83fd3eb8248b4a41ab7bcbbe193d93e57bc0034d20259c6e21dc6a427cfe0dcd

Analysis

max time kernel
36s
max time network
153s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
19/05/2023, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roshade.Setup.3.3.1.exe
Size

5.7MB
MD5

fe51cdac1d70cc17a57cae25c164bf47
SHA1

814144cb9df1c25942321ff04bb9b64ba55fc5fc
SHA256

83fd3eb8248b4a41ab7bcbbe193d93e57bc0034d20259c6e21dc6a427cfe0dcd
SHA512

87c02c489ecc68a186df7e5d2c5dda3d7ff594fd4fb19a2dacd8556ff91b9a7494889a466a28e930cbe02a57247f8042c1d6e84c91c064c4acb40f8afbcc8075
SSDEEP

98304:wSUoEyUQRr+SLX5fuK5QBEcMXiqvC7CjpLgMFX7e1V0fZAICcB5E3d66cIKwZ/0e:wn1QVFX5fZqBEcqvC2jTx76V0BACY3db

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/832-54-0x000000013FA00000-0x0000000140673000-memory.dmp	upx

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1900	chrome.exe
1900	chrome.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: 33	2020	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2020	AUDIODG.EXE
Token: 33	2020	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2020	AUDIODG.EXE
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe
Token: SeShutdownPrivilege	1900	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2004	SndVol.exe
2004	SndVol.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2004	SndVol.exe
2004	SndVol.exe
2004	SndVol.exe
2004	SndVol.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe
1900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 988	1900	chrome.exe	31
PID 1900 wrote to memory of 988	1900	chrome.exe	31
PID 1900 wrote to memory of 988	1900	chrome.exe	31
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 384	1900	chrome.exe	33
PID 1900 wrote to memory of 1988	1900	chrome.exe	34
PID 1900 wrote to memory of 1988	1900	chrome.exe	34
PID 1900 wrote to memory of 1988	1900	chrome.exe	34
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35
PID 1900 wrote to memory of 748	1900	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\Roshade.Setup.3.3.1.exe
"C:\Users\Admin\AppData\Local\Temp\Roshade.Setup.3.3.1.exe"
1⤵
PID:832

C:\Windows\system32\SndVol.exe
SndVol.exe -f 46204055 23865
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66e9758,0x7fef66e9768,0x7fef66e9778
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1220 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:2
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1556 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1668 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2364 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2480 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:1
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1448 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:2
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3728 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4072 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3972 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4500 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3920 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2392 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3852 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2532 --field-trial-handle=1292,i,11694824243853098747,11544408006882415563,131072 /prefetch:8
  2⤵
  PID:2360

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:908

C:\Windows\system32\SndVol.exe
SndVol.exe -f 46072977 25
1⤵
PID:2356

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2e43a072-a710-4753-a84c-621e73e4f702.tmp

Filesize
6KB

MD5
df3c35a0a6be2273e6a5fcd89a28bd0d

SHA1
c1848be73cdda738a5479b8fc5132b216ff102be

SHA256
015b7781892d1562868d230a1ea953f81714694235f0b3999ae1260e1e7f5470

SHA512
d0480637df70f94dfffa2a25e12033aebc44de983064d46317d5aa9031fa3f3045bb4465fa5f9bc46b8a3f2499159623b3eec1bc048b600e092e7028ff6b1701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
47KB

MD5
70388d1d15f80f0ddbe58dd2a9095949

SHA1
1f6a1d916905e2dd0347b22085cc1da0fb646a5e

SHA256
395c789048e6fbf5c98ba7562a8b8265885ddd0eec339de55173ab83d3aee618

SHA512
8bdbd091852af9cbca6f9e1c69727a067361c2718cf575f7c543e88bef92da71979ff073d8071386ecfc6be3d7d5ad53253da7f5a830fdeff5ecf6a2b6f43843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
739KB

MD5
5f8dd8fd4ac304487f85ecd4f2ca10a0

SHA1
2b0f9b91b410578d52e549810e2cffb1af6a6481

SHA256
b7b001b3a004813a31376ec3b9434a27148bc1985303ec7bf532502abb26ec09

SHA512
6199e5ed0ba4d91bbf755a4212e0885fe099022c6490560f6ef0112d951b15f05202a2962133f1bebbe3f20380631b60ef87706a871c612b68fd14467bf621d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
32KB

MD5
c7a6a78339c9ff2eebb5c5ae5490c232

SHA1
889e8618172d9dbd21ad8e380b07c510500af108

SHA256
52d98810c25135040dd0d432aaa1d1c8fbcac19f641f0a2b8dbfc0ff48ff44b7

SHA512
fa84b5f10aeceea3252c8e26d5dbb1e7a9706dd6605f49b93912ef3858501fe8178729ebc9a17ea9e236ed1160edd35abf924d1bda29e5a1a9859f6854385019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RF6cc0f0.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
855B

MD5
b85179f05816279a3563ac26d0fa0c83

SHA1
f786ddd6bc13d2a9b05c856a288d3728cff5cc1d

SHA256
2151a1254c057bb8f27032160fcf5e71f35cf19794cdc66dbfee612b14dc14d7

SHA512
aad2242c2bd6c72281ee279fe07eb94b250ee7d8ee7cd50650aa4e27e766a4abf0bdf4a7cb60b109c60794ae66177bf517a44935dc63b9d0687bb69a25fad94e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
525B

MD5
4abd89e94bd27f76eedcab68cbd10f7f

SHA1
5d5e4fefc382f9f70bc636cc3d4444b3ce9ecdbf

SHA256
d4ef48e84ecce394b4f921f568134263fdb5d14e60bfaa917b2a661851326920

SHA512
9a76567b526c6b1b5a85671e02d4eceaa32d13c54c543d2763f5c195942bc46dff33d988e9352186a18504cef2d3514b4f7bae871d4b75e1503332f799883fc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
dbbb4fe750f462bb5eea1fc7fcf7351f

SHA1
0e68db7f02d6e4eb99c6a1f5d5e0af61e2dd19fa

SHA256
05a65771e56305e30c94d88430c2075492510113b1d2fa726761b1d9005e8dc5

SHA512
2d31dbbeccddd6059be07e20dfdf587abbfe0599eda46b030ea645a7034e8f54e098d91fd32189365213364d2a934530fd4db77e32b80bc0e01539b23460aefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
22272d8e3d0587d8ed1d0eb4481d832f

SHA1
54923efd3af8ae86fbc4cbae21263a84885ccaf0

SHA256
8820a5706ac1a2c123af5357f3ef39f1202363c8cefecc8ddef49a0fc8752f33

SHA512
0c06aa25b635e7c2d96780d248ca88a23fec1ebec23f399a7929a908b2fa37e28aa97e1b521a666e3a1dcbe7a086ff9c4ed5c413047ae1ccf574270b6d96bbc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
d59e66e2c5d3d9d25f85f8243f3c1cd8

SHA1
fffdc131cae38754335e1c7b688ea944a6d1f432

SHA256
1c3f97e9a10b64e50822d84b91f4aa3f63291ae6b214b57a9c454b293388c6bf

SHA512
97268df8be171a141ae981178b7a017b3434a211515dc09c7f58fd3f72f9c2eee84363a227602cd5ec43cd170680e8ea8ea0b247cc88d22351d2cfa1e476cd2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
memory/832-54-0x000000013FA00000-0x0000000140673000-memory.dmp

Filesize
12.4MB

Download
memory/2004-55-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2356-432-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download