hxxps://steamscommunlty[.]com/gift-card/9376698151

Analysis

max time kernel
71s
max time network
65s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09/12/2024, 22:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://steamscommunlty.com/gift-card/9376698151

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133782579620990005"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2840	2808	chrome.exe	77
PID 2808 wrote to memory of 2840	2808	chrome.exe	77
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 5484	2808	chrome.exe	78
PID 2808 wrote to memory of 476	2808	chrome.exe	79
PID 2808 wrote to memory of 476	2808	chrome.exe	79
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80
PID 2808 wrote to memory of 3420	2808	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamscommunlty.com/gift-card/9376698151
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac108cc40,0x7ffac108cc4c,0x7ffac108cc58
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,17375704434608221846,1693152616551724533,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,17375704434608221846,1693152616551724533,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,17375704434608221846,1693152616551724533,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,17375704434608221846,1693152616551724533,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,17375704434608221846,1693152616551724533,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4572,i,17375704434608221846,1693152616551724533,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4600,i,17375704434608221846,1693152616551724533,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:3596

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2a21ee78-bb0d-4fa8-970a-8b6cf8dde96e.tmp

Filesize
228KB

MD5
54ffa4f1cdf13399d8a3843f38ab6aea

SHA1
9a3c8ddccd3d54c41ba85158cedeba64387675eb

SHA256
1387d0539646e76bb065a7ce3569dc73d06acfa58da208533af0d34084f0e8fb

SHA512
f8330d796c862e05fc8bfca47e2b3a4e21a0532fa14e773b7eee171857088361d79f564470f762771f755241a5298f0a0c9124dba602296facc17e75f9d38442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f9ec6b37aa597b550d2586390454e1f4

SHA1
7097ac38dabc4c165ec57a3c544e820d9cbd71f3

SHA256
1768f3456b2cd96588216611836c7fbac8972fa45ed91699a4d7f40e0e16a9d2

SHA512
2e3acdea6c0bd470c35cfbcc250feb0ca7b38e71f40d3ad979ea3d8535d14e8f5faf844b619ddb307e48b43900048ffd6a1933b1a15d25097f22585386f8d73b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
3e0dfe41ca5364e6d157272afc8e4c1a

SHA1
6d0c1df081b9675e9d41404b48ec5d9729a58a91

SHA256
0b7b03b371c2310fd20c0b42a8be2805803a3657057c648bfe13745c99135779

SHA512
16c97de5f5cd03b035ae01ce200961a2a1a69b30f58ce295b8802654368825e4dfd588b3611bae69bf22f470dec9d44baf2f31910d84ddd97e9051aa28ad0e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
852a615c9ba06c6a7c155951d8ed8dc1

SHA1
171a2bbd6b90279e22cd9adab0455cb124ff0678

SHA256
33947bc5c69db5e7ee2e96ef935c5760e8445b846c2412fe4668bf59541b4c9b

SHA512
e40812395507a51c296f45f9786e9da8aa3651475e34bdde7de5d8b07ab7f53365a580dc23f696e5ec19a64df3821b47b6af567163ccab24ce2c0eaed17259ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2eeece0ae06b7cfb8e8843164c4d4f6c

SHA1
dc2924549d63571d2976141f0fc6c9212b6c2892

SHA256
6a69c8c6fa26936781929444110765a64d6be8437502f6ec343b780bab0114cf

SHA512
11828cc9399ecd39128f62b6dfef827f17314e66df439e14c8814b87ceb1eb9893a808b111b010663ec9e90877caaeb6c161846b99e1dbf47e64253cd072d74d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f84083a053dbaae1c797c8c118dc56df

SHA1
47059fad5737422d8969261b3ff0d2d31b9f317c

SHA256
71d9bb838f424727faa85b4e0291a8f5d3b1769546ea3517b0cec3661c519ba5

SHA512
7a51d5b41d836de5b931b84380ff097929f590bd311c99d98402e75170173d5e944efb53e93edc3d2aee2834ebd1e664731668f1d748872e14cbdd6733ef40c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
333ccbbb0b5bbf9a375f1a5067e94aa9

SHA1
dc62fff3d26f3357815b42cb43418ad9acc1a713

SHA256
ba157b2c3d0a3165c5665fb4da9b3356fb1b9d2fdcedde4ccc3e52ba03b59596

SHA512
7c85e2670cb4b8b91d3c706ddd591675af6e499593dd104f6640dd2ea1faff302d32b102d60d6e6a9fa23cfe0df82d7ea87d198372da5ee05029ca274002f4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f2a0981985ac8a0c81f9602394b967f

SHA1
542bce8419a0ea3df9fda287432c394893fb6206

SHA256
259468ed2a7302d6d2855e6be030aae9c9da6d7d8434273a16b9775968f71481

SHA512
59e6d3a3b63119f5fad4a20eed63846dd7f11e70a20e841950f173825491c6f387a06ee8a020366bee23fd11f898567e0c6d669561d8c3e1c2f6fff48403b85a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43a3ffde017b573343f50edb8858caf9

SHA1
aea944771e99038884861ff98f487af4bb4763d0

SHA256
8a30d6fe39f1e685590b0b4ddee6481c623e4b79b7fe38694ded2ad10fc7c50c

SHA512
8c6af40e0be89cfe981108b55b5248679ac98159129bcc55051c5d4461f7a6942aab125ce269e53ced751bf3d8832b12b01b4f1e6c005814b742cfde85b60c96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5567c6093eeee3ea71281099418f3781

SHA1
4c2f209c321c1d80d4cc97de0ca96b02f3308447

SHA256
06c908291892718b06928f11370d9920d576785903d8f380f4a75b9e9a746fce

SHA512
7c34e24e7cb20f83c796241c66a0e4524bb6dd0ad5869a84d9236b046c654bfc486396d9f1ea3a9ca66b0407c215856a0034af0f4b8330fc1d68af2a38662c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4d59cf7e47936a2c7f6d48690f375e3

SHA1
8bd66e7df4aec8d0d9222659974707b94ca60bb1

SHA256
df5303efb731f7d173da295c0d0d4979d14a2470a6906be6ceea3f33e8683a3b

SHA512
3cb3613befa14bd6314c3f4d19ee2fe18ae3e6443449ad78c10e1eb47c55adc24576236ab3fa258bc8c9ce3be6eee9dcbb0071b9162cd54a07bfaf1dd602a21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a491816f-4f95-472d-8ff4-db60c7603359.tmp

Filesize
9KB

MD5
2239652cdfe605ffa2be15c4622f46ba

SHA1
8459ae20bb986b05dcf31fb7ef7f2410ab8df48b

SHA256
0e3ef1f28fa3b35f6de8c0fe572acae07eb9d93fb7724739ccc12cd5150fff13

SHA512
3629b6930afef1df640200c1c53dde2f48eba4572aa8d4d7c1beafc7baf969d81fe6cb4e92e097c9f2d981865651f9ec35bfce97822cc0263db884c25f795644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
24bdf18734c51040776a6a98a0ea68f9

SHA1
af50a72d6c3fd97fe369712f138dafdb05b5cff0

SHA256
f1535fa16c7a2a77a774614e36739952d7231665693e991bd916cf67968a9ab7

SHA512
1235112671b571106668e25281c8558464d296e76a6d3a38ed3978c6a0ed57de0c2c075cc4e9442a68886ccd9424ab8f6d8c1ff74bef276c5e88b75eaadca6bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit