hxxps://stenmcommunty[.]com/activation/id=1561523058

Analysis

max time kernel
101s
max time network
101s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
20/01/2025, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://stenmcommunty.com/activation/id=1561523058

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133818756994144992"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1148	chrome.exe
1148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe
Token: SeShutdownPrivilege	1148	chrome.exe
Token: SeCreatePagefilePrivilege	1148	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe
1148	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 1728	1148	chrome.exe	80
PID 1148 wrote to memory of 1728	1148	chrome.exe	80
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 2096	1148	chrome.exe	81
PID 1148 wrote to memory of 4364	1148	chrome.exe	82
PID 1148 wrote to memory of 4364	1148	chrome.exe	82
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83
PID 1148 wrote to memory of 2320	1148	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://stenmcommunty.com/activation/id=1561523058
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fffad7fcc40,0x7fffad7fcc4c,0x7fffad7fcc58
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,2612317980535925215,10431646649533145936,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,2612317980535925215,10431646649533145936,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2004 /prefetch:3
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,2612317980535925215,10431646649533145936,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2268 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,2612317980535925215,10431646649533145936,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,2612317980535925215,10431646649533145936,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=1608,i,2612317980535925215,10431646649533145936,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,2612317980535925215,10431646649533145936,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:1996

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3118984460f3e5af1acac261c7a60129

SHA1
4075506d22987ce8f4cfb778b5635d08c4377491

SHA256
f8ee1175847d4a9274a5d1a9eddda3de863c327848c691d3a0f2b818e9909c42

SHA512
71cb4d58c7ae768e730c1545a8b790fd77d3bf18b4aa3b154edcc2b9733718816f18f6086385e89c2691eb7ab755d0b122b7bcea69efe6429f16701ea3452006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
6e380225c68266fd1a23473bb220d95f

SHA1
dd76589eadb9ce18d8083f92ba84973d489e0a91

SHA256
0287fb6a00105ba9ffa6c0b632732da2fc6d4ae8ce0741b8aab711523e50854f

SHA512
eeaff26b02d4cc2e35b43fed281f0d45249a8eb06189acfae16ca5689edd1662cfdba28fae93d8ec7fda46aa0ec641040fc059b9508a08c4ba59c93ead8da8c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
d2de2c00b34b5665adfa0c7706038f98

SHA1
279de3b92252f34f09b9c4a3a72cc3ca0b686baa

SHA256
7db1e5613a312d3b9e696a40fd96fc607e5fc4f4e2fad5917c592ab0c089d7c2

SHA512
ba40d6a01162fc2eac35cf499cbe2f3f0f477638bb375374eaa4c7e3487f0037e1db8ea9480b591f751b618cc23067a6f8958cc4474e4935a55e02328b030596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6b29fc74fc19676fd79d3019128e33ff

SHA1
4aec937e998267400c046f9ad1ff1de4b84df325

SHA256
4a08aaa9e583879b07fd4c15fe53c2fd078cb1ebc33842fc98ec288cae33d20d

SHA512
fb68c52c9768897685e3c474d0f85dfffae60e0341445bbda71616f05c11493af27b14b7277b2ed4f07bb8b32c28d43482fffc439e2fe8ad2c0514883ceaae78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be4a8bd40fd4e9eee3c81b1a925b3503

SHA1
d7e31096fe72bb09abf7ccd1ab6be7869cd0e2b2

SHA256
3ce40ad511dde2f988d874a114af0e7a5af8b30e79a0a2a84847234f8ef69ab0

SHA512
b62ebb7c562c7535f05cd2481d444242e6faf8727ce0e55547ec2e2201ba1bd2a5fb7df40b930a67aa0d25d9124444688276cf0ebaa1580982687fd2bc07a8fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e1b18260b2c4d6990b2e3a7765896a96

SHA1
4a8bbcdf401b940392c5774df40934faa45217a0

SHA256
bf24fc4c8689b17bbe9ffaf9c52c25647f17e43ba4091f92f766454cf78dd88a

SHA512
711550ba35b0dace5b015efe69c49d7fec7c3e6ecdc62bdcb049322749807c75ad40d50d2d4c97bb70f011e8d7a73874c03bbbff41cfd4dd73448295554c2212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
66326b8f888cee34af827cd74616b27c

SHA1
715c15bf5d431c0ba95798f6bfe20fec5e00ea9e

SHA256
8d532d733b6bfdc6a5ef2f4cfa2b0bd4dae1784ee100d24467266cc4881cb3cf

SHA512
0c8e44b0958ae284f24a28c95620349c2dcc1b271c290d657f2bdcb244a2db065be575052d03f2ff94719ea68095f6a404d99f495bfea9dbd27f7bf6c7c3ce47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13d05d135df54730ccef1134d08dddd0

SHA1
a95ee4bf08d3b9d6fd1728280743a323dc8a8a91

SHA256
87937f936dcc27816b08e7c845916be2c23aa2a9eb5cab5d31b11672e939865c

SHA512
129ec0fee35be187881e6f4023f720c525c577a74a84b345664327e9fd7c23e88203530dafc69e003d6115837b5e10f3a8c43766943e4c0e51e330009509776d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4675c304353ceb207588f5353b9b07b9

SHA1
2d781485e3fbc461940155f0dd7d908ec70c3558

SHA256
969d21901d7f3620d5b4397e462353c6af037d1538a09d0aef72fcfbfedf3e2d

SHA512
4e5406c7719e9655770010ce99fb1a0cdc8dfffbbc9b2ceab64b70ee28fb47bb5f7a35e0a4187421e62294f28d41c9177b5ced2b269390deef30b3d04fe8340a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18c6eb586a3c4f2e4d831398d456af1d

SHA1
67443fb0867e70e836a307459da4bc0144b8b942

SHA256
242f085f3470c77523669c2da9b58e938a561445653844aba48fdb2ab68e49de

SHA512
fbabf4848057db58781fb5d0a9034326561e63679c3c2ed3d46af48ecfd3b8928c3caccf91636c48b2e29ac236b967a6d9f935f366576b75ea50fd8ea3c62f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
208ec49ed948fa9a1037d6e9a546ae29

SHA1
5f3e3194c6f6a816e63389b463fc01aad10d9daf

SHA256
1c29332bed1db1a19a49d3a74a31b1ca14bb8d4fdced4ae684c58bd5ce311616

SHA512
969b01d89dd5bb1a8477c5836dc47ee26ea07fb84c4e270b95125ab040de4e06aa706fb5b0ae0d8281069cb391e9c0e49c0d3ab6193ec0ef6ccca99aaca7b7b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70cbdd079a8239abbca2e4f69b1b03a3

SHA1
e1b898c003644a050dbafe16bf70b49921c68e49

SHA256
1981c0adb40502034da3cc7893f5b9e3f34058bea14377490f193877958cf112

SHA512
2334bd6e10748358b2597c19d787d338bed22d4cd33f9944f5df7a478c4098cec4833baba996548b61381ca842a724c5e8a5135092ef98410c9a48a42c52a80a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43b13acd147693cdda0462590467d577

SHA1
2d7ea4a0a4a5a19c44856e7485ef0a28ec839abd

SHA256
5808ad891b06d3a92d487b1dc7fe4b5801e4c15055146dadef1721c595990caf

SHA512
cdb36dfaa8d057e0ef02c4d6b26b95efdf64963396d1bef342c6509043538d8394d7770fcd5ac22aa3036161a99e64d4e02756bbcc4788809d44d4dd31a2faf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed7f8cbf5da2a8461ae518203723a6ff

SHA1
c5796e4201e08a8164f6c4e682cb926e6f7af9ef

SHA256
0ea7a9e4a6cf7e65c1194cc97a357f43a3db04ac1e9d9ecfb43bf2412e7462f5

SHA512
ada616bce93e3da975359e3e1428caec628a38db7bcef6670bdc4680bfd613484b36bc45932f95ff83545b1c9b68de5da16babc55f85696fb5e166744b0780cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd9150569c320568355801773bdbfb77

SHA1
746b7939ec7c84beb4a9971f979b68d19686b96c

SHA256
9a26df35da1a4ddae6e6bae88fd693e1f004195488eb9879e5b0419dbf6b824b

SHA512
32e1b1b14ab461b56814ec255b6ece7a229faeed690f7795fb15ab01bc7e039b3a22dfa12d2e01f7458f2959de29443af297c8ac11102290204d2a85f282359f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
474cf71ae485872ecbaa013c0b927427

SHA1
3a0c96885eb53c6017d2ef03385ffe1e6f7a2aa7

SHA256
ad09386c8ed678622ed1feb7821f229501bf8fa01953248e8295a1628e199d36

SHA512
0bd933b99f9f603efd8bd505ab8bd29cd9a9035b6ab4783f07a3a44323c6664287cbe6aee14a9b7ebc71048ad42a2352b2821553a410428b7793e36838f3bdf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
52eab7c79ca0d3b0e46def0ce5cadb14

SHA1
95c0f4dad893c405e2ad70fd5825bbca4e38459b

SHA256
1d6e969fcaeb21b9c696db3cd63d944a15742f6630e6a1f03b99eb355a419e95

SHA512
a21feb7ecd5d161b74b70f1c6cf88a8314aed67e874bd8bda36bd565fe060ea13bf51914fc6df3461d7ac990826eed41e5678bcbda7cd1b069d8b17bcef8e2a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit