hxxps://steamcommonunnity[.]com/card/receive

Analysis

max time kernel
63s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/12/2024, 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommonunnity.com/card/receive

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3372	msedge.exe
3372	msedge.exe
1228	msedge.exe
1228	msedge.exe
4364	identity_helper.exe
4364	identity_helper.exe
3032	chrome.exe
3032	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 4448	1228	msedge.exe	82
PID 1228 wrote to memory of 4448	1228	msedge.exe	82
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3336	1228	msedge.exe	83
PID 1228 wrote to memory of 3372	1228	msedge.exe	84
PID 1228 wrote to memory of 3372	1228	msedge.exe	84
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85
PID 1228 wrote to memory of 4388	1228	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamcommonunnity.com/card/receive
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93b0346f8,0x7ff93b034708,0x7ff93b034718
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10557838741981597151,1488028136105817627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff928a0cc40,0x7ff928a0cc4c,0x7ff928a0cc58
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,3767787520763210062,9766553144105205219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,3767787520763210062,9766553144105205219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,3767787520763210062,9766553144105205219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,3767787520763210062,9766553144105205219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,3767787520763210062,9766553144105205219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,3767787520763210062,9766553144105205219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:5500

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e97e4735ac79a66657effe7838c87423

SHA1
b79381544657e66e912a76156749a7c146459037

SHA256
0696af493b4ef01ab8b8d4c16c6dc1500ba69edf9ca4d061f109db23b53d0dc1

SHA512
bb4ef77692bdf9e76689ecd6d8a2dec11986c88ad7f9f0c97b8da4fb5a5b42eaad436534bc98da9051877323ee8bdb5a7b8767a5cfedbdcdb9e192c10f6a5720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3f5d4f2d826b1d9f1859b6fc5e571888

SHA1
f7723ac15c308225423588e9f588c95f35d195ad

SHA256
e8408bb22c3858a329a3c5228448515ea958f5eae5cdea65d5ec180efc06e678

SHA512
7bbc5b3e9deb8072b50c537f9b7441af14f84fc41cd7c46a027710f3f4c9f620e19b2ca56169ed9c9f4d8fe4e2b20877c921794020e3948eec26bb27a0cc5d35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7e56b50612c42c1e00fd7d6179ffb82a

SHA1
bee9231df4e5eb3f9694b6e173c4cce3d61f913c

SHA256
ffe6faa220e982d6e415ba095ab368c42927768fff529b8eb965e8f2138af425

SHA512
17fe2ae312a1328559fa2d9593091a1055d62b21adf657c38cbf823905212352a9180c135d7e673cd660c5600e2d07ba51009cfb70de39fbdfd9356b3fdce20a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
586aa90354c12793bb2322384c5bfb53

SHA1
a7b9309cf0f9a62acd9e6f3c03d80caf621e6737

SHA256
e9bde621ae43a673c69c47280ca908a67549edd4a9f8b81549a90871be9202ad

SHA512
bd147cb03eec08c56773c938de555ed914caf97fc9c82b74dc733d54d9617e873c710cc411464a8559856aedc07a693c420aca6c48ffcf42521774d5430a2000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
bf2f74180709f1633d52e184ccd5fd11

SHA1
61a4d7179ac95b9883803b7f4a01d9719296375c

SHA256
7a8c00df075f02341aaadd7078b5dd07e6a474edc58598847551cfe7f9511309

SHA512
a3e8e5d17dfd339a5e6e8a1c3ce3a6a5902b4f134657b39cf2ccb3def76d2cba976e3697e02e297bb3a2177a422a5edf5a82b73be09ed6e6a48cc3a4ff53d28c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6dd2e03d5719b41a3d855d254c903aa3

SHA1
10c514e1eecb1b94c3cf1008365b988b39f3c213

SHA256
15d8770da4dc8ccffbb3aff1e99ceaa09172796f257353a4cbb96957095fc0e1

SHA512
7b1fc8193cb9d698174b38a38387fa33576386e79d62f31679b2a287e3bb632e97238c742a6f576bd1f92f2a0a3e0dc1c2ce99face917a48d10e307cc11228bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d2d43b786eea8b809d6727efa6280e8

SHA1
7e018b17cab4f6f6c5cd3c406eb128a604afe336

SHA256
7a7c05a4a87a2996ba708c6c55c1fa11d4c5b6e1590cc46b4f47a5e4d199345a

SHA512
06eb7210553c03b954f9db55155e99c5566de8652e226d5864ede6c7daa47af014a570909d943fe77b56ded43d0840c58a279c6f10d0691d92605ceb5052d893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91d89978ff8975d8e4656ae7456f40a5

SHA1
a48eebbec6d59907d31c277c50b69ab74e9717cd

SHA256
b11a75b1fb4aef6332a120d5ec925576100113602e66f50db5c99512ce64d0b0

SHA512
a8c2680be19a1b66058b9d34ef933c79478522ef12f490045d3ac7e3d7c7bf9a4d8efc05e9fd650e4d0d5b7c89292947de929ccb490b73765f45a9d5d76995da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
291b5364e777a029f290737cd0c0e388

SHA1
f6dd04e09ed32e198cf33f04d95357ecf831a273

SHA256
de06fb1d376f1128b3cd523d99ddc729e5e52e7aa52e8513d8f9bd043265d616

SHA512
79144a6ae816cf209f430ec8e97a53c64ad876be6d3b3275c9c87f31f53105b52f1bbabc9a42cf3f5afbaa6bcd126f367175c163d14a1dc86109323364b5ab04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b954839d31d3418bab06520515410da

SHA1
c574cad3e697b92e397713500df3bb0579fe1753

SHA256
e7dcc5067ccb8e8a81fe2446faba51ef1329b45b2fc37091cbde817cbb42f50e

SHA512
c0f0894d4575a789113c53fab88f1b0353f5e9bc03cf6fc309dfe070e6e17dd47082c6a3bb212a37269efaf8cce503136e2497f48ed7d73ab1f139def41593c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b9e9ee19bee8aeb4782ada20db72c4f6

SHA1
cf8f9259c81b247c259d41ddd783ffcc2dac34f5

SHA256
e38d7ad71bec2ab4ef5f356ba9f5f46926f420fc229e061f5d10aa3f4909542d

SHA512
602deec379dd273fdc161c8ed004b2ca241cd4428037ff548faddede8eb39ed2c6902cfe205cf4dd4d3c3c453ff6faa794f3cd550b9fbe62f65ac0b9c95e9d04

Download Submit