1f36b2f7059a2f4b83ce20e31748e97d6c9225834ec5b215359cd7f20e621528

Analysis

max time kernel
38s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2025, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gift-952185.html
Size

23KB
MD5

646cbb78dbe18572ec0799696082b010
SHA1

8b4e798e378ae414f9f6e351c2cd788a7edf8ebb
SHA256

1f36b2f7059a2f4b83ce20e31748e97d6c9225834ec5b215359cd7f20e621528
SHA512

dbf30327ca78a9270cbc3a5a4940b4cc2ed9c9096bb30b4e222dd69840d9ace1ba3064a01dddd526662a74bb29c36e75e5ef6c80582e294a025dc417a600f5e9
SSDEEP

384:qn1Bpq1J9cOGMneM7aTESY+5xCVla4kQk/kZkmkWMT+4kmkKkikSMmDxrDWYtjNt:gBpq1J9cOGMnevTELDHaXfsW9l+X9hJ0

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
47	3500	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133892019999995571"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
212	chrome.exe
212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe
Token: SeShutdownPrivilege	212	chrome.exe
Token: SeCreatePagefilePrivilege	212	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe
212	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 996	212	chrome.exe	85
PID 212 wrote to memory of 996	212	chrome.exe	85
PID 212 wrote to memory of 3500	212	chrome.exe	86
PID 212 wrote to memory of 3500	212	chrome.exe	86
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 3644	212	chrome.exe	87
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88
PID 212 wrote to memory of 4520	212	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\gift-952185.html
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffec58dcf8,0x7fffec58dd04,0x7fffec58dd10
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1552,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2124,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4240,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4276 /prefetch:2
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5192,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5264,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5496,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5860,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5240,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5904,i,16789263416597735599,7244076730263650960,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:4856

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2668

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1308

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
878cced4528aad3007114f39c105bc0f

SHA1
b090e3938b6a352714c7cfb5a1c46f69e47feaf3

SHA256
2ab7d0304d158a229ead4b844acad63f10d48ef0c7733401655c2fd5e5885074

SHA512
a61f650109ee63174addaef038c52132d23e82ae020d194a446d0c6b231ea72388ce4f9fc4be4d799c0eeccf2416810f61a3ea6575ee5e1556b60b10e265fe5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
e48ea672b3021f40c1ca4e619ce4a63f

SHA1
da36981c1f81816aae4f2625fade56a1c9be7141

SHA256
71e12d3a7220872fb23fc3aab1d7a11dec54cc34925c069b6430d883d462ff34

SHA512
6647aabe8ffa384b9fac5f0749d2b42ba9c8dbb0868197f876d92a9046ecdafe2212cfc2ad98d8e1a7ce6580f3d14fac7f317f8ad98780308ad7758de7842679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5586b38652ab8091465bbd7bda610c29

SHA1
95f71a22ccfc728e3f613bee1a3bf118ba18661a

SHA256
20e7b35fa067c020b2c98873835f97b42b637a1ce077b4f04742ce9838f519db

SHA512
2ec0b5b97d881a9f32f5cdfab6721a5553bf203d6b27cb4d2297b111b26bdde0e75c6c896a92774e5c865fc261ae22694d38b2d8f4996c43246a3187c8653059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df2ee045d3efcbab73c4da86a66ea15d

SHA1
c3074c9a8a79c976163201b72d5edaeddb300a24

SHA256
37edc93be7bf80609c452242d6506029e9b35026a4ebd22b4460281c88ed1920

SHA512
85863107849d746c4edcb23f8a05adcfe758dd47bf20c8f769d7abbcfbbde3ef1ddbe47f85d7325d97ba66d2611971cea8183dfc25c5df5380befeb5436fd6cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8f56e88e0fc5f0bd4c365a1910d1ea38

SHA1
013d4623acb133b5f08be4c2d6e50658b6eb8bef

SHA256
ce1a5f8ab88dc06fae06c518ee08abed39093d17d6ffd5b3b8f5edb2ef3b18e7

SHA512
92d3270d5d6dbaa897cb6396055884144e69121087db038d36ce9c105a6c87eb429b60dd335590ab71395c077c694034a9d928e57fb56e396465565bd4708599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
4c77a1e087bc19864f8b767c69784021

SHA1
6e2ca013e77d3aaf5610e9d945b5a50b8fe9fa39

SHA256
14a15c49aa20f8884cf1943c45bcb9420aaa15ce8411c3b6c67131039e097f24

SHA512
0e7a9a5a0a55e530526650385dc2f6f3eb5614443be94994477b3611b6efce09afe1aa02df0c3992646b54a5f0d6885cf1bc5cbffbaf48366be6d15b8337b12f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e484.TMP

Filesize
48B

MD5
adcf9a4d5bfe408a4fd7f8d13d4d40dd

SHA1
d7be3b7c99f2ca47cc8f7e2ec9e72e1dd7c6b7a6

SHA256
92c4e01dd005176755854a362586f78adba0c7486e961a4f9ae4a4f8c7abe03e

SHA512
e7b30b68f164cb2c5774527d7f1505a18048c32bee8b5538ebe88fdd2309c17d6d03b6e2fe26de7b806cea3dd0b925994de27c282c74b639c3f68c19d3b66d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
00262d4fbd2b669be0172608c7740886

SHA1
98d6584b745a7193473abeee0dc16dd64a997ae5

SHA256
e90701171b1c5f9a2099e3e112db2edb450c21d94c322418504ab2308f304c23

SHA512
ca81a982090af66ffa640d65423d6fe486bd03628a464dd4235a3d6e08d697d9f15b68fb48fea0282ee90b6126fb4d7cc5d2732c22939617a9fca342aa8f7c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
95c14601c592f1784f95644c6c7776db

SHA1
0b4db86e22279051e2f904fa2908d2a2034be5e2

SHA256
998d1c1e8ae8b3219f5710541de9996affa49374977d2aac7fba2cee617277a5

SHA512
e6fc6f132ccd894278e4f20375913a996709702cdff97830e4d2a0839440d352cd02ed7f75ecc760d37f6bdd64a99158274e2850881c4cd4bac7b05c426e583d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
9c1fb590cf6e449dec7a00733c8f7c65

SHA1
5c32bbe069b2cebf9e427734f30765e46f86b4be

SHA256
09082b132f96aa7853a76de1d02a517860d145650eae458548cd9f8e7bf14fb6

SHA512
80bb3c218cbffab58832a4676f16ea1b80f9914965f346747146ccf382f5160ebda4b8c1a5fb035a5a35c840d1d4debbd7dc8e660476942d96836ddfe5e65a4a

Download Submit