bc21d8349fece9e42811e44231c98468413b412b5ad3b1088a6702616303c2c0

Analysis

max time kernel
87s
max time network
130s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UnlockSteam.rar
Size

1.2MB
MD5

e662d370d877c6ff931a7ae4847680ce
SHA1

32ee64093d22a9bccae95534d6a66a43ca07163e
SHA256

bc21d8349fece9e42811e44231c98468413b412b5ad3b1088a6702616303c2c0
SHA512

a5f75ea5485a62e7dd0301b1b4473e365e080a1c827a5ca3370267e5893526a79a27e4ba1ebe5548af1fd99f598e670cbacddd625c442334993f83bc76a63b1e
SSDEEP

24576:lzxvkcfD+N7rtKStoycmLTFbZ0kY8zI7XB/mJ/u/q53rPcRDDT6:lzNZfD0PbFXFFFmXsJJrwnG

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1780	SteamtoolsSetup.exe
2692	SteamtoolsSetup.exe
2772	UnlockGenerator.exe
2792	SteamtoolsSetup.exe

Loads dropped DLL 11 IoCs

pid	Process
2180	7zFM.exe
2180	7zFM.exe
1948	Process not Found
2180	7zFM.exe
2180	7zFM.exe
2788	Process not Found
2180	7zFM.exe
2552	Process not Found
2180	7zFM.exe
2180	7zFM.exe
2716	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2560	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2180	7zFM.exe
2180	7zFM.exe
2180	7zFM.exe
2180	7zFM.exe
2180	7zFM.exe
2980	chrome.exe
2980	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2180	7zFM.exe

Suspicious use of AdjustPrivilegeToken 57 IoCs

description	pid	Process
Token: SeRestorePrivilege	2180	7zFM.exe
Token: 35	2180	7zFM.exe
Token: SeSecurityPrivilege	2180	7zFM.exe
Token: SeSecurityPrivilege	2180	7zFM.exe
Token: SeSecurityPrivilege	2180	7zFM.exe
Token: SeSecurityPrivilege	2180	7zFM.exe
Token: SeSecurityPrivilege	2180	7zFM.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2180	7zFM.exe
2180	7zFM.exe
2180	7zFM.exe
2180	7zFM.exe
2180	7zFM.exe
2180	7zFM.exe
2180	7zFM.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 1780	2180	7zFM.exe	31
PID 2180 wrote to memory of 1780	2180	7zFM.exe	31
PID 2180 wrote to memory of 1780	2180	7zFM.exe	31
PID 2180 wrote to memory of 2692	2180	7zFM.exe	33
PID 2180 wrote to memory of 2692	2180	7zFM.exe	33
PID 2180 wrote to memory of 2692	2180	7zFM.exe	33
PID 2180 wrote to memory of 2772	2180	7zFM.exe	35
PID 2180 wrote to memory of 2772	2180	7zFM.exe	35
PID 2180 wrote to memory of 2772	2180	7zFM.exe	35
PID 2180 wrote to memory of 2792	2180	7zFM.exe	37
PID 2180 wrote to memory of 2792	2180	7zFM.exe	37
PID 2180 wrote to memory of 2792	2180	7zFM.exe	37
PID 2180 wrote to memory of 2560	2180	7zFM.exe	39
PID 2180 wrote to memory of 2560	2180	7zFM.exe	39
PID 2180 wrote to memory of 2560	2180	7zFM.exe	39
PID 2980 wrote to memory of 3012	2980	chrome.exe	41
PID 2980 wrote to memory of 3012	2980	chrome.exe	41
PID 2980 wrote to memory of 3012	2980	chrome.exe	41
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 796	2980	chrome.exe	43
PID 2980 wrote to memory of 2368	2980	chrome.exe	44
PID 2980 wrote to memory of 2368	2980	chrome.exe	44
PID 2980 wrote to memory of 2368	2980	chrome.exe	44
PID 2980 wrote to memory of 1988	2980	chrome.exe	45
PID 2980 wrote to memory of 1988	2980	chrome.exe	45
PID 2980 wrote to memory of 1988	2980	chrome.exe	45
PID 2980 wrote to memory of 1988	2980	chrome.exe	45

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\UnlockSteam.rar"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\7zO488512C6\SteamtoolsSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO488512C6\SteamtoolsSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Users\Admin\AppData\Local\Temp\7zO48801867\SteamtoolsSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO48801867\SteamtoolsSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Users\Admin\AppData\Local\Temp\7zO48871577\UnlockGenerator.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO48871577\UnlockGenerator.exe"
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Users\Admin\AppData\Local\Temp\7zO488D08A7\SteamtoolsSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO488D08A7\SteamtoolsSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO48827F87\Readme.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2560
- C:\Users\Admin\AppData\Local\Temp\7zO488837C8\SteamtoolsSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO488837C8\SteamtoolsSetup.exe"
  2⤵
  PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f09758,0x7fef6f09768,0x7fef6f09778
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1180,i,791350006587824151,302984939662640284,131072 /prefetch:2
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1180,i,791350006587824151,302984939662640284,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1180,i,791350006587824151,302984939662640284,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1180,i,791350006587824151,302984939662640284,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1180,i,791350006587824151,302984939662640284,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1180,i,791350006587824151,302984939662640284,131072 /prefetch:2
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1412 --field-trial-handle=1180,i,791350006587824151,302984939662640284,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1180,i,791350006587824151,302984939662640284,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3696 --field-trial-handle=1180,i,791350006587824151,302984939662640284,131072 /prefetch:1
  2⤵
  PID:2676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\56204708-7a1c-45a3-b508-7847639ad47a.tmp

Filesize
6KB

MD5
f798de44d0dad40d1be71ff7182692df

SHA1
badd6f09158dbe98a803086df08c758cd7cf2dce

SHA256
a114709ef2bb0d9812e00525097d759b91d1dcef467159374ad9831f3b27c7f4

SHA512
5adc9bb52dc5f22f1a2319aa2556024de1619e669e0ffcde45d6490a53409fa03b4c73afce297215f4ff118422faaa82a463188039a874f3a6b6612147bf8c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3d2b9803657e7738ace5383821d97a89

SHA1
28e1b2e1d86fb026818c0c3a9c949164d83b16b9

SHA256
dced6be3ecc1de07dd99afd703b325b3766fd7b25aec82cece7f5bd2fe32280d

SHA512
8f476f882c467a216670089a25c47f6aaa87c91f25670df64be9911dd715114678c13d6f5b02ddc49c03f428a1c7420a0975420a683804fa9ac0426e29b83bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
f4b234c3c8f803e87a365dd5a662cb81

SHA1
f41ffae8606b62571b74f6943d69997d6eeda4f9

SHA256
6cae098e3cb2d76eb2d29565c0a99176bbc3b43d26dd292385cd307e8a75c3f9

SHA512
6db0df7abcec8838450bedc0faba346dc8affc806d633c712a30127ed09f7d76efa1f67beb4b9172ef17ec74e8f7794ec52e070e9944ce9fb3b6a72f7ea54b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cfd01e49371a252069224aee4d8a7938

SHA1
96bcb86dc4eab77b077dd5d1993d37ed25d9b156

SHA256
a232806ebf7b861403d80e4200f96482d0c40129776f56a8c435aabdd7d1287e

SHA512
6b2ab06043b38c0a640f9f620021e2971d1068bed2b2040d3593080cb3d925a68334b5a5336d24f64286f7baa5e30558a55233cd3734ca17180c03cb54128792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4548eae8980c6960457057405d8d844c

SHA1
b1194bc1b7fc21aeefaf1578822d03703f2d1684

SHA256
ddc78264687dd0df93e08a02ed88314bc72798150c5b9049ab4ac29f406b37bb

SHA512
7f2bd3266604e848f034e6020f81f89fc89ba7798a760364d605b2c0feb7a91dc87f00a0ea006fd03e0f1439d437f8284f3709d5084ac9c3cc28d511b76f0989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9048aea67fb87b14c0d598baf6236406

SHA1
001861c4346bd07ef58b214f604dd6855ba690c1

SHA256
8aeffbbbb1ddc222f0e057bd60fe58bc37020fd534b80681ec7fb73b2ec22796

SHA512
0439aa8a0fa0e485fb9ff816d5fb4d3e1ae8737be82f378971765bbeba04e307d07255395a5ef71446404ccf3dae27a54fb9d928045eee20678b60890d3f41b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO48827F87\Readme.txt

Filesize
1KB

MD5
d0e3cc1db36597cb168556a6ea90a218

SHA1
50dc75091dd4e60e2691886708e97c6d21090ca6

SHA256
0eff33c482dd84c8391c59d42c472cd0d3ef908f57623d42132e826b1a696260

SHA512
c1002035ffe3d57e6d1889993bf9e98a0b630ffc1ba5acc8651c791f7ca1ac590697d4f6074cbaaf09835f95b31b6a0c77985165a3b78c84899bb6ea77b48e68

Download Submit
\Users\Admin\AppData\Local\Temp\7zO488512C6\SteamtoolsSetup.exe

Filesize
2.7MB

MD5
5321690369d17547a978cd28f45f5ea6

SHA1
173b7be12e9ef3af91e2a7cbfe63a313134c9e32

SHA256
14224256268d10452893cae5d330262b6dd8f854e7f2e8bfbc2d050eb0d0f80f

SHA512
4f2aa0801d685195570c62ce19335465e85d19f04335fe56945207482893d1181c04bbfe18230bf0a490f8f5cf2998bee7f2c1c17146126555dd780d2dd085b4

Download Submit
\Users\Admin\AppData\Local\Temp\7zO48871577\UnlockGenerator.exe

Filesize
414KB

MD5
f93e366f232ae6f5be5ca6ab840d93ac

SHA1
1d6ca041a887eccaebd8bbc4f9a425d2b6584103

SHA256
fdc6c51cc64f09cfd8848d7d537cf059fe3073d80d0fb1d750ef9ee859f1f050

SHA512
941c0a2be2c948966f1e299c285195b791a411f8352ef73966ecb78096e49d74f169dde036298626fd91ead5a8c1540f3a396b490e3a43c9cdd707d6dfbfe39a

Download Submit