hxxps://steamcomrnurity[.]com/happynewyear

Resubmissions

25/01/2025, 17:32

250125-v4k9vsvmfk 10

25/01/2025, 17:24

250125-vy1scsvkgk 10

Analysis

max time kernel
96s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2025, 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcomrnurity.com/happynewyear

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
42	2056	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133822994972810645"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe
Token: SeShutdownPrivilege	4968	chrome.exe
Token: SeCreatePagefilePrivilege	4968	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe
4968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 2352	4968	chrome.exe	82
PID 4968 wrote to memory of 2352	4968	chrome.exe	82
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 3528	4968	chrome.exe	83
PID 4968 wrote to memory of 2056	4968	chrome.exe	84
PID 4968 wrote to memory of 2056	4968	chrome.exe	84
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85
PID 4968 wrote to memory of 2176	4968	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steamcomrnurity.com/happynewyear
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd4465cc40,0x7ffd4465cc4c,0x7ffd4465cc58
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,3389753515362468440,17279424602397140456,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=268,i,3389753515362468440,17279424602397140456,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,3389753515362468440,17279424602397140456,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,3389753515362468440,17279424602397140456,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,3389753515362468440,17279424602397140456,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,3389753515362468440,17279424602397140456,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,3389753515362468440,17279424602397140456,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:460

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b3c9ef3679e619d2d777d22bd37c1e14

SHA1
213ab027b5a533672d61ed81732f8ad8c471db85

SHA256
b301816bf89de9527030946b92705f46f35e3686835b99ebeb1af7358118623e

SHA512
d97f0e6ca6925daa913ade8bddec1e9ec8f9ca8824b1f003a463d457b75e355e5225012e9b1b891d023fb693bdd3bdbc85bb49cb74a9b98e86f1824a4ff1974f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
a260aa48b10a8b9265128795392e2249

SHA1
b0afb58731ec84d42c42367ed792d874b3b49986

SHA256
f88d35ba670586f3bffb357c4fc3275c8d53677f6cb104e7267b7113429d8e7b

SHA512
3a71229779d3d96dc1f8ac02d0ac1a0745e681b4f1aa80b3286507b100d099708cf87eede565abd208ede62f0adef004db9ba0a82ee171c7a01bd2d14cae8a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
e2b7578b265a979b7b146019ce8bffbf

SHA1
5b85d4541fef0f0a42b8e4b8cd16e1e8d59d4165

SHA256
d18edcbfd7625e584dcb984fa36dbb88583c65f435da8de2dc75650606ccf1ec

SHA512
e9db6a8a3b01b946337fc62f561c170937cf1748f43f11f8d169d568d07ea963237818d3d8081753294132173a11c3bfcb3aeca5f655b0e3e54c7cb9a5e9b12a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
de44a183bef3dac9a855a16eadf1b024

SHA1
5b34c5be87b15d4ea16a35b85a684d45f9d5be16

SHA256
00dac8cbbe8cb47c467c17b5c7171f615a452ec871d30403906fb2f3e0ab1079

SHA512
aa1fe67a94e77c329960b17f11bead4065a4337f6532863fb01c99f79c64e5bdabee1f62ceb71576e0a3b3233a754fae3f64132888c489c941be8fec5e491884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a519ec5dcb298cd86482782d509708c

SHA1
ce325ef3d1c34ce344cff07891ac2d1c196f16cd

SHA256
ea7a975758dbd73aa4babb4ef833c61facfb6e8009d3616558da24004d80a016

SHA512
d2cbee46b63448432b13c57d3a24ec6b84f8078ce3dc12940db5036be54afca53a96662a24782f6a038981cfa0f62a64dfe471a69bd7098235c7fd4e3471faad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ff6984d312d31ec79e6adc52b702e03b

SHA1
e62b9d569202fa698f70deec60566d04046b13c6

SHA256
e9aaf65323dbce4fe8cc2326eaac0e572093fa54114f239ee35915f784d54996

SHA512
245f90486bb5e37edb61acc9327f5c009951087980ea516eed03c4cb7ddb747d3334d19e5922aefe9f36159b013e343f5716d194ba33bd9e09e1316cd7658977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
64bb487f9b1a56c08f663bce753302dd

SHA1
d12c80acc1234ca5969c886fd9977f7d29e8b624

SHA256
24b27f6371b1560597ad287209ef12b6feea8d8ec396fde01ca4302b68459819

SHA512
bdfc3085389884249e81d5dec71b25a647e81b282a355f09457e7ea5ec888322b11e04fd42af3e89ca15f43c76118fecb737092973ab0ace5ac1d2e154e05cd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb334005b95035d4e0ec9bc47f0068b5

SHA1
aebfe52a81626e57a2842d3cb4942ba8764347e2

SHA256
eb81c28ad2bb4882448f19445a79e76001159173441400bd4ba6d6413d8b1811

SHA512
02706bb159b4b1956af8ff1546e48693dd0475c6ccf884e614c7788d1d7db3051d4bbda0084c820d4e97e1df9ffc405ef80de06b1bb65cdeb81a3ce7349cf873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5494ff0efdaf890476ca5cbaecd08c7

SHA1
eff99f26c48c1d8aff07cd1cfccc893472b18280

SHA256
bea160e824ffce19f2d8a958104330bf543f011328dd16835fd8b439155fe02a

SHA512
9671c47a3af8d2eb576a1d91dd97e73f5fa216e235e8ef83d5e5b6a8431fc26997715d8f90d8fe025353b5c214843edc67359ec525e2ce3728e124362af1555e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
42a91ec6c86b9ae02b30e1d5211f4217

SHA1
63e39ce4bf271aec625a5db6548d55c450a4aad3

SHA256
c184c9f021db401c95bf37927329393043c00e8f98012557a7a583a9a0700f00

SHA512
b1e67ae1b2b946bf2ddf207a8de2234abb997f9b318649c5aec9dd4aacd5de1c0fdc32e69c7c22484069222089d75a90266893f2e7463e3d31f9ca0e5faaa947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7778ba1570f6dbbe20f0c13da85af0d

SHA1
2e29861abe04be0332df9928c09f9d75f1e56334

SHA256
d52723d11a39ce759558cd5561902d85b4969c15cf338225e0fa7615f1d32e5c

SHA512
4278142252317e59154814359739ff89627cef870832db122e7cf5d36f6cf808092defc6b3c1acf16866b8c971ed9b4168a18a26ab2580f0238639235ab05f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2ce20cf1d6af79fe16fa08c8f630ca4

SHA1
d09135c542c8d43991596acf72ca3f36cf2826a5

SHA256
430b8b35a216dfbf4f5a28eba6086ea9ea8a5008620b9232ee2b8529ecc23210

SHA512
3132e12edd0d5293941517146c64a05d53e8634f269039d8a486782b6e37d4746049fd7569b1add8cd4eafde6d52854f02ac6dc117a690214762dc0aeb28b6d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
06ec03c41f93d9234c41647def632ea3

SHA1
babea5717390306b1849be920c9a7de21cd93d53

SHA256
aa9365d75ba0c9fc9d5668f2db31f68068faa08a2784cc8bd33dc12f09893dc0

SHA512
e6d6cf55ec8f32a37fb8c5b3deb7f16146e1fd67609899f48fbffa4a518ceada09de5193207e9f9e038c9362ff2b14375ced47a46d85651ef9e9523ae92fda83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
6b574b904c759f47738d7bdfd8b8608e

SHA1
7e13d8766d27cc5e66f69e102ce3ac9a1f7c2ca5

SHA256
6bf48a01576155964ac90af6ce0365d18669b53187d68d08de6c04b4b3d5b2fa

SHA512
aafee9422cc3a2048945c5d33d75d73e2f8e852f31e12ec346f8baffe17888b0e101fc22028f0d62b9d52d5858b7b9d3a69c0fd37493d970aa940225cfce663f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit