hxxps://bookreading2024[.]net/cl/Nezur[.]exe

Analysis

max time kernel
223s
max time network
231s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
30/06/2024, 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bookreading2024.net/cl/Nezur.exe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642487603344792"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe
Token: SeShutdownPrivilege	3708	chrome.exe
Token: SeCreatePagefilePrivilege	3708	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe
3708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 4660	3708	chrome.exe	70
PID 3708 wrote to memory of 4660	3708	chrome.exe	70
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 4524	3708	chrome.exe	72
PID 3708 wrote to memory of 2104	3708	chrome.exe	73
PID 3708 wrote to memory of 2104	3708	chrome.exe	73
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74
PID 3708 wrote to memory of 3600	3708	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bookreading2024.net/cl/Nezur.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff38f89758,0x7fff38f89768,0x7fff38f89778
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:8
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1488 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3156 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3228 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5168 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5328 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5368 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5532 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5792 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4532 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5144 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5944 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6080 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5948 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5344 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5104 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4804 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5292 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6600 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6744 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7072 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6108 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7148 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6108 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5976 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6028 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7444 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7476 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7504 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7332 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=3332 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7892 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7900 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8516 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8136 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8476 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7888 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7312 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6052 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5992 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7936 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8080 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7116 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7720 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5964 --field-trial-handle=1660,i,10728622062451325634,9418428282318586903,131072 /prefetch:1
  2⤵
  PID:5804

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3a87964ea2c24d594907aabe40398db0

SHA1
1865b48c69bb7cf419755de9030caff0efcb1d5c

SHA256
7668546971c3db6d2e8c09871bf2b25e1a99a17b61fe3fc5b98c2dced003a30c

SHA512
db896ca747ed3c609d151e2c7933c4f605d9765e2b54571febedf3a4d20cad2209d6c866177c778fb0149f81bf271e10f1bd19f3c4bb192906508d051b364e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
069cc9c6fa3ffeac2fd6cfb99368f030

SHA1
4ccc8923d733d3c8a33ff5b2e57009813d6fc132

SHA256
df99690b844d2621337eae5367c941d5bb7f2aca9c4f61c5598aa346ad644f5c

SHA512
d22fb7241fd89958e7d9a37e14a7db42309308579d4e14a945a7738b5b0814ed6b33524b4ec485312c12ef16f09acd6f9e84dafd1c44afd7381705f154eab117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
695B

MD5
3fa17794c73ec253928fe0e699e9f6aa

SHA1
7f26c05b1e212ff28b8964b45601d566e7b8a0a5

SHA256
521d1f9a98bb39fa0ee31521831edbc2bf7b0ebdc1d0dd1593006439150cf069

SHA512
3ccb2aebf3f013ea0ea90ae2093c0332f84cecd5595d453dbb21020aefa5351b8fd9becd2021c4f7caa4afb71ee105d5bc442a7848d9c7741b1f7ef93e386297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8ae51687af00d9b814fcf47c6fee596a

SHA1
b70705d385162e5ac54ad91c7bcf1656f42fabfb

SHA256
cc99a50a37c25a12d37e8d80cc212d30306568b6a7b55f6b5e8028753b9eb1aa

SHA512
9bb51e4a7baf914b9383a1fd0c90b6a972568a4c19a736efb0059fc73c1294a76dd25d7c201f63cbe4e8d99cf659c77724e9a9cd3980acbeb4df7c7bc10dbeb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
bc389b1f36355e6b509aefe441cdbdef

SHA1
4a51d483538afdd17cb8bafe07b665f60dbcb575

SHA256
e92be6f7f21ac08c604ecaf6bc551ad005fc1303c8e16ab503088f8903417ad7

SHA512
21db8a465a789dc69d151dfcd9590f4c780cc275149b19c7269658ab9ef4ee0683582200a8a07676239824bebdcaeec6a39ae5108afae00c62b30505357ccc9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
48e3a257a5c464f8f3c22932e60094ae

SHA1
e6e2587d781b43f488c3c00083ba61166d4e05a1

SHA256
816c116e2c9a3fb31f57614f6489cbc60ee968509925199900fe68a970f4a3e0

SHA512
e5268c579da8f8e1a40109a8531a919845c1d4dbd5b331ca6a7674cad1f68c8cbc6f8cdef7c01f24685301891be971386e5ac0f1ff1d3a33d5cd1a8cad5607a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFe59bb76.TMP

Filesize
706B

MD5
8aee64909cf213471b4608022a55d5fb

SHA1
5ea2e714d846b9411091f6632f8f4e6e4a7079e8

SHA256
cfada40e09e6b77a91ac0e3ff62fd18e57e4343f3adba3f797370921bc699936

SHA512
4e7c6787bd594380726540fc5218f778d434cdfe35739d59b66f63667c19919b2b3dbcf1036ed45ec91d158be13354ae2df16378a0af7457b5a96c825602de49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e00ae0f056e9abb80ea52b0d0e61a809

SHA1
c678a665ba539c4c5aaabc9676f32e2a564b2a23

SHA256
3e6ffa1a05c81f3293b3964b7c08e56c0ce1b257405bd3a4fa3a1bac60ba5a46

SHA512
d2dfdf4f0c5963891ab3df74977f07941b3171f451b67a4071ea67f5a805f1cec26f5abb1aa43a9c46a39f08e7b7302cdc7d8c48df8a14c080dac673613983fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bdba4b4b85304949a708a7edff77a316

SHA1
743d97f392fb9f2686758b9b364e29dbed0e2191

SHA256
b6db65d1060f205b9c81101c9f4e8331d43ff65c34d698eb58830d6071cd2e31

SHA512
badc35409ab6f6d40782161b3efec60eb8e65ed169f9fccfa242eb1fe408e1b22b5629e1f9f34717e6c18ed08e48a88952192c80f7308cb3895d5e84ff359f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3632d3779406057a5b213b6487820aad

SHA1
1d6cb57506ec4e2d521688ccaf35965a0cbc5e5d

SHA256
0598322a149c54cf1eaccaad68b310cc612957adc72cbc3c26376837d9e4e8cb

SHA512
e5e4d6ec2839086f2396943a65ffdcbe9a2fab7690d74831d0999161e2bddaf61c89cae866350bc5d890bc1f70618d9a26a5225d9ad4f37bedc6c92b3fb870b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e79b20651cedb8c471824e815d4e8868

SHA1
e24191c1cec69b3ba98fbbbd58f3867b97081cc8

SHA256
048548ed5e177c18247f63a9fd9bcac6430c53ef88f0dae0e0d14dca0587f636

SHA512
e2e1613334d9f5e97d85b69eba79e9b46ad533cc7c80ffb24593967cc1d205a119412ebc05cb9e9d9138d4c56d74635927a8b7f521ad1900b06e0c49664579dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b47c5965b3cd34bdc94412a374abac98

SHA1
dbf088e80ed3bcddad5f3f310657bd09e963fa72

SHA256
f254a8a8c4fcb9bb1e35d93c7915f759892c85d711107cdffc040d3c0c3d70ed

SHA512
d89486158f29e28d6266af72acbb6559c50933286231a145b3df9f80931ff7a6c51ea4b7b384f34bf176d43a7583d24faf9cf1e61ec87e6c286112b3990658a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
29a42647267b2e4db5bbcce84f12dedb

SHA1
6a864565d2ee4cc097a1da7f162df95e9d361794

SHA256
35b50bceda944933056ac5b42e191668f08dd6c2f6d80fa6e6a69050cd1cf185

SHA512
005109b03570af98b5c6f1483d485b82e148c77109306df9738e051f076903e94873ecff1b013e06fe464238b3b4b217143ddfb93b250678b3e072c836d09823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e26c3ef619e92364c9d5d43f6defb75b

SHA1
2c0a2bcabc92fad8abf42fe72b29d880fa543cd8

SHA256
6d0b85085fe50341218472e0777500e5c993a664323815f87bed729470a89057

SHA512
f368fac7ba6805c51e0a67bf02746145dd21288ac247266145785d7cb9f95317f788f7dceb444411d0d00ba0c16b8b7c9487d29a11085ce795a2cad3357c8c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
53a3c26df63776de50d2c5294bc50a1e

SHA1
82cfecc288fc86ff73cfea5589018aadd62b914e

SHA256
570a20629b9f192512c7fc5e6e950b9f1f14b742f2f9e34e1784b80f53a167ef

SHA512
c29b46f94ddbd51c7f31b68931e158cb937104a9c51e12e09c6ad4ec792fcdd454a93e32da98e091eeb39ba39902c94adfca6f58493f8a85ca153d04a287221a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
79fdf2c13c2e923b9ac9fbeaaa8392aa

SHA1
903040e7c1d263f1af91e5b31812f09894dbe606

SHA256
bb52d26e137cd9069a3d461da5dd9bcb60d3500ddf86154dd70b641e77052810

SHA512
fb6235ca7bf3e795d6cc4575b6e70ec2ca3e17e55589eb6f929864bb5290c32ff4eca9ee1d6999a1fa3d21bae6eb6221237b78f8219c79a4180fd924339e294d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
175069b059e893d2f58d25c16e652160

SHA1
e229c3849780617e6d59b3297b6453d198d3cb25

SHA256
31ea1d2b25e2787da4f4995a16e1c091bcc288742992fe2c34a4efa1abd4db2e

SHA512
8e4ad8e3c404af796a28818c76a2f90b9bae084e095eed2397b01ff25f2d73692b1b19c31c1bb26ff36f8aea170036757f8073e3c948dce2dc76ab234e111e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
60b0ba506e560525e55c5738239fe6af

SHA1
17dbce7a5ff9d632ceb518406c7ea01a7a8817b9

SHA256
a8004be55da09bb8ff498da03643b14187045c72866b3b371420afd88497e6d7

SHA512
f7d77d0ab44ba6cbd878f3cb2cf9123b4bd2fdb68d12bcd67bbc79be3939e9907d6aafdf80b5d8dd738da38bb38f7176acd0ebf583cb14185d256214f7b52124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a1099c971d78778d003d89035caf098b

SHA1
b40eaf84ecc587986877c86ebd5822875c281463

SHA256
d41ae313d318623497ae3acaf4bd99ce78f24640ecdb93f61871f12acc137271

SHA512
3ac44579cb07490b9f4193a6e877b9c2ca7a1ecd01de8bd5767e0f7ed4a625964a4098a9bffd43518551b8414b86b402e9aa28ddc05bd1956bcbd3d0d5d92dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
e50c9ef41cf722d1fdfc93e322197b12

SHA1
b31c44e1c0c2b6e8395f6234559835cfd8bec29f

SHA256
7dea24e913c7d843b0fc75d96e7e0216687f34b4bce1e673f79d52fa442eb239

SHA512
c2c3b47f5c21651aa75b6a558410d2ee11d5cad3b8958906c9f377e46a4999893d9d77d7e5be06e6fa50df90eb34909b0ceeabf2270c779f20bdfdbd9d1ed56b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
a18d50250ab01ea130b313b92f518eaf

SHA1
a3e9d8e73a8ac501ad5a64b3dcec469fb1811c8a

SHA256
4f283f0384511dedc5964ac3b7debe8558d8fc03e6fdd8e5e461e8a92db1f3d7

SHA512
2585cbf83180246a832f8d74773f5d6262988a36b8296dc4ec22eb0d2c29b82baeea1d154b005c32e383d72fbc4d873cc1128b517b706e78cc9511d7c988d94b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
267aa6b87b616e1237a68cd82b048da7

SHA1
373828ac0bc6680b54f0252842f504faea976bd1

SHA256
bea575458d44fec1f2f0670dd43c346f970312e72827a6b614e6d7525ae5266b

SHA512
d34264869cbcd695513d83012fd8d12bea92095c3bc0bb7b23d617c94f741eee62cecf9e957689e9eb20aa3f97e830c7de34060a76e3533b13d180bfdcfebfdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
26349b0fe7c50ecc02a19347cae436e7

SHA1
2c7e5cddc98fff1a03f45fcad8d12dd8097af1b1

SHA256
7ad0d4be39f1f41e74faf3ac10bc169f4faefacd0e017b28bb614c1b6af061c7

SHA512
a1b32a7563c7eb11c1c863a8a86c22c6781b626963bcb6fb6af174b4381f0768650a48669057ab6a7e1020b9150455921f7e7f8c0ef70743c654702589e273e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
33a74949a8ca41572ad72c8be827903c

SHA1
3305cf66aba7a9a6a4c6bdcc4ecec2b660e758c2

SHA256
e7c324a4e45ffc8d66b97cad43e4cc4afbeef2a2facd09fab9b12bf69db2a0be

SHA512
19d89d4c42c20ae4a7cf91c950904cf0ee47541f5215c529c380bb53b53d7c7ff013baed89a837bb3888cd2413707554e0ac3f83ceed9d577212a6baabeaac83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
56a719b7f7d1073fa52c8626f9272717

SHA1
46d3b7293fdbc436836a2844d8602a14c0c6ebc3

SHA256
5838c08528877f62cce68a21f271deef1172101c55168b810bd01a87cea128fa

SHA512
e2dcddb36650cb03b62497871d152c820751a09ee1916a78dd4c09aa32b6bfd81b6e23eda3c5a0a8ae303fe54e5220a1cbc0a61fd20241ce5bc541c92d7d0a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
191KB

MD5
98251ac1448ddba1dbac2c6184baccd2

SHA1
9adc618ea9928789b8011b91350fc636468dfbe0

SHA256
03872019ba52a50ff52ec78d0580065af64a1e8f975d5fc575d284c488b68b42

SHA512
3dc791f83da71d72caa889d28b0eae4eb0e39423bb139d4686a8763a1ae58ce4e930dba7ef786f5e3876054500d823757a2dcd9b9b8e1e34cbd49cd1ad1cbcc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
aed22578614f000067252e7a7cf90add

SHA1
b5f34eee538b718da763d6ad5c108b130fb562a7

SHA256
7cd659fad204ab7336c2aa39b5c20863776ccc7a6316ce028d44fd10d61034a4

SHA512
f6ec72f1b3c60ac9c46b0ee075ea94252ef721e76368d187fbfbdf607bce667d717cc2a23b71eddbe7731639f7423bcfa0270d6bc55aed01265aa03d18f1c3f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
e72ddc542736fb61946de1b1ce8d6299

SHA1
b261cd35fbb79e419a88b40af432964df8977bbb

SHA256
7c4b833d88adb4b3005495549fa026d27c25741466206c56afc0fa660b75219f

SHA512
71d7fd6a68ea8490a295f9f0477a2bd7cf15312abdd69e4d61bd815210950f2c14b6b4bb8bb26e5a544f478d31c5bee9f93bf18ce32cd1606e87c9536cd67e0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59da78.TMP

Filesize
98KB

MD5
ccdebd1694e79e52badb4ee5424af448

SHA1
c5efef5d0ed34633bb17847fad58f445af3afcd1

SHA256
31586001b3e289474c8ff05ad418e33352420e18e9ade9901b32beb9b828890b

SHA512
3c47306e1f97ca2ada0090dda99202bc4da20c174aa80b3d0a351568f464578c017031238f8a262175a2036d63f502dde8cb497c097e7020b6607426751f8369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
769bec934b1aeae26d90f15e01165a82

SHA1
cbe6e073f84db34232c8a86ff55d1017c706a864

SHA256
494be7bdb79fec0889d25078f68f2e4b2994d71390cd1a983b996fb37b053947

SHA512
cb520ef859f7cd76dc529c06069bee41014eb949a69c99b7d231af6413e31139657f00656d84642fdba89d3d8a48ab611948e9e804c72f175fca44dae62dd0e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit