hxxp://steamgift[.]cfd/105394106

Analysis

max time kernel
89s
max time network
81s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamgift.cfd/105394106

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
20	4736	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133878388554031797"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeCreatePagefilePrivilege	2448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 1472	2448	chrome.exe	88
PID 2448 wrote to memory of 1472	2448	chrome.exe	88
PID 2448 wrote to memory of 4736	2448	chrome.exe	89
PID 2448 wrote to memory of 4736	2448	chrome.exe	89
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4632	2448	chrome.exe	90
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91
PID 2448 wrote to memory of 4548	2448	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://steamgift.cfd/105394106
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd311ddcf8,0x7ffd311ddd04,0x7ffd311ddd10
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1976,i,12512358406913133533,7615734711273050830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2012,i,12512358406913133533,7615734711273050830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,12512358406913133533,7615734711273050830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,12512358406913133533,7615734711273050830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,12512358406913133533,7615734711273050830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,12512358406913133533,7615734711273050830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4404 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3880,i,12512358406913133533,7615734711273050830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5228,i,12512358406913133533,7615734711273050830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5628,i,12512358406913133533,7615734711273050830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,12512358406913133533,7615734711273050830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3924,i,12512358406913133533,7615734711273050830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:5820

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c9d0c22ac05fd2bd6487711e7e0af2f1

SHA1
688a441ed8ae8e3df2b2d304b8234b96d12d16aa

SHA256
fd7d21606b4d36a24e3f845d85eaabb108e02251a782c993ebec57d45c3e5e61

SHA512
d14980cabb83e3a0925a908adb5c2265af207d33134956b01d5a5b2c4ff910db756accf854d036d1408acb0eaf4feed8fb850c38d9a84c2a1f3001c3ddc9ce2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
aa946944f98e07fe0ea1b3221f4f6cd0

SHA1
22dbbf7b1f083d03eab9e70f8d7655c67c2ccf56

SHA256
3506b0fc7872c4d4435bdd2d497071e8cce5203547fc0335751c22440fecb028

SHA512
1642c927ee72f6c56c2661e7d1b6206649b7ab7e4aedaaff085c975c148380246266fcc115b2a9c131f761f2593b833fe9800ad422e6252a4e5b8440c40334e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
1255d770c8b2a10688ce5071df3e5616

SHA1
90fe06b57a3faecda6e551aea13f93c41905afaf

SHA256
b05b0ae562339129202d9e4b96b4c003b59670c9555e95e5ca782a0d715a85fe

SHA512
9405655abb0ed2bee255c3ab60dbf60e210327c891b068966c23f7abcdeec2182d58044522487fd90f16039d40800ba9cf7535c481f66425cfbff76a0b456622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7da6a7c566ab722fcfbb9422ff532b7b

SHA1
324b11ce1d7aaf82ce6b4ac750fc862623e0df50

SHA256
cb3bb21271f20b3daed6816d92b84b0ec379d4853758620cc7dd43df462374b0

SHA512
74c5fdb1ef51c053983031819721b670e8871da57db0755de4a4d0dd9ef492af70bbe33128b2976e01a0eabeca8d764e8c001fda9e73ab3c3be72c8ab0c78814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ec6d6ce774327f5d49782835318c025a

SHA1
4249e66878a05f923beb5183118221eb7a788674

SHA256
6f7d656cdb0d4dcb0abab22fa74c912480aa76a399a1dff595cb56b2380575e8

SHA512
867c32340979d5473204a03728c90dbf279b17054c93411241b5a193ab389eef3f862598b298e91b6276d5829c85ab67778d809267ffb6a9df40bfaabecf7d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d90cfbdbd38304eb203cd243313a6b06

SHA1
0e6fb19e8ab36300154035bdd6f654c1ec4310aa

SHA256
04960170f5cfb685a6fcf45022f30aa1bd3e54984d5e92402ea7010e27e7a36a

SHA512
46832b3078867a2340757cfc2eb72a844dc4129145df124909e714d42ad2b1c6b06ddde87cb41fd39adf2727891650c808c191f85509c54e1e858979f1707053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4ee2a1be3001613853b3de7940017e3d

SHA1
39f9a128dd1031cbbabe4a441309818abcb49ef8

SHA256
580d7a1222541408aa6d4c4f4dd2a307668da1021d12d494f298cb7cb7e30b05

SHA512
aed4737b3eba634ab8b263f46bd87a923fd5edc0a1dfb58f94ed7c73bf4f37bbde258c345d3e6330e7b9c9d3e1c5e3f8a9ad0e305d27f70b13e94217f6f6c197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5fb42d5e3ab6a249876855e664e9633f

SHA1
f09ae0a1965b9e99cea26645879b0a8ff18828be

SHA256
1087b87762487b70ccd728e98062c5594dfe14dc3f3f0881f39e8380f30dbc0c

SHA512
6dbf83dca6ef90d732b2e7bd61e713d5c0d06de38b56e701bd44a01b08a356e16d32a45f15a8788a3d497cff092dacece4d88b653c154d3fa3a7dad49f313768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
479bdb9e053135eba15da92973663bc8

SHA1
04445d497687d5f8af0490206114184230bebcd9

SHA256
260e6af3ae7ea680290e6459f4535b9e5e046330c8b7b739730a45b014f5ba47

SHA512
399cd2bef7fae6f9534462d0f5a0a254c85ecaa373633ec0aecedf5a0305a1582544961102be698ec97c59d998786b1114b69b199570305d38c944db3370d8d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
35fce2112d5f8b28b85d01666fada53a

SHA1
a69810b00358809d2dfac2102b52a136c62ee940

SHA256
e40fda1668c41dd2bf2d8a7bfc28ce55e655d0b035a7c6868f24b000ed5821c8

SHA512
e230b9ce245ba0562297bf5d3bebd36e270db1d4276777c2c9db5cfc0ee495cfaf76da8535f38c530f10704942fa64a05238983be10e6e787346d612998d9a06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bf39.TMP

Filesize
48B

MD5
66f2d0a89a13f3f273c57b5ee0745128

SHA1
0bc63c045738cc4205bd69e2c821616d66a020b0

SHA256
4daa3143bfa8a455deee0da9d6c177eba7b15f0b6ebdd7ad0de2a6e701c4a663

SHA512
eea465d6c43262f07d7f08fbc53b748933dbce74d93a3c13f4cac686fd195caef38ab8281e4772c1bd58876c3e7855234439d272faaf32a8fa7d7695d133bc9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
4181985d21477d2a64bb4133d4054d1f

SHA1
9d976e9eb86b432e26ca855fa89aece005e26910

SHA256
57d7a498663d18a00e672a7cf0f72cd226b377b5cf1fb919b5493a230f0c5e26

SHA512
d65403a139f28f56c13e833228fdea0d884620c3e12fd6466940014e3a13f07d16b5e23cb6c75458638c843cf3559b359789caf2a088694f66b8f898ab29ee54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
134a6757ef4e0b63996062c74ac1c429

SHA1
2c6dbdec8705208c6d88706eecf8a6483c14f065

SHA256
bd1ebcbd6fe5f78442cbf3d8acef8d04784c95536bd861a911c8e532264d8acd

SHA512
e0c78e594b01bd59905594ce448e489d59664c38fa9d92ea808352303e833acdf6c68c7e9d79edbb993d4e79cbb673a959df580ddaf77fce3705ad871c05278f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
da0c62a336ef4603c3820ad1dcd89c3f

SHA1
864419316275a4b071bdf43a1031c7b58855fed5

SHA256
e058e4e10d20e616e8f483b9d80b4213b5431a83f0d337432e4f7cca2ad4856c

SHA512
49044c3cc46ba42a49443666478af405667ba15e8a751009025b2e8fa693b9d24a613673ab6dbbbeecaf6d79ec0f4d9dbe314a3029b3f8a6401a0cf55aa53e36

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit