e5a124bd1001f4fd1ab9b3cfa4a541d548d9bf23ccbe371efc950f79fb3bc3ba

Analysis

max time kernel
91s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ENDER.bat
Size

49B
MD5

afa3eb6fc473003b202265691e824676
SHA1

b9a6e1262784e63df3d206d0b920ad60ad079bbe
SHA256

e5a124bd1001f4fd1ab9b3cfa4a541d548d9bf23ccbe371efc950f79fb3bc3ba
SHA512

c196716b7ac5216286281d4cf50e897bdac46155f27d03ae7b73cde40b804f5b7f7ccc359a070d0a2e858fdff1237f7ba32c716ae4663b2d5d6d749b3119b1bf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133545797539044471"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 1728	4444	chrome.exe	105
PID 4444 wrote to memory of 1728	4444	chrome.exe	105
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 1640	4444	chrome.exe	107
PID 4444 wrote to memory of 2040	4444	chrome.exe	108
PID 4444 wrote to memory of 2040	4444	chrome.exe	108
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109
PID 4444 wrote to memory of 2836	4444	chrome.exe	109

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ENDER.bat"
1⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdd35a9758,0x7ffdd35a9768,0x7ffdd35a9778
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:2
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4228 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:8
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5304 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3228 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3148 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4044 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5224 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2768 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3104 --field-trial-handle=1932,i,11759232728029790695,6531035187228638532,131072 /prefetch:1
  2⤵
  PID:4672

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\106dd6f02b812b01_0

Filesize
321KB

MD5
475e1d143b86b77d228ab5904ecadafe

SHA1
00e222556e3b22343d7f4e72e50061a2e1fe2bc1

SHA256
eb5cffc65de3a91fce2c412c173f835fb5fd1bcb38f86d9db5762ce532580a5f

SHA512
039de9263e91335d99d8d2848652173c3fd1c040ad9b76c0dd73d9fb30b00d26dd9ddbb296920c0fef8fa77966e83388d14c7b31d173c8c110e2713859e78ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
5f1f50111154b21c43b94c3c65edd707

SHA1
4bc94ddafe59ec3049f36b1c52637b7120e43584

SHA256
dc8489ebea06ae84e160cb9ae389904750c4c375e368053f6c03971c769563d2

SHA512
63cd50922929b8518056e1d3e679c05a0d2d8c2aaa72361042402e3f50313a898d29b6e487de3e11d71af3c1c61680dc20e42029fe21dc9c9e38e2de52ed4dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
59a7eac9d1f838a50ce859d077071c65

SHA1
0f4d90f6b63edae2ddbf2f056b3731f7f36ee137

SHA256
0d902783cf8be5a2c2801d4adccd755a57103dc19a2511c9e9a552a1e3b16af7

SHA512
2fa3f4357ec235357f5444fc5397736a69f624b95d6b3a59e846f0dd166e274f3eca4b7ecc5d7c749fd9382a16f1a0a21c86f1d3497cdb4d5dad144341b3cb43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
915a19b4b8ba9a982cdd279b1e025df1

SHA1
1b036007bb051fef45a8eb27f8086cab2ddbce4c

SHA256
dee1379fc98e331555f23b5004415a1e0ecaf60537627b18939f823be5ab79a0

SHA512
c5ebeb6cd5464da2d6bb353859fe2492c2bd7fec05ada78d10af69631c194f471e3fbcf3dc997077b45716df202eb56acbeed957e0e19a78b1475e9a34837a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
113dd74f2bf0fc3ceec597b5ed774cea

SHA1
1cdf4c845d59639ce23935e180c4b10dbc566036

SHA256
4dc512217b87acc2b8f4cbf31fb7756d9edfb453532d1fe3463d898ee208c978

SHA512
08b3e9078d86b8e94fb709bd5f4aacf7ac69f3d3d789e021f678c854f620d552dc975a20d4bfc1df54d61c3be9eb2624f4bd41f2e25373c90fdfb29948440ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6d56a7b8fd5956a856715c36dd955f67

SHA1
031b339f90297b69807cd62679bba69770d9b901

SHA256
03cefa1663ebc8b37704015dfa7229d90b187eb1fcec0bea5e7f8d60fb97a739

SHA512
3b1f4176d5ddad792390b600042a02812ddacdb53775605d4768a50375c6b6345e7d88e9c8984948ef9c7cd352771a61f62eeb0771a2e36dd435dfa5aad5a7e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
26b85db8ca883972e1bbf7180e3780e3

SHA1
6b709504bffa98b319073dfaff1330a237f3ac3e

SHA256
3a865823bfcb5b0c9514650d28ef1026c3585fc290eb40e645f8112af3a63af7

SHA512
985e6f45c31afb5b5e03bcb0426fb462cad1a34f5e279359fc4cc1522394ce0b4d6311610ad833c9f16c9a146da0141be079f7738e8f4d0754b17f9727d12a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d10f09b6ed8019cdd756b9f446dfd0f

SHA1
6a7f4bd9eaef10f2ef5c4d4f9d83b94d3cce7cf5

SHA256
d4cec744366d2250e2dd3605ba9afc2d029c864ab3fa0380f832c8a5e929dfd1

SHA512
f33991a4d53ebdb246c7fc0fa80c9b37129a2281450f8f5b2208760e59c93504f78c8be7c3d76c2dfcd78255f6725ad17be6f74415bde16ac39be131908a607c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fee8175785a46e72894ef3f69e7ffc31

SHA1
fe5acd3efc695ccc1336c7b93f5d7ccf9fd013ca

SHA256
b6bfb44ed210bb00f7447e16c8ccfab4341ec6781c069ab654bc55c69de5f4d5

SHA512
016e316a34f319da4ab400ee4d83679ee958d6bb642199643a5b6bde22e9a8d93dea04d19826256fe6444c2e49b5d7c8f0d48642b7dc12f74ed16112e8519420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0c4a4c1e1815ca2211294789580c274f

SHA1
55f1bb6d4a604146c254f9d42ef05e40f63d5607

SHA256
51d934e2fd5888df2b80f7530b02e7b9962307a2c9a628ae202bb4b78b574945

SHA512
9fc6815920e4bafeace34d2de320ba4f19c0462ca23d4814c1737384ea532ce1f81615e55161d2cf2cb5709f2bc88fbeedd8de130fac01735e6b1980c9fcaaaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
234db93ee2f06720ae4f932b100b057a

SHA1
44155801ab674038d2936ede74e17fc3c17331d9

SHA256
c740e2d83b513236601e1b3284ad2880f93347631dde502a5074e9c9720758ae

SHA512
8f3fd9707e0337fb6e8f925413ae10cdbf649dbc45408b325f05513b375b80afa13cac36941e568570a52b22273dfcc84f6603f793621ddec868fc44d512f532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
a46e5c6a4c370710bd06eb3f9a19c69e

SHA1
be5f07fd7ff412054883b793d4b4159b088bfc9e

SHA256
b0949665023babe5ea944caa9ceadb7c52f549b32c4480458236345ea65517ef

SHA512
cc39c03368d14461d526fce8b312356ba7a4cad563ae0991d15a5d592bfd6cba22339e666d508881dd5aaa6dcd2512b64d700ea40ca8276ffc5694a903eeef46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
53cd54caa9624b9797e3a0d9b569e951

SHA1
15ea5e8d2836d9641eb401f8348b96afa82bd79e

SHA256
f88368f30cb80221677a87fa2066fd901ed5c3bd2c802373e5673d219a887c67

SHA512
bae80722ec6890663667022831e95d5846462a47ffcbe57b76a0cf3a649631ca39ed78313961e7210823e2fa5b0186ceff76eb8751db52397347e97d55178572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
e519902bd5099d6a412887101fe64972

SHA1
be64db497d2a9a18206c530e20a85900d87f31c1

SHA256
aa55b63b099a1ca1569af58bf53723ecb002c36719faedc7943c1bc04609cc91

SHA512
af30a61cfe2dec3a58ec124603ed6f0cd77ad8e98881a03e67cca4dbcbd5df172932eaa93c10b5b0eea41fc2d0973232951ff1d7556b433b1faa342444d96934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit