Analysis Overview
SHA256
7a84dd83f4f00cf0723b76a6a56587bdce6d57bd8024cc9c55565a442806cf69
Threat Level: Known bad
The file NJRat.exe was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Njrat family
Modifies Windows Firewall
Drops startup file
Adds Run key to start application
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-29 12:59
Signatures
Njrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-29 12:59
Reported
2024-07-29 13:04
Platform
win7-20240705-en
Max time kernel
270s
Max time network
126s
Command Line
Signatures
njRAT/Bladabindi
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\NJRat.exe\" .." | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\NJRat.exe\" .." | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | N/A |
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2156 wrote to memory of 2764 | N/A | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | C:\Windows\SysWOW64\netsh.exe |
| PID 2156 wrote to memory of 2764 | N/A | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | C:\Windows\SysWOW64\netsh.exe |
| PID 2156 wrote to memory of 2764 | N/A | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | C:\Windows\SysWOW64\netsh.exe |
| PID 2156 wrote to memory of 2764 | N/A | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | C:\Windows\SysWOW64\netsh.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\NJRat.exe
"C:\Users\Admin\AppData\Local\Temp\NJRat.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\NJRat.exe" "NJRat.exe" ENABLE
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
Files
memory/2156-0-0x0000000074501000-0x0000000074502000-memory.dmp
memory/2156-1-0x0000000074500000-0x0000000074AAB000-memory.dmp
memory/2156-2-0x0000000074500000-0x0000000074AAB000-memory.dmp
memory/2156-4-0x0000000074500000-0x0000000074AAB000-memory.dmp
memory/2156-5-0x0000000074500000-0x0000000074AAB000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-29 12:59
Reported
2024-07-29 13:02
Platform
win10v2004-20240709-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
njRAT/Bladabindi
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\NJRat.exe\" .." | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\NJRat.exe\" .." | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | N/A |
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133667316803815929" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\NJRat.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\NJRat.exe
"C:\Users\Admin\AppData\Local\Temp\NJRat.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\NJRat.exe" "NJRat.exe" ENABLE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff4a31cc40,0x7fff4a31cc4c,0x7fff4a31cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1976 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2000,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2248 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3288,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4488 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4740 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4968 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4720,i,10003861856781430850,8639848538540556768,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4976 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.75.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/416-0-0x0000000074D82000-0x0000000074D83000-memory.dmp
memory/416-1-0x0000000074D80000-0x0000000075331000-memory.dmp
memory/416-2-0x0000000074D80000-0x0000000075331000-memory.dmp
memory/416-4-0x0000000074D82000-0x0000000074D83000-memory.dmp
memory/416-5-0x0000000074D80000-0x0000000075331000-memory.dmp
memory/416-6-0x0000000074D80000-0x0000000075331000-memory.dmp
\??\pipe\crashpad_4716_KGMENTRIJBRZDQYT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | bb44b5641f892260c7cf303adc740b95 |
| SHA1 | 94d4ae7d81cfc6528dd510507835f95028abe552 |
| SHA256 | ed61af67bdccddee9ac7768c4d210b021dc173e011b3259bbdfd566fa25a4714 |
| SHA512 | f0454d558082fc331979abb15425c0015d42014544a01ba810b4b3fd7319402b5a4f58be14bb644c3a1ccf8a333ce87fd5113c49fd9045abfb94c3ab217fb8ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4436ce51d46061c6800c443cd67b2f25 |
| SHA1 | ac3536f5e2eeadb73bbe3ea88b506707b53221ff |
| SHA256 | 425531c0efbcd16cedf5957f5d6806dceef381f3f96d294110a276c0c9b1d3a5 |
| SHA512 | 14ca7ed77357c2cfd8f8b47e8d687dc07c44280c45194d3fc136389503269bb3cd2e014668a3c87d9e47144571290def3372cbf9dbfecc50a31311e9a54a2324 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9f02feaa818bc01fb6019e421512ed46 |
| SHA1 | 0ece22e92f98fc2ab9df7a7e57c0d23fe1508fd1 |
| SHA256 | 266ffd9a774885fe80eb5cdfd8935aa26e302fa9240543a08c0487ba5040807a |
| SHA512 | 59d8f08e7bc8c310d6255afa3edc2e86950109eb2ee1aae2aeecca6921058df807f96de9008723fcd605d3bb3b0d0aa3feb1fba701f5e8cd5aecd6ef8be0846f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2df1cef4d3bd57964e3ea8a52a910fd6 |
| SHA1 | 723bee6e53abfc598315ca712f2647c7389d2d23 |
| SHA256 | aabebc4b119470aa6079bf676ce6cb50165e31a646d4833b2f469ed2385fe571 |
| SHA512 | 6da446fa471def8ab222c794e512e3972a1d77a627fb8d7fcaac38f2f6f7a145a77810690c1000a15658f9e9d493d1b2ab13122dad6f13a812d3e6479b8d17d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | f74c9eb6019a9e53726d60336de1ca4c |
| SHA1 | 93a2f1af3eb35311de4dd15a83e5abc718ee0980 |
| SHA256 | abd583ecfd010684ccba03861b07c71428401d61e4d89db28cf9b9d1ba473a89 |
| SHA512 | 0111ed484827b2b9a2fda54e6f5600db87ff02b4283f0ac7fdf553cba3399ed04d50bd3c36a42f8c75702366db8e7ad0c0ec6a15610ce2adbdf543c4eca211e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bbd97e44d15592515f36ebf1fc0d2914 |
| SHA1 | 17e8d5472d0c23938fabea54253bea5d8bb246a4 |
| SHA256 | eeeda659bbf9b5f33f28c6a604abd3f730d418082c4b1e0cf33c19f3ac478c6e |
| SHA512 | 7b7c63afa97cc95fe9826fa9bd7c6ac9391a16477d2081f8477963340fda2075dc58f4e5b97f3924fc17219115b59dd5596b745f98c617b22b837c5a81a93563 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 5ac828ee8e3812a5b225161caf6c61da |
| SHA1 | 86e65f22356c55c21147ce97903f5dbdf363649f |
| SHA256 | b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7 |
| SHA512 | 87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a8e20d71ccf6e11dee1ee78a12f4ab14 |
| SHA1 | 0688d9271ce1a61efb55a2ab8c8def9ca6abfe18 |
| SHA256 | 6270a13118bc3951a3174506aac20724ebc34531abcc47bc880ef736c5e131de |
| SHA512 | 4555d183f668595414a41481c285b50a1e12351b4c41ae0528e916b30f5f9a3cf4ca96baa9bc8d34d624fdc7455c5fbf31565812cff1f0a1d9b0fe40fcaf9153 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2119879e170c92cb25402996ef32bb2 |
| SHA1 | 68be2db29278155347d4955c2533df9c0b509d79 |
| SHA256 | 23a0ab76888fd5abdb892d919d0f7521e6b9c4fe234f75f3d1b1d6bafdc8543f |
| SHA512 | a62474a34522941434123a10ee941b9e7a2709c02fa59ba6fccc394084344faf49960fe9fb174e172da22946fbd98a8212182c9dc1b2c40c783be7ba7548ad79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | eeed3547b5fc3857d29163db8ce16472 |
| SHA1 | f4f58c6d624b83a17b3364248c1b6d029e69caf5 |
| SHA256 | e0efe73696bedb872608672602e318e04c8a4a6b93ffd2cf2b7717344ed46169 |
| SHA512 | 8634bc188d89e59f42b7c5947db4936f7e2e43b5ae351f41b1a043232d29453d5d08b02b59f481b0641fad6ce745e114c563bb5656e00962e85e72ce98697100 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | db89e2f39fcfac85d56acdd133d1941f |
| SHA1 | 24d10db8996a958ba4613b28b28fd68f1ae0e8e9 |
| SHA256 | 307235797476d19b28f930c5fa844ffd70489376a5e3bbb9136d2d19a5c9cc5e |
| SHA512 | 0d85d713884a902430736e5300912c3a2a48c7886942894c816e23ee7fe19907113bfd76821a08b5ce4c4f4e82ab04dc377810912c5ab8b30440138e17980a7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d8cc1c36096e027090bb557f5c47b83 |
| SHA1 | 9948261e58771d262579f7676e01ce9ebaeda0f4 |
| SHA256 | 9f6f7f1ce837c5ec12faf56f7feac838b17707ffa7e0c3af977f361d3bb1af8d |
| SHA512 | 084a3400302a685c89bfe5905adc775e1aa001eea8a98764a60135ed9bbb8aeea97b5655506be22c3ba4be7ae32439237415208d3dc4499cada772072184d36d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 151b19f65eaf4257628c9bcd576cf353 |
| SHA1 | 69ee2677957c8cef455fe21c7c53894956df9a3a |
| SHA256 | d4d9e68f0ef687e94b7d1b96562e29d53404d041bb67934f3654aae3aca14a72 |
| SHA512 | a39ca0f8b7b7ab71bb1f63d05b7dc434189d5350271939475fc28d654a3a00e1e5e24533243254ab01867a09a5358400bbddbbaa6072b093680f326cd62fa8cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 36c5bea311cbc4a98878698b961990ef |
| SHA1 | 0586296f1c261dc70f4affaa1efd1954c57fbe8a |
| SHA256 | 7f01c4238976e65a247b2d44af3e5eb09fe1b7a8b88034a2f545ae20ddfc508e |
| SHA512 | 6bf3ee2cdff252b42f4143e56bcfdaaf883ecc35a429d0506647677dfb7c3e38ba59909f76fd8a9fca5f01ed448fcd917901b8e33154ddbba48a0a5019ce1df0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 31203cb42356f8777862cbe0f9d850ec |
| SHA1 | 482a7fd0acdd5a15497cfaf2ddc4682c6ddda376 |
| SHA256 | 6b0a0d0a628c7cd57bc4d09f4c2b5bc7a17ea3efdc82d30b04f544de5b250826 |
| SHA512 | 2e85964e9ac2192a8cc9f5581ba200bf2c8da579a62f4f787e18985094ef1eb446faa64f628dfa7756915918748c27c4df0090819dc830095401f9b047d5c286 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1842146be92e2bb6e2af7ffb6bc43f79 |
| SHA1 | 47bfc2fbed8de050ae33103f2845b84940804871 |
| SHA256 | d596d7440de6d7e40730dc717d5379d6daf20bf11d921776a9898f30f7d41b6d |
| SHA512 | edf21354c61d9b6b73c879edfd45da92da904af33ba3ff55ff065cb491150ed6c83379c86a5775a0170a13bff3125a6752fb422b9deb50771d47d41e5ceed267 |