hxxp://steamcomumnitty[.]com/gift/activation/id=5495914643

Analysis

max time kernel
900s
max time network
845s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
25-12-2024 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcomumnitty.com/gift/activation/id=5495914643

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133796407971748991"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3564	chrome.exe
3564	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3564 wrote to memory of 2292	3564	chrome.exe	77
PID 3564 wrote to memory of 2292	3564	chrome.exe	77
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 508	3564	chrome.exe	78
PID 3564 wrote to memory of 3484	3564	chrome.exe	79
PID 3564 wrote to memory of 3484	3564	chrome.exe	79
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80
PID 3564 wrote to memory of 3672	3564	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://steamcomumnitty.com/gift/activation/id=5495914643
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff977acc40,0x7fff977acc4c,0x7fff977acc58
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,8086095668538069671,10228361198628202815,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,8086095668538069671,10228361198628202815,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,8086095668538069671,10228361198628202815,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3020,i,8086095668538069671,10228361198628202815,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3016,i,8086095668538069671,10228361198628202815,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4392,i,8086095668538069671,10228361198628202815,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,8086095668538069671,10228361198628202815,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3360,i,8086095668538069671,10228361198628202815,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4936,i,8086095668538069671,10228361198628202815,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ae061a6de1b33a44bf348964911314d7

SHA1
204b37fe9bfc37406066ab2876378d197b2b36f6

SHA256
87e476c503c35a52943c965da8449da1148975d4a08f4a206de51e57c6835b3c

SHA512
40142be5ccefafb7f58989410bccc1c66521db9d634f80f94a270cf2880d8a049167718548ef923f115a8474f5b362fa850eb982500292d56af90d3c5db6a0a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
1d4cfd217c73cff3d101e86615e78c3c

SHA1
fa4374f049bc64a07ace1035adccfa7d9fa8594f

SHA256
58684ef3eea77e34c93d8741be14c15ed72c6392330bac4cd12fb518a1667789

SHA512
29d64be5b471592732d8bb4859021edee9c14159a27d6265bbb664097c034b281c3853467ba01d11df46d3278c692643a5b0ee5a1717e8fe99f6f16b0a4adbda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b142139aad97d6ef2a647847a6ef5b0f

SHA1
59b33be1dbde4842ff1bef668448f2e14a9db5b1

SHA256
af1159e9be2d9eb4670e4b49d0aee98af031b051457150e37ebe24bc50cc5d14

SHA512
33a80fb87f0ea97f4fa2ed54522aa367eeb6bc4cf43f1c76b227aee77a2733e50406248b2bfbe0037ea04ecd8327769788082d07ec218fce1bdb4b1e71a55eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4e69dec851e96c226cf9399334b62564

SHA1
b50ad735f3a206b82ed2f70733527e86fae722fb

SHA256
539036ed164f12bce6562c58b2779147d48976215ce048a64bd570beba7afe51

SHA512
2ef7629061c4176622a5ac72db83c4d2839001804af6b84ef0df20d2b45012e056a5d04ea568a006637c21cddbb0fe2a984ffa8f40ad64c01a612014bc9b2fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c9d2a3c1d0e229ad05a1304c796d4458

SHA1
5d4bf5e559e63e81e299c56661973cff81522732

SHA256
62f8a1d08c74be0ae0186695a9d58502c9135c1f870812a14a636f94db8cc037

SHA512
541cd1c03fe02c8034f0a4b7b8f55df663aa3cace404453fba4c7b178b2d5c6fa54311dc23787d1a8df35e33eb61c8a62f31f75afbb8fe04fcd0f62780202a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a3b0f942df9fea5395324ce27093c8b

SHA1
bb6d89f9cf47f61efe10ebe607c5c301aa6c5e81

SHA256
c134d032678642814c69bfe8a0f0a506fccc229f530cd4b4cd6dd1d298f28ad1

SHA512
f207fa2fffc5319d6b4080f93ae67e4938bfee4a4155bc5692472e5e58ff4f0131532c706032874a88236ff009f9481b94bf3800987d8fd986ed1ec674921e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a349bf0f480df9e30512b30f2ba56d7f

SHA1
8b9cbe7c691abd4160984e371eb1a90da6a9132d

SHA256
ba8f14c01e5b638c10f6986c4b6ad732a397671c85a1f9afce83fd1f2fb04dba

SHA512
eb5ab4250f3070d877d99ce9bf1027caf704ab51c5dcdd75800bd605c27518ed878df2640a62c394e4c31fdddfa270a4bcde5b5190edbed4355c91eff177e302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cdda164ae1334744b1db9d31232bf6d3

SHA1
76666896fee6a572388001a6a10063d9fac92ee2

SHA256
1a44cf1e0277840d853fede14db79f8b9885138923259d3ef42d03d7141518a0

SHA512
9581ad1688f9f1754dccac483767ccdc4be03b7229e0a23f37119d655617fac0ccc8036eec336bb8be64cd14592400d8e626058c25bda32760f870b6bf390a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3e2d6abef47bdd64b0ca70a434475e75

SHA1
85aec6c0270d0eb8a7167e9f7cb3aa41401038b1

SHA256
01e3cfa2594364ba4f03bd3bcbe7393f2f8610fa5fd652d6778798996ae6ad5f

SHA512
a0266401ce44b93fafbf8cb4da41088a5a330a7901b0607b8fc47bc3bcf6c77e5456f0a82c03091b62d2ad6e7acb94b9e8d675cb93d5bdf90ea49523ee11ac30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dcd5e02214bfbae1869bb2998853533f

SHA1
17a2f83c531d72ea56bce4d92de65987a867fbfe

SHA256
7dbfe1609f382bf51d9ff96b70d89be69f4b01c239d6a38756ab0a397bfb3acc

SHA512
dc40132fff94085e52b1f01e2a0d6d8913a16f54458b71aa651eab6c5664d561cff5dda9c68b4d793ef23e792a378f891010fd9c0776b854610c39738d588392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d1f0ceb1701dff4fb7980e19eb12d09d

SHA1
e57e8c8631e03e9bc30b3289125c3de2be1ff030

SHA256
0f2c5d81b9a1d3fd5e18d5e6e390d04202d6b49bf2c72990aff87008adeb65b0

SHA512
c7d952f6ff2d96af0414f33012fe0ee1a4b5abaa2055d69d6f5827db84af09a5db8526defcb500948938691487aba570535bbceeeeefdbd8426e5439ad378b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9b94e3a740759c9a88766269be81611e

SHA1
08c702820d348760edd1cbb0f2bee11782414551

SHA256
1f46e3cc017d71fa0732540177769b499975d08421a3988bf87b5866cef457a3

SHA512
3e4af03d77ed28c700de74004e47aa2aba4a28f5620f9cf02c357c762450fe4bc20cdc02a7f886aa5d2be2f3258f869a0d1befbbde3c8e06b4ebba01f69f0def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
909fe3bccd8ee2284c0e5fe5ef58a5f7

SHA1
eed7374e06a1e1c78fc5f126b786325a48c9e989

SHA256
d2c7e6cca0ccb6aff7cd420352497c1ef5329515e8d2f10ce60de634a557a8d1

SHA512
b6daa2dbb3f16768786a2278f564e6ae342f2dffbcdb3c47de5e5dfbf9d488fab4d317642d82b4c9f105c1fcc755d27c1d3fecd8534cf626926ee6003d406284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1045cede76adb942cb1a19da26ce28da

SHA1
d168d687a598ee864d7d33100636f4da7244b60e

SHA256
bb9a45dc582acaab4ca41509437fe61722a73673f19c4513b0080cf6cd6c9293

SHA512
52792009953272e143512fdc09def53d27faff3e9f79f3ad8e9c5079f2b341a84754638cede4b50ab7fdf34492ac15fb480c0fe0a0433fcd4d54c001c9c7219c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9ec1aba174089a500d50eb70c1a67d15

SHA1
19671185b4aea157e2e03d0001ecf39af70c89fb

SHA256
a0477ef9a70d2a007fb3d057965a28843ab39e2878554a51bd59c11f319f1c90

SHA512
1985423193c9f0b89b293ad60dc933a27904e41d163805eb63960e017f789e1b5407bf2aa25eee05f2da5ff6504141dde3c2452b7a54eed8ccd776595d19aec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
a120612370c16604270bcdb1a5837494

SHA1
360c456de32b79bc9ddcbb6ebdd2e20c1b3aa378

SHA256
a4972cb254330441fb4661ee1f67b1d63c109071cf00d4b23a5aa1833571ac4d

SHA512
15c41076f42e77b4cd0212df01b854804a75b955daa7633fc910a0f7c759c68b291c609f215ac3e5066de3a4b91159af61f02893518c43dd6cc3a7b77f75dd8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
55e1b47c92f2bea7c922c427d091ee15

SHA1
a16c7ecb2d5012c035907a5a249391370774c7e4

SHA256
1542ffc2c967e16a44695dfb42d82d73d650c097fbf515ca477689ebbadf06e5

SHA512
7434c37f8b0a3a63a5089ba353ef4d4eac33622d67dcbc6f90f2a69bb6cf4c5df9936dbd3fd68804c4d7667f7f35ffe195ad70e9300f8e82f996f5488f2a40c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c10f71b2cdfe62ae6e0fb913103aaf19

SHA1
661dad8cbeaeb69b843589ced90b99c850e13ecb

SHA256
dc38f34990a857f0c710c44eeb94e2602f7e41c92118e9966a7ad86190709346

SHA512
c3a933f3ca9d729da29a8f71264bed57f099f66cbf8d7127816e618c1df03834431681057dcb6ac779b8953b236ee7bf55742772ef79f376e36b3d86456a342b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2f88f99001bbfb4e820d6768eb0388e9

SHA1
f5fa102fe15bde250233fe0ded00aa3cf59d11a0

SHA256
c5d1502a07aa30afe871b20a3315c2da8f06f95cd4cd5b20a097e0a545be47d2

SHA512
8fdc84a3a7fb78378a42dcbe0e800f3121d7a9d6ab94a2b8340dbd6db794e0bd1138a675e4d20aa71de6906eed52cdb1da0e35b2214a28c4f500d7359e538054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
f02a9e2c109e3ba6f8a79d6da0bcb3c8

SHA1
c87e6954f4c62951b2fa0703882dc0b047f0b980

SHA256
0bae2ffd668f26f93d1fc3da2fde9e260ceb12d11dcdf9683d9c7111451a2bac

SHA512
82be5eceb568eef28a342d5bdd41a3cb3b3e553642f5d9e30bbcde21a4cb814d6248dea92015b9652f2c6b9e2290ca08295e202dd3798845a313c1d50986d5d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
42896157eae4956cab79c939da75469d

SHA1
fe71b3d44afb08804462113b55bcc5b7cfc34a93

SHA256
61f2f088c610999ad39d6d0e522929a3fd01badd793fba6bf9da67c064b4a8ed

SHA512
3fd21d0c23dce1acf4ed94f32a7387fc50d5cda6aea948c99912b14254a700135a3e21a3166634c000cb05acc86a5569247d6817895809431e3309d98deb1193

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit