hxxps://steamcommuniitty[.]com/gift/id=795524

Analysis

max time kernel
116s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2025 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommuniitty.com/gift/id=795524

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817365034081069"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe
Token: SeShutdownPrivilege	1792	chrome.exe
Token: SeCreatePagefilePrivilege	1792	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe
1792	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2544	1792	chrome.exe	83
PID 1792 wrote to memory of 2544	1792	chrome.exe	83
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 2488	1792	chrome.exe	84
PID 1792 wrote to memory of 5080	1792	chrome.exe	85
PID 1792 wrote to memory of 5080	1792	chrome.exe	85
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86
PID 1792 wrote to memory of 3064	1792	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcommuniitty.com/gift/id=795524
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9f2dccc40,0x7ff9f2dccc4c,0x7ff9f2dccc58
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,14158722551080776761,17347228390697274707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,14158722551080776761,17347228390697274707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,14158722551080776761,17347228390697274707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,14158722551080776761,17347228390697274707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,14158722551080776761,17347228390697274707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,14158722551080776761,17347228390697274707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3500,i,14158722551080776761,17347228390697274707,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:3912

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
35fcb926a5c9a8340757b923565f4e09

SHA1
6e524d01c516a30148fa145b242629ef9daceaf9

SHA256
3d4396966bf7ccae3f3d1fb541f8f6accb8fdbd1d6041fae06bb47c1720d2e5e

SHA512
6e6a91a2d454d999580ef48c6c970afd4d7450d6b960ae40c68bebc0fe2c517c3133de158070d685a9828392ced69b9524e3a00fd455260db056f7da6822878d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
221b8fe3230582ab1f9fe81e46dc0f04

SHA1
8ee78bc79a5af8d1a0d70dff9a97cdbf72be5157

SHA256
16e79ef0a3b494f788b27026433c4e5726f7a0417648babaacf3ab215a563c38

SHA512
ba40362028fbedeb8ae862df4507e076d5e8d88163a763e6b11f4039268a09b4433a858c4d3f6784f13901fceb0c245d79fb4423a6e856dc5fc67cd9f3951bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
5f5c4a19c3c9d995194bbd02c9278457

SHA1
bb117a605f0d2445bb9eb7ee98072f4f27284e83

SHA256
9f9488545fbe9402d3fd5af11d2e5c1ee1eae437f5b5243c1d09de4d403c7f28

SHA512
5528691f47fb3372639d0332e02f5e478d708688c21811140fbe651f15cc092a3d7c69ef2eb767716ea02782d5936b77c7a961793f489ad13503e6188c02e112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4dc4a47ebe4ac97022d95f1b76b64505

SHA1
43d872fd154c94be3552fbcfa8dc23bfc0dffe75

SHA256
01292ef72338a66eb4e6e39f79e569af811eca02f25aa067c4fca0841ed96457

SHA512
296139c869ad76a8c8afe1205dd5905a9c525b623990310a575bba4ea6d5d0ee6ce0dd5aabb6d0edc00da15bc5255391e6b80b70c3458f41d7030dbe05272f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64383750fca97d47ffae3a4316e003d4

SHA1
4656d795274e1d1364bfb9c1abeda1c8947ceaff

SHA256
51b0fc8de9890b96933115df7883c9162c94c58ce40fc687f9388dd5f404e277

SHA512
8d9bf625863c4cdd9289d02b65c0cdbed37e4e89d3fc5c9cbdb798656553e1b72ce9c1260da544e26dedc9a46f4fd5009acdefce6db64513b55f45c643074430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8ae3697d588d6d4cc7b27e3106f6d4cd

SHA1
68e4df545c1b5dd457d4c240a8bc81f32b571c5d

SHA256
4a6493c0d92525a4b6295716d08ea31dc86a5659c478d752c34e262dfff22af3

SHA512
a2d2313594b4fc9fa8840ed894827ba2a1add4326cc82897fade14783dae9a728cbb6db87eaeaf9b8a1ce98abf14631f2d58aafaa3610bf05caccf9606ac7f3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b537f4420bfe15aa9ac7b4c62cb81d90

SHA1
890f328d0c56cc8ffad2da54c66342e7180f1cd5

SHA256
a8cbbc7791d4e15957fbdd55945ff47c0d78ad6f96d0321d2177798ffef228e0

SHA512
aee6d69557c5b2b457d65bc0aa47258a279cd2ee569031ff75ccbc70df2af5f4ade47e30590709caa0bfc7ba87cc66d0492a2721c4b980b8f9f2c39512102153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc7be9fab5dcf13eb8df7b3e466d7abc

SHA1
b91d33d871cc25b83433f6e63702b66d72a598b8

SHA256
c376cd7d9d7b6d2df2e27000d6ea76756d18b7e17cd7c8d803b57d97217b0a37

SHA512
e9dea2d74937b0c546b25af8a9776b682eef047b530a2448c17b57a0aa3cab7b86354670486993d73a1af935345b10e2b18339d5de1f7273fdf28c34b6ba986b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ef343b13470193c93b67045c9bf422f

SHA1
02af1ff41a39e463ddfafb1a85cff8f0eba0cffc

SHA256
6177a7961c16aaa7090b1a77b268fbf9b39baf601a089f2fa192bc8005ffe51c

SHA512
39ffe4c3227308b5bef9c7b9f9525a4c4ae4b5d52e5d3e5d756ccd19dd01fba1049dcd3f7445394ff6df5f45a845b299a868de69c14973cca4dcd872b447d917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a1a162eea1816860b49064a98f8d2a2

SHA1
2eec6847a222473e7ccd3899e04229090b5ae1ce

SHA256
56922f598dc68047d17346694ae99b1337d7f8070a11d786210257eb4d25e92a

SHA512
c78ba0fb77eab8dae50e0b0e41e523c3143d2d4c82b88cf13975a821ad0c1d7ae86542fae586f9c2adcad8d03e8d8cd49a5521b1d4c29d269fec92029b9f8603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
861b92fe05c3d45512634e437e4765a7

SHA1
fe154f9fda7983703a303aa5fe554effd1157db6

SHA256
411602b9eae8a7ea28250f5165b5d9e55e4babd5c8f99a104bff23a39b70f763

SHA512
0cd474ad1cfd3ea4b9748d69df1bb02dd19b5809811bb0e50c4075f37ec945380adc0829470201fb7367581c633d1e5e078fe0287a4c0504e6d83a460447b620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c6c45815f2e651ad0cc05751b3bbcbf

SHA1
8cb8f2d2a11df62a1c0fe5a4e83ec17d5bff44d3

SHA256
0f80d2a46713679f6e1947846b77128b7f08cc048223f7eb5a32dea29afd91fa

SHA512
aa3200374b96d23a5ae025742b1b20980031232b87ec819fda81845253f8d35162444efb663c45f4daefd292af15a98e6d67a4b6b34a218e1b6d57a7c8990bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44512afc816d2525f43eda85a356a5b7

SHA1
19b65b7a86c711810323e4a6411369ff12da5550

SHA256
e644878b223273d949c47b790dc6bcd751baa40b778fc7854fb3548ff7e8924d

SHA512
03d8a2b35f913213f10487f9a01f94d7f7dd1b124446a61c41dd2276a230935bd2dc87654f0d719f6e7e09fdadbd9cbf9cf506c2eccf502bb32164e6075362a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5fd135f1f98fba9d2b9f3c45e089d60

SHA1
14797d80062ea48e6c80ec9a9040832cec548f64

SHA256
3db016439557e5c995dd697411023999d0ac0ce40f916a9766c013e50458dcc8

SHA512
5fee62413ace2464e10b8a0fd5239d24fe4affb7144a2bd07770b67343869b998078a94e0453436e7fb67dcf836e62770aeb28e27809aa53e28f925f1ed73e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ca2aaed6fb0e607e6f0837da6802e45c

SHA1
81a0c957fc26e5115387b462771755bd7f5110d7

SHA256
41ce85f559493f2bca4674fe1bbad903f60eaa2dedc9fa2ab32acb89bc28ead4

SHA512
203682c384d88d1b686a5b1fc19afe5b00dc784a2ec56ed03684ee0b55d9f6a3afe907e1c836c3369cb11ca0ad4d08064d9f33987e072617414a2f9fb69e2e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
96c3e70ba4b74bc13c58658a72a026b3

SHA1
adc385107fd7970172af76c22cfce38d15026284

SHA256
8bbcb370eda0fdc6e5afd96b0b7e1341de996f282dd40b9262deea7e8fd8885b

SHA512
d0dc8162f2e5c5b5cc498f99d1be84bb6362b01decabc396deeb9bc0fcccdf6840e0e7010b06ae013b7c613ad539ccbeb68b4031fe3bcf9ae8c87dddf55847e4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit