hxxps://srteamcommnutnity[.]com/su940924009210924092-247942

Analysis

max time kernel
50s
max time network
48s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250410-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250410-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
16/04/2025, 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://srteamcommnutnity.com/su940924009210924092-247942

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
25	5372	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133892867411029108"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 3448	2768	chrome.exe	81
PID 2768 wrote to memory of 3448	2768	chrome.exe	81
PID 2768 wrote to memory of 5372	2768	chrome.exe	83
PID 2768 wrote to memory of 5372	2768	chrome.exe	83
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 1380	2768	chrome.exe	82
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85
PID 2768 wrote to memory of 4152	2768	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://srteamcommnutnity.com/su940924009210924092-247942
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fff310adcf8,0x7fff310add04,0x7fff310add10
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2124,i,4554225465729034396,15532714188614317683,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1604,i,4554225465729034396,15532714188614317683,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,4554225465729034396,15532714188614317683,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,4554225465729034396,15532714188614317683,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,4554225465729034396,15532714188614317683,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4256,i,4554225465729034396,15532714188614317683,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4288 /prefetch:2
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5188,i,4554225465729034396,15532714188614317683,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5308,i,4554225465729034396,15532714188614317683,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3448,i,4554225465729034396,15532714188614317683,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3416,i,4554225465729034396,15532714188614317683,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3472,i,4554225465729034396,15532714188614317683,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:3680

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4764

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
a8d77ba934a749784cd508ac970846a5

SHA1
e0d5a98bd9d50f21f70c7c07a7afa1a481adb8c4

SHA256
b20c1dc69323e5187562da3a005ce2685e1cc206f9042ecdb7c018efc0580d68

SHA512
caa641a0ec22a034a373ddd87127b99e91ebdbd8622b1b1f4e9ac88036f7f97d097526f5da4916aa32bd2980f3be0a1325c3d2341d74ef338740a1c8cc05dd4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
6343725c7ae9f480577b3e7eea262a82

SHA1
4b207e90ce22279f279d7e0c748aa3b3d8cc88f7

SHA256
8d2c0dad422e25950326577cbd1681ff7383d48af6e57af609b77199a1913524

SHA512
4f95e01fc11de7cbed157be62f9ea7ddaf8517b778e781a51e1f250d1842d2614cad748c9fecf8d917b3f98bd032034d2190d6c218fe6e24cb86be5e8f349898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28576f21a317c251c72cbb884b85ca89

SHA1
426785d317d38674312b5aeeefded99f17bfb7f8

SHA256
3c81bc93ec4cca06def32bde35a1af54e7300ce5a051113db823d13a4e086f7e

SHA512
4c2408098dd480a049acce7f5517c5610a4874a87478c2304c738092677b573ee54e9117b01c18a4c4b0c0b23b5babb6498a6c419ae6d920fc286dd257358a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b781925c693dcdb64866411b291027ea

SHA1
034c52d4b83c572f398b4765d53f86a199cf0177

SHA256
3ba272b1e360ddd30819d29461b9fc8f6c208c7ec61f8a1cd473751ac408464f

SHA512
1d8d45bf70dfbd5fe4ebd05df23116bd96e7ffc39bee3b281e9c276b68ca410f10563cc420f3688ea3c495d2b6b8eabdf12059973e5a7621518b8b564f83c0e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7faea98aa3b709461dce80fac7115a9d

SHA1
1b992eba8ff7fe7c98c3eee380632926129ed562

SHA256
ab7daa5e5d2bfc7cc10fae59afc1ad7e453a85bcdd99a325c34440d38bdd39b7

SHA512
6a03371b68a8bb6a12093ee76ff32cb1290b32c0eea0fbf40a1f782cab6ca16f4dc48fad255914c8e2d1e90ef96460ebad587b3f2e83b87e413ac07becbbe547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
43520419daa1a2071eb1dc4a5e91bbe6

SHA1
954f24f86a066f57fb81aef237a7115d774154f6

SHA256
b7842c79cf45f6717e846f44283de6ef79bc91f0f919c45fc8c3d887a6168389

SHA512
7f1f0284b494f33cb25e32a3d06fdc3a341e5c395c1119e05bf51603fb450569c711725106f174b4bbf2dbdd49f6339b57de3ef209f53ba51f03ad2c1784f278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c92a58a3430f6841aa712c5a0ee3df5e

SHA1
40ad8dce2c492cca7ac13bc8f3aed0f5652ea29c

SHA256
2e6bfba382238a3eb6949a5ffee014f9289c8ef8563e44053f51efb273271f20

SHA512
253aa7a52eed660fcfd8ceb8e29daa52b0a67a2c06ba20ea4c35037df328387d3947fc3c46a40703baf940b58820395ad64777ac9262565d7a7cee380c1a03c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4b8e251514ae0f9c0b45ff78e4ff5941

SHA1
4a9374b807d9e36efc8535885683a516ba5f01e8

SHA256
c15e01096793a32412c72d02fbe439a0d2c243fa9895cf73023c880a58fc512e

SHA512
55ea09c47521128323c0d666a5dd1cd291980d3b05812424ed29dbbf7f6504a79d7c556d61d883930111ca64b57ce947752d5f944df3f59417437ceaf1b65eed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cbeb.TMP

Filesize
48B

MD5
6f85dcc84d624859f42886edd87da129

SHA1
a2bdf2e45322afb5d4dd202519edb33e7d16ee59

SHA256
aa0db75f499540ccabb1b17691ab9b429fd3b90a48cbb575b6ff2390e8b1baf3

SHA512
17a4212732dc2698acb16ded68b113ddcaba13021a8c0df3637af39795f1bb30ba5d56b1f70d6a1bb0b61a323547d8978f00bb49c0d5745a7cb729c16d971dd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
dcb54eb39ae09f8e0521d659adfa518e

SHA1
66ed96dbf06542441442dd3a5dd7fd8664f2d9a1

SHA256
6dedb6ea893ac83bda5b0b1e5e7e1175f114fb03bb56271ca66fc07608699903

SHA512
608ed837249d7d8d0b2ce5080d3ccb89445317ef22d10559ef1343c701bdc9c89c5a5ba4fe642f3f30239924d8e09be5f6e31824cf930d5586c7818006fb0610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
206f6c5c2418297e4d42ed39ea8fc7fa

SHA1
3958b1e86ea6ae4aba71bcb8bfbf6c5d928ee439

SHA256
f8aa049a6e8c0b0b37963fa743a4a643c10d367cda611d24b96599ab6983ee08

SHA512
214fd8211af03a515a1fb869513645d4f45b636f148e62dd3a74f7b2e41bc6cbb5f8d47c6edff83a6d8b1d41c8713d78a092d6c83ff4e00af49cc0b8dfbfd2d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
95f9f8f0eee7d58f0e666e6cf170f20c

SHA1
be4978ec776d07812cff6a1801b1ee5b6f993a3b

SHA256
550bd6a1f355015983303122d0258a94322089d6572c3eba688d4963a0e1664b

SHA512
edbe0efe68e2c1623808e99a38f0449bde368cab31e0d7ff524a34d9e9e7e27084bbb13ae3fa76e9970f13857bcb38fe65a0db62a2bedc0c7637dff70d14446d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit