d190bd9ee815317e411bb80d232898b11bad6130a936d285110a2a6dea296239

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ENDER.bat
Size

218B
MD5

3bb3089d1b330ac88b2dc95e76e64539
SHA1

f476056d2bc86d99f4fd6d4052c0084483dcb839
SHA256

d190bd9ee815317e411bb80d232898b11bad6130a936d285110a2a6dea296239
SHA512

e6bf5d8ff1c660d4f52be4c272efc6446eb42050a4d9a0d5de74cd3d2bf4899905600ac2df963dfa52c22beb26e1957d4ff67043578670bef50b8b5017d9153c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546560605180389"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3720	chrome.exe
3720	chrome.exe
5788	chrome.exe
5788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe
Token: SeShutdownPrivilege	3720	chrome.exe
Token: SeCreatePagefilePrivilege	3720	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
3720	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe
5788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 4396	3720	chrome.exe	104
PID 3720 wrote to memory of 4396	3720	chrome.exe	104
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 4440	3720	chrome.exe	106
PID 3720 wrote to memory of 624	3720	chrome.exe	107
PID 3720 wrote to memory of 624	3720	chrome.exe	107
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108
PID 3720 wrote to memory of 4416	3720	chrome.exe	108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ENDER.bat"
1⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed2ad9758,0x7ffed2ad9768,0x7ffed2ad9778
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:2
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:8
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4220 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5208 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5472 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6120 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5556 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5924 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5692 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6116 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1044 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5944 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6076 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3132 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3788 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3988 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5604 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5988 --field-trial-handle=1892,i,169556555563647934,3315916115974275332,131072 /prefetch:1
  2⤵
  PID:5872

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=2260,i,3303482231723870786,2954015409682154873,262144 --variations-seed-version /prefetch:8
1⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed2ad9758,0x7ffed2ad9768,0x7ffed2ad9778
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1908,i,13282598541491538482,6287837981535652814,131072 /prefetch:2
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1908,i,13282598541491538482,6287837981535652814,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1908,i,13282598541491538482,6287837981535652814,131072 /prefetch:8
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1908,i,13282598541491538482,6287837981535652814,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1908,i,13282598541491538482,6287837981535652814,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1908,i,13282598541491538482,6287837981535652814,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1908,i,13282598541491538482,6287837981535652814,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5260 --field-trial-handle=1908,i,13282598541491538482,6287837981535652814,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1908,i,13282598541491538482,6287837981535652814,131072 /prefetch:8
  2⤵
  PID:4348

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a6af806de53cade9b0e7a6f2446f1ba6

SHA1
d5078ec988045014437eef70437e1243d3c4fdac

SHA256
e1a9dc7f8e1fff71c8ebc2da931c3c254b5a62908a6d22efbe27085db8a9b36a

SHA512
2ff96045a3b5e1adbaba43ba3267c6d03f113bb545af563a3711a998dd5c4426ce4f56f6cb501d2fb670b8b8f5fa71a696797648b428c86ddda7de4c82d227f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
ff49b656ef4b1c9d11b1c591dac8982f

SHA1
53f9ac0b4f3d0794a30417171886efab5b3916d9

SHA256
274dca29a65ff040af2e56a88f3687136326e6919310c5d72d545266915197da

SHA512
9dd31bd65eb665f778001c7fe80e3639d98443f231fe3a739b0fb273b9b89631c9f23c0676fbaafa59a333ebd25fc86d1eeeba2365784a9bd3b5b195417fdb32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
7bad3c896bf3128484603fe171275ac8

SHA1
f72b0094b003ab00053551068e5a58a7b4f091d6

SHA256
3ee18b17b89db2844358579a2c5cace6b7a4a26a647f83080c60f9ae4b6f7afa

SHA512
560d5662e1013b262adb806d0e4ae3fba0056d34028c4a23a6be7378f794e0c432fe4c609642ce4c0f85918909066a15c5aac04f4a99ae6751ff316465a0855d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
2b08401e9d8320d5d13799910a2e0c99

SHA1
d2925558b2b738bc90ba7969aec96e32556f79fe

SHA256
8901cc6626ea2c3ecf6d0431770c33bd4af4da33c8e62d1e20c37f7a5a348bcc

SHA512
5ca9440ead3bf6d3aeddb572c9b3a336315de2a3043b936f6031f33a4f4916731aac57953c777fafaf7f6751115c976a5d207326f6285c59482c3da9cce8f4f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
49KB

MD5
8d8df6442ffbd68ba5d79ea4e3d23f4e

SHA1
c6059784c70638012a56710734f5e9fb37f39659

SHA256
56028414678de50e20c6b1e66e1d4286ccf8bec40f14be6c8c943cbc3caa3916

SHA512
fb2601fb8f05a06588e8a127bd3dd06d7243a086ccb532d1f7f58f359a289de4a4d2e5f1447f8337537a23e75fbca156691400f102c63665c9aea4acdf546fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
31KB

MD5
6d6d3fdb432d9380b808c7813914e553

SHA1
c083510a4adf52a922685468bc76b108697ab01e

SHA256
09a24dd62ac1bde03b537ce8bf59b616598b62a0c8ef8575062755576634cf8c

SHA512
a3f9b269bd7b2e4311fa2e8e529d289665467df1e5f41ecfc11e7f5630a738e8ea2ee22fd46273117fca35582a0bf02c674c72b42c906b6a3bfef53150035cea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
66878806482d894b34b0732d27fb4908

SHA1
f70e01d6f3d5bf5faf5eb74c85dcc9e526b1978e

SHA256
e7ff6284d0474f0c022a730fe6ff4b5d1e77e6c588df7b523b4f58bb5bceb7cc

SHA512
ee1623ba067c0e0cd086140222d7c760b4234c2aecca90c0af2ce9a60953588009466e133d9502bab46184419bfe3f10e3d86d54a0ffa059b1fbd917f089a9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
38f60b2b41d8b630cb0e091dea4bc437

SHA1
90980d3cd56a9dc3faa38b3b25a6cab5db19d33b

SHA256
0b3ac9c6679d50d0c686aa2e0f9253f556367186762ced7f0b3583247ed693ae

SHA512
be5d496df4bb2c0e643b7e05bb03b993aef598a72485415e22cbf7cd7297fe55f76c74029d1b3f07987090dc3042b961f8fac33eade4005e21449590029368b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
77c455637564e5e5697390d571e25d13

SHA1
25299e37a46ec22f8f678caea7814b71529eecc9

SHA256
189c0b6a7040ed1ce58bd8e46cb4d355cd77ce13aed4047fc1a3ed4c8f1e1626

SHA512
76fc588153ecc120ae049329eabf592bf5d87656fd60b17c4fdf35647504d8363b1615ba6a3782ce23e95baf509c113a43e83e3a9b4e207e8df527bc7b4f3fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
78290287e8e28a2e3bef81bf02d220fe

SHA1
f7e5524c93b7b420dae4847a1121f16b29963138

SHA256
abab79009c32f32c3c5da8c1770de912450f130b1fe63d750b01b22af1f367f4

SHA512
8dcef13dbf53ad496bed13cb626bd11e9cba09d79b2b23ea43545e9b03bb08151be5b214554406c90965a06a5dded882c5318b849a50df2702b05599519b8300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0f5263aa2677c0d60d80ca674f651d44

SHA1
add91055143e8aeafe5492356cbdd3ca57a13179

SHA256
fe8eafbb562a1020e6a944b80f580757a8ba317815e5f51428453350f8207696

SHA512
8c15c8784c67cd66e5ea1b020221cdbc1777140d106a89bcd7397bcecc09fbba8c59095b0298b521a7953a6cff63741a19c6368018487b851c334ca18a6c4159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
2d57430624a45e690fda7e1b2cffd72d

SHA1
8b7a3ac20c18df33cd981f090e0aa317128971d8

SHA256
2343db6cdb45e9e0756fd74a3e55c847e60cd8b6ee8dc8f67184e11834468ed7

SHA512
3292c182de6d0a9635533b1ec42119e0bd6a54135fad2af92403768467ab3958b0c1f539d6e7be86a82e2b79b7087d9387df46db373b61ffd27de5ecf282a94a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
1cfcbcde5938469b309ff4dfd8ed9b89

SHA1
52f567cf2f319f140d397d1440321f1dae4b8ac1

SHA256
6b8ae0ab43d0173c28576755cdae6ea646852438f57aeb3f33c4b2bf06d4d839

SHA512
8097ad1ac675be569030a869cabd89282016bb473c26178e955790aad99eed9db2b75968552506fe4b2b4b0f6874ae8b66060e094697bcaf871731acac886556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
708b2d87b091d9e8bde154cf150095bf

SHA1
d573aec12f72f20bd8fd18d3488084cb4e4a5ad0

SHA256
dc999d0441044be1504e478a94f42410475dcf9aedbb971381a5722a5232e38e

SHA512
6c4d2600c0da333ea361b22a9a77399aa3016043e4c731fff5abf2aba91983c41c7ae4fbdbd1939e929265f2afcb8214e624681928d9a65a637ddc6b722c278f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe4453d489a0a14f5db979c3119d7def

SHA1
adbd44d0fc200db1aa4a4505f728d121659cd225

SHA256
54e480b71e1cc19c68239d677c8d67fc694c6db86a6a51f65cae979c25e7f1dc

SHA512
53faae567a53712f603322b95795872cc6db98d289b4e5775ed54692f355e8c3ac07b187592769fe6f8533147bacf39989b2a3924c3bb62a2d9f85e00fc21a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e904a1971b7b7951d0faf94bd83670c8

SHA1
4a2403af4e2eb2502a837235a56be27b68d408d6

SHA256
88caf334511cd7b79b8f4f3630e23123f35cbc892bc882025506cadc4fccdcbd

SHA512
7f63e1dc1b1808a42afcab07b3f817049e7f69863f86aee3383d69545f59ed84cf00c5bc6ace31f50157b5304a19bde1526bc1ae975ffb8daef5bc9f6e3810d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e9f8a8c258a83cd2b349c2e8edc48855

SHA1
dbd4e98eafcc3621798756d8c84cea7d4fbeab39

SHA256
040d379ed2db1a51b099d12c46d041240096b520d8d66e5ab0ae4f0c1c0d6f80

SHA512
2e30da07dde7cc88b0ca2df82ab0983f900f49b6c04f16f80624c03e5ea9d2902b0fc4dae5d7b0a7c261b835a903ea150392f5fcf84228a05c9b9e647d2de03c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0c6949ca15bff2184d84bcfe14d83192

SHA1
cf8d339c003f205d1448627b112ce0517b3f507c

SHA256
be6280ffabdda6aa53e5b124034b809ab9e85aac5703e0258904eb41d9f442e5

SHA512
3152cc70405e97893a24e59e63786cc2d9e093cd618fcc3c3e40a1848f3df41f7df6237fc22d7b37e051be52c66024793c3c9176ac52748e1142b45f7b09413a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3d0535b457dfa0c15451bb6f11bcbb95

SHA1
cecc4015bf557bdbd87f640d3e251927b496a4d2

SHA256
06604cbbc5c125dfc7bae9621c1df3a9ed2a7b958a1a925594a736464d9c1dd8

SHA512
7e38d060f24de4ad96b2080287520ba896b59511ca93910e2ad4a1e9d7c461073fdf501dcf867a6d05a6bb2803caab410fdd741af71e2651c0e9ef22ea34e626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
400B

MD5
80ea5ecb1741db400babc23775b3ef82

SHA1
9d8241080729e9b82982274cc6b32df255f5c6f4

SHA256
74ec3c5111ef3d0639d4f4f6b7d3f284bce62d391b095804be6c17aaf6693a8f

SHA512
2d1872c390af97a24cc3b714d4da732829a5005d70863d0ba1abfa5c8609a1fa00a0b4d46a047b057a41a613d9965c61d8cc79bdb63f33c593820f0b257b2a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
0cbb6e99f46505cb69c5e36dd81fd20d

SHA1
ca14d3c215ab32c8af06c1cc0f44a516d2725a00

SHA256
e01f82af0988f9c1240ba263e54204d10a697fdb896469b0531bb1b5d1984465

SHA512
467d5be11ec5038eb062e6fe03b6d0f551af5b576ab57a713343639ff964fbdda40acd3a7ca5f5650ae37276417f9b8b0858725a0d7e7ec6fe94c415139755ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13354656102649218

Filesize
2KB

MD5
0b3186a2148675e80a876115f7700048

SHA1
1b42b7efd959271db2e1375557145c9df4255a6b

SHA256
2bb551b301d2a28b200c9bffc23467d796352de593d3a243def657e4aa01dbf2

SHA512
f7248436a38093f8328d13a72b07829fa63a7a1dbb91c4143b1cffc097c76871892ca4556a597fec2ccc6b5748e3a8f300dd295f1496c735eb616ae76cabbe88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
d06e26e0e22257286b72671c8853cffc

SHA1
d578e175b2dac0cce37c2e887fd47fc32ba8955e

SHA256
395df2574b4d1d6bef67aa23f777689154ca8eea69bbd4e855c372c22c05be85

SHA512
ac473db6fe2e725a063a8128e31b8847823c54695c88cc1423b400198a1fe459fa63c234f28e0f5267b5af43dd76d1123b289f51d6a262983592e40ec0ccb8eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
92225cff50a724c14e336975f09bf46d

SHA1
ff3c10bd24db34578ec7503a2eaf98584e80ba1e

SHA256
26ced8e8bcd35800abb515ee6073cb479fab9b258b1a46a69271ad7a914c5f79

SHA512
e1eb2ff53259ca5a5640a6038eb2382450b8ff7da73eb5a762402600f4dcd6803076e150f4113323d91974d2215814f5f5a9018af709f42ac23b698e45106d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
7dc3004caa921588112aa73e0b95a39f

SHA1
c78a4f412cd7143ea3ed849fbf46ea02f6084402

SHA256
7d297ce765e818d6be8a13b2180be75c5e954d617baabaf0425d894eb0360d84

SHA512
63c5461944aec4a1a23692348bf48803a32c36e2551c5af655c1f5cce6fb95ddf962d1c895c31c318e4ae99e3e63d497dab098df76970fb16eea0f4f3ff33fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
259ddc0b10f8670418c5fbd0b4395f9c

SHA1
a42170bff896f8411d1ecab8e2ccea7d4242f08d

SHA256
9f9ab83800a1caa7a95bf0bf2684b2dbf9da16d7f1040e3153541dcd46601856

SHA512
7a13a2029c2fcdf723b4e8e243b52ec1cde159c05b4b5f6cec27d4a31852e58c7de1c53a6e72e974ae8f4c975a1cb0e6c5801fe38b2c159a01e420b37908f821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
a4497f52f8cb998e7bac23ce8235f401

SHA1
83b88c651e1484acdb34a2edfdfa721c511be504

SHA256
884f8491662165b9ef6f79d22e32df52cf172e7877705bc66f4a4b1c51f510f5

SHA512
3cc7a2063324763a31bc3b68ef91e03113e07ef1e3bd3d1d7ac80e2f031cb0884aaa7d7ad83b052aaeb05776e63d4478a6409f6826e77c330e00334c682b1ff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
b50977a39fce15ca9a64d4b4a1caf4eb

SHA1
68405907f702a248ef4e3ba2b26c44ace502c52d

SHA256
9d4615ab8ea8c9093a1e708299d8607c143478239c13a19d120d624ba0daa240

SHA512
f7b8463a572ffa7d534834f7f63ce65db03b4982817380a8f05dfcd53bb58d760b6a17643d433e0e14c36310232ee55783fe9898b78a355045909f8714e17da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
3988006a83fa5e7629ae650274f3a07b

SHA1
9f9f864b03f8ea14c93d565c70b5c0db04faf58d

SHA256
11d09b2b3fd501badb0ff3f079fb2cee53b2b25b11d4f568c4723acba34c90dc

SHA512
1fb6c6a21b7ee7ff70d206f370afe7fb9465f1606263a73f9855fe5d633895f38b48969b5d0ade6eb91a6e89cac10cb2e58e499bbe14088ebb4bb1b7af7ad68f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
678dce193b7af26c4066eed807762737

SHA1
7288284287ec258c9f2fd32c4a338d5b626d2510

SHA256
a916c2bb81e192bdb6f46975916a5a52ec5c4d911f92b790f452ceabbf4cbfb2

SHA512
0ffd8ac612b69f7fdb3d762fb4879aa41a3fe6c866a439ddf91f9d5f5a5cdee76b486ef315ff5958198e44c9231bcaf931f5e587d642ec874abb6622ddd9a0d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
ae2c6ef0cef2b7fe176ae4e59c65d996

SHA1
82e33debef5ae3a3a02511389f41d3dd77dfe97f

SHA256
b3a31eaf95b58b5928907ebd5a64a4fe86d8086cd1aa8a395bf29a994370bb03

SHA512
b867bc8ba122465f0d40f8f19a0176095bb3272020888e5ffbac025d64df88b329000777b42bd6b98550ccce251bb1cca3f1a68850cc6f95e8fa90132b67b7e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
7d2684ea7c3d14e4a2321462b2089a30

SHA1
e51206e25fb9638e0412733b3b58aa4b234de60e

SHA256
5a2b9ad3b640b793f6f341c6152f0a5d375a95b6ac03c6f4736e7a1e704135dd

SHA512
c3acbfa56f6155c475b3f01aa264f64f62542f182bc410a925d16416c9bb83c114e47fdfcde1554b20f8ac90dbb6415cf15aa15eeb56416421eb304554059c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
3.4MB

MD5
57fd9163642d617229e4c92847be7851

SHA1
07cb9b2bb216b67a7ce2c5485bdc962b1a6ee74f

SHA256
d3ef161a9b0e5f25c76cc3435cf1f033bfa430a021db5e9a46529e43b8188722

SHA512
95a620a90a5fe559e870e10ccd6fd71ed665898bbbe915edc0e99c5136c073fec32170de1d3365263d060901b35d1ab22b0f885441b5c54a1cb922c036b8c7e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
4eaf4f9dc0e681864d0a05c6db561d32

SHA1
cf534765971b6c7e637ba8fcb22179402a3f6d2f

SHA256
80750a60026f14ca0dadedaf35822ccc7b5e7d52820649fd68f1974a8b43b179

SHA512
e61cfe1c6d10d90d3808194955fef11699f3fe11ea6799c9c41a89c4048db5c04f159694dbfbf8cd5c3d4109eaf58b98232615b6975354e8500f3528a21b3200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
cc0fbee754e8621b0f94eb96cde7de08

SHA1
426093506a05a22e876ee1960f70cde96e58fbb4

SHA256
f4928dab9bfa94105d45cd9284c85edce8fea6199595ea5976eeaa8956c110c6

SHA512
ce43a011fce9045d341ca67b9ae31443c6080dbd6acb43174b453fb5496e42d8982e422180a0779d96da29e124e8ab17b2440a7ef4d53b85a4fdc8f0bd15e339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
aeb95106754319f920a233069cc461a9

SHA1
e51568467919fdaa771d435241605263fc242c59

SHA256
147ca7ce68a786f6a5d0f5d75a653941c5e7c45e1fa30da83447ba7e75ef1e71

SHA512
f067aadf3e37626a3d5924c05de976bbd15b99512fbfbaf4d5a39258e434b381f692c37e8968625029e68fe8afb9cd81b6e02210fc8a2ca44cdbc95b446d4ca2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
de9e86e615a54cb788f55dee959eb59f

SHA1
4cd940040c7d15062dce6b4f08005a55fb9b8884

SHA256
5bff66e2acf58189e7a43f7587559cb646d4fd9a830aa82e198a49ef8cb4ace1

SHA512
faf9d4dbe521b534c9e9f2917f6ebfdc6b001e8cea28a39faaf828d5257c0e20dc1572ac50608574a11b93f451d99ff23c4c364981ba8ad35d506a10cd91b6d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
1fbd704ea56c75b307e60a56c58ee986

SHA1
f182df576ab97dad1d5f356671d1d8c350856bb6

SHA256
7991c79dbcae8cffd415bbf5faab396b3486cab9fb75d2eb06548ca6adfc3f70

SHA512
8633bb408378284000319a6b9c73a2bfcb7ed3c8639eac42c9e48049bfd014a749e55f8527926c9ecd8c5cd191bed08b4ee26a822a75eaebd6538d6bed3a3fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57dfa2.TMP

Filesize
97KB

MD5
7421c30f2a7a94b6c0144ccb15533136

SHA1
a286911689b1f1242caf93dd1c94c2e1febc613f

SHA256
36e5ae6ed174356121dac33a52ed4aa86757ea0ddbe8f6fa3a44255a1b73323c

SHA512
557d86d86f7868effc2b4f820c1679b0758ae692887aca242fd4cc5723b5c358584f15357115409c3309f2c3190a7a210fc2b870131c5379f26176c37c4c18e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0e2b36e34fd79aa965a4a21196158416

SHA1
8321dfbd008c23f13377974d4749c0efbc010522

SHA256
f848e186b61ae953704b8ea1a9e8eb7626cad71f2dea44589c80f3ecd1043e3b

SHA512
9d9082e1931a3ceb7fade6a790f984f60523e0b6c37ef3d6e3d26435441a8d1e8916667ff727d658cbde152bcfdca96cc1a2b1f55547e9a9ae76fe1b434116ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit