Analysis Overview
SHA256
20be8d6207184dfd8d235813a15943d41c17434c5ba8d044f182161dca2b33a2
Threat Level: Shows suspicious behavior
The file nezur-faking-unc-v0-9bo7ts6at0od1.webp was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Enumerates system info in registry
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-04 16:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-04 16:25
Reported
2025-03-04 16:27
Platform
win11-20250217-en
Max time kernel
111s
Max time network
112s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Release\xeno rat server.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133855791171494885" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3835819470-2031661444-2626789713-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Release.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\nezur-faking-unc-v0-9bo7ts6at0od1.webp
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff30fcc40,0x7ffff30fcc4c,0x7ffff30fcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1804 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2328 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3116 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4304,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3756 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4588 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4560 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4548 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4560 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3760 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4620,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4896 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5052,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3532,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5224,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5008 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3312,i,16244876099952723695,4978895998538370920,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5100 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.225:443 | clients2.googleusercontent.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
Files
\??\pipe\crashpad_2484_VIANAWIDAQWMGEES
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2484_79891900\2445191e-1dcd-4a30-a4ea-e20432bba9cc.tmp
| MD5 | eae462c55eba847a1a8b58e58976b253 |
| SHA1 | 4d7c9d59d6ae64eb852bd60b48c161125c820673 |
| SHA256 | ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad |
| SHA512 | 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2484_79891900\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 5b85c31c891757f20417d9750eba67fc |
| SHA1 | 4dfc55dd0749cced4c32a2801e74c164be83829c |
| SHA256 | 77b908cc8f60727f61c02a2d3fe32b04754e1f52c9ed977d5b7e5e33c5f0ecb6 |
| SHA512 | ef03e49902b412c99fa3f6faa7f3773a3e7d72647c3ee294278d705f1ad6a8f18f9be833e6b7d49091137462f00769ceda973ebbcf26c2d79915d0516ff7aad2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8a1d469b4168af6559cfa6d7929d75f1 |
| SHA1 | df54adc38cdafa359bb9da6b296c76426f4952ef |
| SHA256 | 84bd0b1c68f4ad5aa211f7b9ee2bf5f5c076dbaceea371e3779d559ea6cbb795 |
| SHA512 | 5b9fc0e8287ea65b4a5504f7ab798a74da78dbe9a72477d9c45e534366721c1fe239dc1c1ac0c000a2751eb9bcb80767268313c99abdcd47475b336bac10658f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a7e5f96945853612b78c1e683b14896b |
| SHA1 | 04a25db1488f7d28308ac85e275755c5f56d6993 |
| SHA256 | 0a7366a5ac60de7c72913d5a3da7ec8ad71bedd20434da209324fd518d3d948a |
| SHA512 | 323ed4a950fb9e68ab5fe9e284b5f2b84d27bbbc43e21059beab9a3b07241242511afc239e870e9f22c042628e3ca7b670ae6a0929875d1dad12d067faa39c73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 87430d5e53f47d7ac9b96c2b06fe9452 |
| SHA1 | 4e21f7d85959aef4a04360ce238e18907a2d5dfb |
| SHA256 | e73fd22b89ca0e3122bc339a24a5c932e7bcff154f12658e140ad456e2b7bcf4 |
| SHA512 | 5e23f7fdc1e4aa9544207087c24fa675de563c03b319877326801ff42cd05c3e816969fc2e1ee29c51436f743b0b213b111f5180cd6426eca7613bfd3d50f757 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | d207cc6baede852b2b32c95cefbb67e2 |
| SHA1 | f359b115929a93267857085d60854b6597e128cd |
| SHA256 | 35336b143c7bd56540675c8b16c2f2dc3e6ea8d85d28bc9fe09a177a10bb7923 |
| SHA512 | 47a8a85b65d3373c650d76212a57ddd0a7e8d5a2272bc69ed3f4104bc1b198038355efd82bb72119b637cc84c64a6a2bcccaf7c928d56c0f600f5fd7fb3f9dac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab098029db724b430510b0c583f3187f |
| SHA1 | 2d66d6f21b0771d128fc618b6def40008d989b74 |
| SHA256 | 9122643fc19a68925b87a094c747c0953b49abaa3a1976b551de3afb10d79070 |
| SHA512 | acc15c3379fe879788b3850e2dbda95cb270cadc57e17434e2abf19569f9438426e307bfc070c0fe04c4d2c232ff0869f685c29b1de268c06a772f662bf304e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 64a70542c0c1343d038b40c8d3d33ab0 |
| SHA1 | 73d6ae98a7531dffb946013d5167a16abb9743f2 |
| SHA256 | 07bab48f3f0f6703d1f5f3a39a7af67a13756f27785ed88968781818683b0d7a |
| SHA512 | 794f6ab945bed7b654bc41de570519f10a35cd79b6440998d4f024f277fb6eef8015d6c4a1115cfe8f39e6c110e6135663b5d917b1ff5a86604b84fe7502f587 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d17879d882ade14e931b5d3058d4d648 |
| SHA1 | 8ddd7df44466bfbc0a0a4984f0ca1f85efa7744e |
| SHA256 | 8f5e69c5b92806b38cfbdfcd7d5694c2fc2c680455151032bb56df504d5c888d |
| SHA512 | 5bad2701127fa570dc576baa6ad69889055b953ba1ffa19dfc754d52d33e8772bee307274bb276de8c3df39b6a0efa76563396fc570f8b9bdb90751f24331838 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c78a8ad48b5f8e8c3a19bc827d3837e6 |
| SHA1 | 13b45f83967345d9c54ecb6469548139c8daa2eb |
| SHA256 | 1109abc2b7a01f557ea9d2722583120bfe1c5c02d0f80f7c21e7a6719b8c45f8 |
| SHA512 | a49013132f312ddd60f9419f3fcbc9b19ae043b045ebef08266c25d82388bb9d4012c29cf19bc550d85cca4e8ad965c194644dcf3503c5d13f4b66af9e6e1e51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c246eee5d755ddf252566617fe9e1dce |
| SHA1 | 8faaae94fbe4f449a9da611bb5928b4cd1b2eca1 |
| SHA256 | dcd2ea4aa257b80e29c819eedca6c4a897425cb6ac3a27e5519a5cd41ec12ef2 |
| SHA512 | 01d36f18d6ea7db6c4989e0ecba36f89ec3c8fc3415bc41fa71d9a22587546bb8b052dc7082851c6c5caca13e8d320ba4ac19aa59a5d21c4ab1de02768fae64a |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 2237e76835bdbe6de268b1c9ba8c5f43 |
| SHA1 | 9d0ff481e1175fe35145cbffbaa43e53e23915d4 |
| SHA256 | 428d10927769a7e7f453af3bc213de9ea562e58e27bbbe892b7077fc1c41413d |
| SHA512 | c34bc35afb397237b9a3c23234fd61bae0c49d86389b6eb721c2fb47c17b0036dd9eada47ccce557d8ef962267c9933e47a9971948e5f109f5a05dc46e079bed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 57f5af550c2af428905530b27b87b080 |
| SHA1 | 3395f1366be3ac41a51c6f049c87a38e7086da33 |
| SHA256 | 3a160fe7fd79d539ccaa8edad5362a805f0fd7fa4ae198c49a191a34d8cfeb94 |
| SHA512 | db3552b13dbefa3e1c6259f70d16f245e6cf44023b920cf50aa43862649aa238176984c61701f12f6938dc12be8a5226d9624138acdd2a145e1bf7161b45d321 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cea1e3d3fe00045313bf55ae09e653fb |
| SHA1 | 5a7195e12ddc57907bd2ca0a29529c9146541d4d |
| SHA256 | fd251195f1f607a4c012823934e20a0e6b9fd0d7f03466ee23d7353ced2d7088 |
| SHA512 | f38d287c59ce0d35fb4915f4ad52f6604d700443a488f167e4eff5e8056b34b5d158de22d827596ebd11672e50da43342368854d1965f6100bbee02eedb1deeb |
C:\Users\Admin\Downloads\Release.zip.crdownload
| MD5 | 89661a9ff6de529497fec56a112bf75e |
| SHA1 | 2dd31a19489f4d7c562b647f69117e31b894b5c3 |
| SHA256 | e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd |
| SHA512 | 33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f |
C:\Users\Admin\Downloads\Release.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e8dec92f68e2b58b633cc04887c2d55a |
| SHA1 | e86f457437f444aa563953235b95d677f5064c33 |
| SHA256 | 100cf67b7576e5a0427c29d8da7cc34641d0bacf4f934109c52861b291f25a4a |
| SHA512 | 788e28a1d303177c96cdf850419f086e83bb368c93d2b44f8b1269e53925ff529eaa12e5befa201e8af731970b3f372ae0173d37bc438363f7f0d163655efe69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aaf35edb8c411de1aea6c260cfba7844 |
| SHA1 | 695bc1fcb0fb189f8aaebdd897f990f875a04320 |
| SHA256 | bebbef18228bff6bb9a493e1f148dab65e8b7baa52162b67f89957f79e6d4122 |
| SHA512 | a53ef74f3b05eaaf5b73f646b3abd033ae2a9d7bed20d2402ad58fd959c86b8148618a0576ac4f93e6b7a5bbe425640c8f7b9e5d5344ec95792d8d4d2ff44739 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b6240c2983b98d4b6f721bcbeb09b416 |
| SHA1 | 00d826521be3c716961a267c37af56659dc66a9d |
| SHA256 | 5772cd92b0b78ca60811331b5e9d1a135ead3ce0544ab39f8a38eab66deddb48 |
| SHA512 | 13c6c58a72bf8a08adbce853ff331983748adc9fe1c5110f8e140e1a7065fc9cc4cec8acb6b055957f6ff0a779b0f1dd6bde299a92562a14b4e17f826b0a8a33 |
memory/2268-660-0x0000000000E20000-0x0000000001022000-memory.dmp
memory/2268-661-0x0000000006140000-0x00000000066E6000-memory.dmp
memory/2268-662-0x0000000005AE0000-0x0000000005B72000-memory.dmp
memory/2268-663-0x0000000005C90000-0x0000000005C9A000-memory.dmp
memory/2268-664-0x0000000006D00000-0x0000000006D14000-memory.dmp
memory/2268-665-0x0000000008500000-0x000000000851A000-memory.dmp
memory/2268-666-0x0000000008520000-0x0000000008532000-memory.dmp
memory/2268-667-0x000000000A420000-0x000000000A442000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a7dca302df883e8989bd82b1a03b3a7e |
| SHA1 | f8713def6b3146555363d35a1720d5e190680f8d |
| SHA256 | a755cb1bda7ef731d04275a925eb67ea204b1245562b318903eba984bbe319c4 |
| SHA512 | 5756abc78121ec069d481306659d1a6797c5deee185b3ced1baf1f92756523b403c80d237edb35126890aaf023bbc05874535db72d49cf9e83fded7414c70265 |