hxxp://Bayt[.]com

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2023 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Bayt.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133453147775335642"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4856	chrome.exe
4856	chrome.exe
2720	chrome.exe
2720	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 2080	4856	chrome.exe	83
PID 4856 wrote to memory of 2080	4856	chrome.exe	83
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 2200	4856	chrome.exe	87
PID 4856 wrote to memory of 3908	4856	chrome.exe	88
PID 4856 wrote to memory of 3908	4856	chrome.exe	88
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89
PID 4856 wrote to memory of 3148	4856	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Bayt.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d88f9758,0x7ff9d88f9768,0x7ff9d88f9778
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1888,i,531967916122995398,3031871712880983450,131072 /prefetch:2
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1888,i,531967916122995398,3031871712880983450,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1888,i,531967916122995398,3031871712880983450,131072 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1888,i,531967916122995398,3031871712880983450,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1888,i,531967916122995398,3031871712880983450,131072 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1888,i,531967916122995398,3031871712880983450,131072 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1888,i,531967916122995398,3031871712880983450,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1888,i,531967916122995398,3031871712880983450,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5268 --field-trial-handle=1888,i,531967916122995398,3031871712880983450,131072 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5060 --field-trial-handle=1888,i,531967916122995398,3031871712880983450,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
9f3c89e4808aee5ea7f86405f65d1c5e

SHA1
501e7803497bea7e6d982628d56f63edfa3fdaf5

SHA256
44a67a88db644e81678ae8ab6c9c529f61ace8de450ee880ce1e69944d852ffa

SHA512
bf473496503912548d2023dbfb07da52f6d2812ccbfb1257ee3f99468941c2327af9a08b50bfd1158eae10e681abf20712dd970a07f1d9e5b26909e95941fbad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
7a6ddfff5126088c0690672df2f926df

SHA1
2cbad3d874c354be317ad2ac0f4e3db6d67905f8

SHA256
da6d13524b4121d5c1ad1990fae25062611e595078487674466b55a76ea5f94c

SHA512
bf50c3b745f9f5def79b4a934b728ae890a3f851cbacaa70ad962760abcb4a74ffa9247a61c27264e9ec45f07754a9b7d49f60cfdad72ce9a7833a1b9ae03143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
20ea61fd9cf73b0ab2ef025163429a0a

SHA1
0c46e92fce38300504c22de26deaa76477da7a34

SHA256
c0274d476f379f4bd100c8025f7ea7d511b90bffa368aca66ee7511339dad6ec

SHA512
5b6a3ec4f7731c3465f896f8b9b0bd8794f67169e75eeb5815b7ec5e6c9d2769eed2f3d4b7402ea1a8b3bdb0602bf7f058fda2bd931f43d1edd2873181978221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
505d0f4d9d80386d98656e172292fd12

SHA1
c8b6453a574e2344e375141927c957071e38665c

SHA256
0eee7a20c74b727bf8ea3705adf00c7526afcd345562ec5a91a4ca24993d08df

SHA512
05364cc421bba3ac0e7ca1d0d93f9c741abe57f38fbeeb52e6564344887a0dc932759f339ed0bd65d78f47bce478143ff168250068b1f25cb1975ed2291abdc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
94230dcb26af22bce381eec71ce553dd

SHA1
9fa3a542a60f9f2dab34b0bfdd29f34974f3198f

SHA256
fbc83793d0a07fbe715c3f4a565fbc3f9dbfae5c4ee32515d347219cbbba27b6

SHA512
c6fb7de3647add58336af18a6f261c72ab334fc4989d83d7c43a453f7f4b6b4f1aa2acc5deb7a19fb2683933d62490dc33f0dbad0277cada1fe6b1d71bae61b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5255b122510ba16fa1a0cab9756eeabf

SHA1
9e07d8ebfd0eb7e3c83ff956f9520c57b48c64c0

SHA256
cab20cb3fc2b9b0796837b30b56afb89ecddd4e3a4066dffb131bcc66d9a46b9

SHA512
6828285527bcad18ffd986360392a70d72f0086d02ed80c29ff043188582c04e06887b6a346bfd361059030b906b9c085d6b4146a5cd7a2f16b89bdb0f93a113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a4afbeeae77314623f050b7a9958dacc

SHA1
378b3db1e03f5dd2e5f6de1190b5d4ff68f94cfc

SHA256
fecedaf622c155a6cd33d731ffde9b43e852f02123cded97f07eb8c319c82c13

SHA512
58f23bed8440d39587e1de54a8c9a536c3b588c24180655aa0bb26c5a9ff7248b9d6c2ebc39094d70d330ce2fda3c0a70b6b0a55b92f8aa05d0c73ceaf944fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
21d443e7ff78a31920521b6230736c50

SHA1
c8d84f50ff10be6736f6cbbd0cef0841211cb8d9

SHA256
ee1de669f0e1b4051bfbc0d761eef566a6427b49b4d1dd7c764fde0ad1d0ec7d

SHA512
7d8ba75ef4d57d5d5113a318ed9b6c95b95138e4baee589eb795122617e1193107739d17a713ddede1c363c6724680e5c5c5b642ba57dc22ef0e2a6696f33e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fc975ebca29168eb812ffcddb23d9108

SHA1
04804fe8a53621ca30794c98cb418c2c4556aa58

SHA256
09ff3bdc0af3f5084a9929f3151026d580b20fc2013fd7d9fe5770844ab00390

SHA512
836f1612a6e044df4638d3da9f5e05e2a507f43a5c92e0abaed5fba6c82e76b06123fe74aa84f1b888aaaac059f559318b10845447fd3b499dbf95dc4ae1ce8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
36329075afe8a00a54961ddcd8b031e7

SHA1
1732f4d380917cd5962f3db857737a3e5a9e136d

SHA256
43612b0ccc14b82a267685efba9eb39115edd93d98ce738ef0b02475b6d2a3f4

SHA512
4c76f04631ca9fcdc39d2cbe81977ed817f4d4f64043324671091e68b73f896cb7003995eab6e915f79328c3e8efef5ca1e9368effcaa634305e9b4f89ca6004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
91d5fd0c218a66e0300d838e60a36422

SHA1
13b30b12edfd5efa0dff1cc87d55c283c6cf9c6a

SHA256
a699452351de8f1a4f91529d63d8a49dcc2ca6081cb74cf215ed0c3f0a82ff20

SHA512
fc088f2a107cf0e167870cb01004f606a69cc0463cad10407de8b6f3aa818bba251e5decb50a453be3a58201c0a15be77f89a89a53bcfc9f8f0fdc4b428f3609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cd6d.TMP

Filesize
101KB

MD5
45542888e92e321bdb4295ed341c8ab9

SHA1
200b88e2d458747869302f2e48524a50dd919c07

SHA256
0c4321cd886958c0653be98f9a51ac0a453eaad1ee41bfa0b12ceae330423975

SHA512
165192eab8555024cf8a0434a7df4dc8a16a8d010e97a2c1213806ee70ac7b3114109b30ab9a9b6686e8fcf8c981cf82a1fc5febc821bbf7db756275b125196a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f4d37c61-0a96-4b70-a47e-0a3461c8ecd4.tmp

Filesize
103KB

MD5
6cb90fa88f47903a36ea1f64b9664069

SHA1
8dccee56742beb4020f517359afa0cd576c5a3c4

SHA256
da04ef638e18c6090fc8e59d3d20e0a5ca3e7994e67b3a2b14133f1f0b1ff811

SHA512
9e5f416a1d65643065aa20905e4841520155a3abf81edccb4beb31b84c7cc7f0f09854e5cc32f983648c92cb96459093d6ecc6a4bf22abe304a5c10250888dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit