Analysis Overview
SHA256
064cd228d36496ffabf693040096d5f4a83ee97929eb0080a62bcb57ec0ede03
Threat Level: Likely malicious
The file BaffClient.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Modifies registry class
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 03:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 03:15
Reported
2024-06-14 03:17
Platform
win10v2004-20240611-en
Max time kernel
75s
Max time network
80s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Windows\file.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Mshyperagenthostnet\Windll.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\file.exe | N/A |
| N/A | N/A | C:\Mshyperagenthostnet\Windll.exe | N/A |
| N/A | N/A | C:\Recovery\WindowsRE\RuntimeBroker.exe | N/A |
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\file.exe | C:\Users\Admin\AppData\Local\Temp\BaffClient.exe | N/A |
| File created | C:\Windows\Sun\Java\Deployment\csrss.exe | C:\Mshyperagenthostnet\Windll.exe | N/A |
| File created | C:\Windows\Sun\Java\Deployment\886983d96e3d3e | C:\Mshyperagenthostnet\Windll.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628085882264861" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Windows\file.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Mshyperagenthostnet\Windll.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Recovery\WindowsRE\RuntimeBroker.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\BaffClient.exe
"C:\Users\Admin\AppData\Local\Temp\BaffClient.exe"
C:\Windows\file.exe
"C:\Windows\file.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Mshyperagenthostnet\IQPWXTciOzBiF1DeSqwFpjIDV9fjjuHa5fEfx3sqjP5TYoxDCMjnzQn.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Mshyperagenthostnet\HwPkyWu6eqFTNAd0kGzN0uBj4rmg86xS4jMcxsNEx2xITbH.bat" "
C:\Mshyperagenthostnet\Windll.exe
"C:\Mshyperagenthostnet/Windll.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\CpE9VJhpe1.bat"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Recovery\WindowsRE\RuntimeBroker.exe
"C:\Recovery\WindowsRE\RuntimeBroker.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc6b8fab58,0x7ffc6b8fab68,0x7ffc6b8fab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1800,i,17218197920252114069,18172883333302779721,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1800,i,17218197920252114069,18172883333302779721,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1800,i,17218197920252114069,18172883333302779721,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1800,i,17218197920252114069,18172883333302779721,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1800,i,17218197920252114069,18172883333302779721,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4084 --field-trial-handle=1800,i,17218197920252114069,18172883333302779721,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1800,i,17218197920252114069,18172883333302779721,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1800,i,17218197920252114069,18172883333302779721,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=1800,i,17218197920252114069,18172883333302779721,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1800,i,17218197920252114069,18172883333302779721,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1800,i,17218197920252114069,18172883333302779721,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 815622cm.n9shteam3.top | udp |
| US | 104.21.79.128:443 | 815622cm.n9shteam3.top | tcp |
| US | 104.21.79.128:443 | 815622cm.n9shteam3.top | tcp |
| US | 8.8.8.8:53 | 128.79.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
Files
C:\Windows\file.exe
| MD5 | 4f79bff971f7946a82f46a7e0f19245f |
| SHA1 | cd67ff400eecfe4f2eb2e53b384b7d10b3b543b4 |
| SHA256 | bbb5479f61dc5e00619f2b7a0198eb7077d926b49b4b2aae94604648449bb1e4 |
| SHA512 | 13704bb8990ff1347a037df9d8060ac06468d3d26d5dd09f2f88f4a49e5482f6c6a0380829263cdabc0c296b3cc2ddc621c8574e1e3ed47d5bab735cd7d12f01 |
C:\Mshyperagenthostnet\IQPWXTciOzBiF1DeSqwFpjIDV9fjjuHa5fEfx3sqjP5TYoxDCMjnzQn.vbe
| MD5 | ed0d3e057c717be6c471fdf31fca580c |
| SHA1 | 2c62ce4023ce60a541549815fc2fc202fdf74637 |
| SHA256 | fb797b3b6d792931d24b3aa0edec4f96e94a14e8ed8a3a27d48b6cc862413aaa |
| SHA512 | ed9b8dfca548ed02e0d78042d345bd36864dded9f166ba3221d23ea699b4548494952a1b2838eb2e6eea6f4d521e4140e3455cfbae22ecf8a36d48409c1a2480 |
C:\Mshyperagenthostnet\HwPkyWu6eqFTNAd0kGzN0uBj4rmg86xS4jMcxsNEx2xITbH.bat
| MD5 | 02d81622b98711a782bac512a4b6d607 |
| SHA1 | 778ea4853f2ef2ac25b8c07ed09bd2b7433df155 |
| SHA256 | 26a1d2cc4370f14cff81d84b2b602932c46639f6a8b7d3e87746194e1b6b1e0a |
| SHA512 | d7b10d076fe4dc9e8e4a3ae4b867ddbbce19a54f2c75f9443cedb0185d0715ebbd873185968d6e78dafc2d48362692233d918e2867808de33b19371ad38a5c3b |
C:\Mshyperagenthostnet\Windll.exe
| MD5 | 1e7b61238c6e240c120664b8c124f361 |
| SHA1 | 67840424837a1ca004d6e3a9a775640d8fce85bd |
| SHA256 | 8e2c77982f5fda6bcbe1ded215aa776fbc329063d5a33f319157b97d69875a93 |
| SHA512 | 359097cdd20bee3debbd7935ce17e03b7db5151357349fa7649fb345254774569a2bb2ff2e6418f07161c05e67cd17837a0aec62b047638f49976bbb8bbd0a6f |
memory/3660-16-0x0000000000520000-0x0000000000706000-memory.dmp
memory/3660-18-0x0000000000ED0000-0x0000000000EDE000-memory.dmp
memory/3660-20-0x0000000002790000-0x00000000027AC000-memory.dmp
memory/3660-21-0x000000001B410000-0x000000001B460000-memory.dmp
memory/3660-23-0x00000000027B0000-0x00000000027C8000-memory.dmp
memory/3660-25-0x0000000000EE0000-0x0000000000EEE000-memory.dmp
memory/3660-27-0x00000000010A0000-0x00000000010AC000-memory.dmp
memory/3660-44-0x000000001B950000-0x000000001B9F9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CpE9VJhpe1.bat
| MD5 | ba51b895474b9c7169566a40941584a8 |
| SHA1 | 8fa7f741a43898099f0da5d1ed0bdbc1b1a36692 |
| SHA256 | 6b8ad838e6ed0bb51e26b4ded6fec9c2e383898c3babcda0c632834dcfaeb1ac |
| SHA512 | 2f3d85228d936e56a83c3af1156df72748bed7887a746dcb4ee1a20ca9d3a4dc89a53f1fb806f483b0b627198eb933dcedb2c5fbb6bb4b58bb681ca9fff803db |
memory/1656-46-0x0000028D647F0000-0x0000028D647F1000-memory.dmp
memory/1656-48-0x0000028D647F0000-0x0000028D647F1000-memory.dmp
memory/1656-47-0x0000028D647F0000-0x0000028D647F1000-memory.dmp
memory/1656-52-0x0000028D647F0000-0x0000028D647F1000-memory.dmp
memory/1656-58-0x0000028D647F0000-0x0000028D647F1000-memory.dmp
memory/1656-57-0x0000028D647F0000-0x0000028D647F1000-memory.dmp
memory/1656-56-0x0000028D647F0000-0x0000028D647F1000-memory.dmp
memory/1656-55-0x0000028D647F0000-0x0000028D647F1000-memory.dmp
memory/1656-54-0x0000028D647F0000-0x0000028D647F1000-memory.dmp
memory/1656-53-0x0000028D647F0000-0x0000028D647F1000-memory.dmp
memory/3076-68-0x000000001C450000-0x000000001C458000-memory.dmp
memory/3076-67-0x000000001C520000-0x000000001C5C9000-memory.dmp
\??\pipe\crashpad_1808_AHATTTBWREWBKBCG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9eeae8d11d169247b33f3f5a90088ec6 |
| SHA1 | 9df03879bb1b8a349b115e93e249bc9ff36050a2 |
| SHA256 | d8550ec83e3402a8a94a4373c1dc96f495f9ed01e0d9a72df9f7a792cfae0f30 |
| SHA512 | aea75df2d4176f394f09e09b35f8210250483a24fd3dd6efc88e257e7166b8df3b372355f206604c8a44b0199536b21dcd19b31fd459ba94869223571dbf08c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6cf6b692f3d4395c427970ee914ca597 |
| SHA1 | d65c4882668689cc416c09213285e2d7edcb356f |
| SHA256 | 24f510db1ed683da724344807dce69c10447bd8f64ff27508d55c9ebc20160c2 |
| SHA512 | f8f665979060a853ef6ca292c7bec565f1b10ddd13ad5d24b8be000cde53e74caf7109aa1e968bb1fed2e237a8d67c3faabc1001277d22db4292b46cb06160e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 532824b0bd5e09092a08440883cc663a |
| SHA1 | a363ea4877c98f98f4261932b35d3e4df79b99bd |
| SHA256 | 9b6d0b01499de78db95394374450cfc2a443bade564575323287db9056e66fd2 |
| SHA512 | b8584cc5b1ffab09f9ce6d1c4e6c4c0b21daf8c6e8c1e58606f446f95602c2661263c4314426fd9f3b216c3a597267d0f34349288ece1339e9cb032b5e0eb3bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 438fe80d01b3437d093fd2a6fa514b0b |
| SHA1 | 3be5437cc90965e675cd592961b4cbfb7c7ccce4 |
| SHA256 | 54075ccbb86490f65e923c548bab1c4ffe3df80b252a76e4323ff0d6cc72ee8b |
| SHA512 | e220e0c31328c3a913e3be5238744e230deae6ec9a56ce081e0716797cd3c3969a30627c6c3608ceec6d5a3ef21ebcb1d4f8b0c49549b266a289bc6dcd13850b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e5308fe13804cc254023b3a1f1800f0e |
| SHA1 | cf7e6ed1dc71852ae58d506238179a5423fec184 |
| SHA256 | 0cc1d8508d09b8129d83aaec864e40e5169053c73d3aab4b471262ec0cb45ad1 |
| SHA512 | b4e098dc3d68e0fa9c49bb14eec38780826948a5ce911de711e51be5186efac373a38eb1a370b69ae92efd664ba624293de73828ac7d3fe9b1434e145127fff4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b03d88bb5f4f4696e0dcce857000e19c |
| SHA1 | 2f116b272d971b5513f68d3e81f2f02f286ff6ce |
| SHA256 | 274091b734cb570d4aee0a216581371e67b9f70ce68427ac5aedb67782c7bdab |
| SHA512 | c5d670bbccd1f0b603e9fd91d09f93818a6e77521ffc3ffdb8092eb7da1b485e00b7fea632a201113d12aabbb6c462b68db0c755d6b88ef28a8f5b68bb8482f8 |