211a41e371a7b7e6c39dfcbe2975adff9e937cdc50d113a82cfcc06478b1669ef39f2a7c4556e57ce1a48e8ff09f0aa6d95ada57f2b23633cb7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b67fd6edee762157801635c7af4d4e04

SHA1
f31c04e19048412ba3d4c9f08f36401e311702d9

SHA256
4341ceef462a70b52b70fe29bb6a3903fb485496bd30491685edb78f7e062ccc

SHA512
16d340ce42ee5134009bbb274753093b76131b4b5663bda2ff285536fc5dd739298ca13f960649e54bc3e639ea46ab881aa2b5922b36d901cb6a470df6a5e086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a8db485fbc1ec3bf3b709ed25e2d901

SHA1
730f4f0788fad4bffe19e583b2ebf9f40b65472e

SHA256
3bbc86f7a9700cae5b7fdb6d5360f8873ee299837e205778b955bf84f2ff7597

SHA512
18d26ada13f84970b9ff274b8cf37b58492f8d23a028cd5ebbeec7b1c94bcc0c15cef7087f372c582552a337334d4c71baccc917a1e7ae2982046b36ce41ab30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c5cf9ec065c383fdf9060c1d808a10f

SHA1
a02da4642a4faf57ae41e821e256fd2674374906

SHA256
d6541a910da46b75beed4d73ba45213651690331eccdbf2367a9fdea139485d9

SHA512
8d6ff9571d43e76d3731f3bee61d33d648826a80f5b409f1a441b03973ad15fd8b7cb8c2c5ceaf0e4ea33d26b46b64b98474bec801ceb945e1ce79e16cfc66d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35091ec239d7b4740d2c1fa52c1ab298

SHA1
9d4461ed115120f591614cfd1219c650a6d3535b

SHA256
ea8915c010749703857e2f65b3b382e961af883e91698a733a9bc36e115337f3

SHA512
05bc00c863950392e4e87aec3d88037cf5c339adf8055bea5389faf0f3d735aeedcfdcdd2f21ed265afb6ce4c82f2a7449a71044b4f927d36483eb9269f65865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10a40513ccc550d39f6d1ed098be8442

SHA1
7d6d8e92612396c333957a71c0250734e0f70155

SHA256
b461d088c86565162b57b134e59036508e719b01d5a33c4db6f56c5de371bcba

SHA512
a641cc421164576e682aa43df6e2860903e876144d56e660340949611341fafe5895ac32947a68a740017384415565a7c3bfcc720c0bd7bfc13eab996e0a83b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b20f079f515a8950e21bc0a0c0207d12

SHA1
83205ed2866244d22404b8bdd6bd35156468717c

SHA256
ac10235b5a1f48c6a64660cc8dd0bcad92addba129bbae2d01077ec87d41b012

SHA512
8bb110de32df7562f70e5f1f06eb1c57801b77adb53f3dc0e092fb2588baef7d830a940eea49d819aabec37b6a03c56def3215abaaf30bc202f9aae6879425e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ae414274-b0c2-475d-8969-e93267ec0eff.tmp

Filesize
9KB

MD5
3f5fbadfbe367106f6edc165220b10db

SHA1
ad6c4a8d0595160332661995ea4846e8936d79d9

SHA256
9544e6b4600836d76297683959019eba1703c61137ee07624713e92f8bec977b

SHA512
2b75a147eb301e1122d755312136edb0cce60799cc233334dbcd01914b29f949a5b8fb27b2cf6ca508f2ac92d114e82ece202fc5b9b7adfc049f06f9f8a5f9e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d1ab0f68265e4d05ef0bd1b54219b805

SHA1
b152e4365994618e7513b236753e17c9792dc56c

SHA256
da4ab4ab6c68bf820be0a8e2524e35330a8ea31f11256f62e620131a3a19d8e1

SHA512
306e8a3a389f6663ed3191f614c8a6d22fcbc21340724bc2c18545cfb39941049bae39bc4b364c287b40453b9f39a65b3b5a354b73393c67b3686b0b02a6aeb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
36fd2e1588c23f14aa5926fe4ec5a1dc

SHA1
9c91fbe5c72e240a45dc98ab230f7f9ff80f11ac

SHA256
09f44f3843416f6428fbba93da7526a13ea8f539d70880c03812937ebb75c065

SHA512
8c35715c17d958529b3085a2715edee39a833a2bc936cc518e4640a203a335ce55dfbc46825ab8f90ac710b32f37c6427ece6459350e3186b2ab6d0b1ce0dee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
8bd93abc2a53927a08932dcbe9ddce29

SHA1
4b9c8da0beb426564b8a53b1b9b2d81814ab3d79

SHA256
3de8fec0ad042782d162cd7a14c30095af8a79e8198f27622e5280630c28ebe0

SHA512
4741f975bb4fcbe836579d80325dc1520fbc8706284e79564b5f66bdf9e89b48bb278c72c77f47c52f042caf69c021070c2acc741e9d440a0348a0fbca417212

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4252_HGGKSLVZOSONIHRX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit