ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd

Resubmissions

29/05/2023, 18:32

230529-w65lysda67 1

29/05/2023, 18:13

230529-wt5fesda26 1

29/05/2023, 18:10

230529-wr9bladd41 1

Analysis

max time kernel
232s
max time network
552s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
29/05/2023, 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ColorBug.zip
Size

28KB
MD5

34071c621da9508f92696709d71bb30a
SHA1

5817a14b8da5da5aecd59f5016c2b02fbbe2f631
SHA256

ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd
SHA512

eb4c3b5ce9a4d6e979565d44c1a1432272bd2b9d1b83ca6b03ddc9982a5a6c341126ba71bbfd0e8d443ffa93265b6d205c187f586ff0bcb708965d2db6c98b45
SSDEEP

384:Z6HvcubW5F4mPGngeY4S8kep2sx1skClNcnK5VYeymm7/rrYC8Feuumu+lZRmdV5:Z6Pcu65SfY4SdsCbWVjOuGR2l

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133298660282116067"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3564	chrome.exe
3564	chrome.exe
2076	chrome.exe
2076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe
Token: SeShutdownPrivilege	3564	chrome.exe
Token: SeCreatePagefilePrivilege	3564	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe
3564	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3564 wrote to memory of 4316	3564	chrome.exe	70
PID 3564 wrote to memory of 4316	3564	chrome.exe	70
PID 3648 wrote to memory of 4324	3648	chrome.exe	69
PID 3648 wrote to memory of 4324	3648	chrome.exe	69
PID 3136 wrote to memory of 4256	3136	chrome.exe	72
PID 3136 wrote to memory of 4256	3136	chrome.exe	72
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3648 wrote to memory of 2312	3648	chrome.exe	80
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74
PID 3136 wrote to memory of 4004	3136	chrome.exe	74

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\ColorBug.zip
1⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd12a69758,0x7ffd12a69768,0x7ffd12a69778
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:2
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1852 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4632 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5116 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4924 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4700 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=936 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4844 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4440 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1012 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3584 --field-trial-handle=1600,i,416792625388350500,16715637546198492437,131072 /prefetch:1
  2⤵
  PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd12a69758,0x7ffd12a69768,0x7ffd12a69778
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1740,i,34015083054382987,14700835401209025300,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1740,i,34015083054382987,14700835401209025300,131072 /prefetch:2
  2⤵
  PID:2312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd12a69758,0x7ffd12a69768,0x7ffd12a69778
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1788,i,15438877065530344377,5179556917634918209,131072 /prefetch:2
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1788,i,15438877065530344377,5179556917634918209,131072 /prefetch:8
  2⤵
  PID:2840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0
1⤵
PID:3884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fbab354013f22bda4e6b9b30404ff61a

SHA1
b23b36d993d4c87f3969b853e20d354a09c74c94

SHA256
ef46d0cdabc081605ce6dd5e5ffdfd4cf7e1fd0c15e0a6061009e08fbd2dcf05

SHA512
e338985644a5a4af0043c2e8a35e55017e7554559637ccedb663c6b74c75f2203d514adf483ebb5fbbc1b681a0d57fc22d4043f8c173ab1b831dd71216591439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
64KB

MD5
79a20aee919a74f26608afe7ecaa5331

SHA1
91fc2f2fa6b25df299f051828614bb18fae5b026

SHA256
959e961c973f9ffdfd63a46a19f2c2166e5c5d29a24bb98d572475a071b4e8fa

SHA512
10cab1526d87b6e8f7f8f705ce9df64b9280d788d69386a2e3494097864d7412d011e45ecadd18cead5f438a87a6ea0ab0092a93ecad07d1f0343c4d8d2abbcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
92KB

MD5
3870cefe2bbad065cbf62196d4970ec7

SHA1
b3b4a440ce274bbe07c90103a77d21aca8c66d70

SHA256
f86917b7378297a49da3fbf405b10680a0ad91d8ad5bc6f7c52894b8cb0aaf60

SHA512
843cb5de4757bc5018ae7b8eafca41c027edfcc64108695efc0607ef016c6a3c56d9225cd355c1b106af0f9a36302b99c6a62d010aad906ccf7d7fe73884fd51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
1024KB

MD5
19d40b230003cdff2e07eae8ff3914cd

SHA1
21e57e2ab8d24400a977ecc5bc0cf99315a6cd85

SHA256
3e2fd611228acca2857dc9243af15f5598ad4051386b022300486ed1b0f018dc

SHA512
f1349a0458f52f3f6f27e15e59a90330028f5d7bc52447ff59fc675f88f0160e223e168f1b87beaa5bdcd96ad7277df8fb792dfd82b714541e842d04d5fcbfce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
912KB

MD5
8be6ffcbb5cdb108232091fe9a734a18

SHA1
d535a1eee42b8844d05b3f1a8c7108dfd91341bd

SHA256
910cef999a5cea9ef21c8bcebb31d234de9a6a019d557125c8eb49f5d0191b9e

SHA512
2550920ac07e79d6ee2cbea643516906c19cee0ccaa3471126b361b1c0fb8934c46129b88ea1d0f661b4357d37429548a39448c037c8b9b4794b05cd4a28313f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
16KB

MD5
d619769b0d3b8131a7377702d014124f

SHA1
8322e923c37939342f86fe1bbebd166383301e56

SHA256
5cc6e63dcce13f60f8afa5eee98b81d425f9df3cabc4992ee3b506cb12cf5842

SHA512
0e14a32ca5f2396d8069da3f645b4577b4333c9661eeab91b9b437b25104c592b00c8096158da6ea0e21b7ea12139eedc9d9cc6819a219c04fe425b576e44cee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
eab14ec03ac1536337951515adc34703

SHA1
74d02bd9973c95015b2e2f212d74cadeee4bc829

SHA256
1e7ab05d7082bb7d24dbce3dd41ca1a2aafc1bdc59e0d4900953b6940baece01

SHA512
748846c5de37b5f17e3460b002af609a81943c8f64ca39cd4f337658ee6002504d5d74429917d709c602e03c0d75a2d8baf0cb056eb3732765a24b27e0ff9a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
3ded372b8f6f820412e278b6330dc774

SHA1
09563dfd7e1896f478bd6fb016670751b1859138

SHA256
7a63c119f66147f9b105b9babd91b03780b4d2950a1196afb929ff3bd303ffb1

SHA512
7c5ceb6049ae1546475ea599d4b0e8dcf7a426bc4cd0ce4e916a2b8e3f92e750f48c7724a78a8475336902585935e112d550f68f072ef4a6dd9ba04b10ac7634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
bfa68552b32e6ed5e18a1a0e0b8ff61b

SHA1
e6687c4e1cb07a488314df4618d4c6a909d2ccfd

SHA256
fe80a311e33262bb3c23e73db376b85538ebd79fa403451dc103e8a0e897c0c6

SHA512
c7d4d261c09f2168dc9ef43341dd503dfa478bfd00ab46004d29e0bcda236953855216ed051424d963094704df6e69d12a2e60fb8f09f70b3931e1292fc8b005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
aa60a57afb1d739a2b7c3ebed50f0677

SHA1
96c3b980205d68920b560582a1b225a91af7a440

SHA256
7457c280a485e93ab7121c1f46a5ecd17537998d68224b28f02050791f7f19e1

SHA512
1b8abbf64039ddf41da237ee9fa72e0d5ed3e72905e4356c28961afac3e432d1e83367bf8084311a9294507da1e2dc76b3fb285bc1c14935c18f1c55d0385960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f0e589e45cc522b72cf96072c2725a9b

SHA1
0ea56437f917966b77b6938205882bee155b9983

SHA256
86cf2f35294bf0de51fe0d6eb10f5f4b9d6a6030ed1fc7572ad1be14fb838486

SHA512
9aaa734228c97b86848348316acbdb06f2c43d37fae562352de3736c0923700f0d57734c94b9962a28d7ab39e6016ccd6d68bb6ef104594dca6b9c68d3f4b453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a134029ddb7535d7cee207a09a800038

SHA1
a9f035fad55d10f3d5f60fbcafa4009b66ce4554

SHA256
08b98d54d39ced8f420bec919f71aa9fe32d3f366677e86ca13c8c6702b866d7

SHA512
2092fcac12a937cd5a22a5f9bef43949e573afde662f38298d684c1cebdfbb420c4c4cf6a05280b5aed2d6ddaa0a62d21437f714dafa9e1e88538cdaf8642d5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4864676356db3e7cd98a761a7d685df6

SHA1
de39ae45ff87107e4097e9e259d7f63459d10efd

SHA256
695416c874edbc6ccd14625890634bda516783d815381bc843117a941f509427

SHA512
d6f59385510ad09a7366528a212c59f65c2b5e1d3eac18cbfa196a238e203f4bc7aaf113d81be96d6e8f068e95194ba52a95417bcf4caa9150a1467a5955eda6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f1aa37579ec68e51e5af59f54333a856

SHA1
ab0a38b019c9f64edd1f84bb538207d7f05fb49b

SHA256
8cf073931c7fa66ea6c219b8e9e20f8d70577a91ce3e073299123ae5e2a27d5d

SHA512
122654d7d7ae66acbb64874d9b39f825146b6c023dcd135ef3703eb5e581229105a23403672947d3073d59d14e7389d997636f259291bf40cd3744f8532dab1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e31b76f6ca755d97e8a54fa749606611

SHA1
ed8d85ed1eb762409557a957fc3a23dc19277a66

SHA256
2c22345c9547fdbfdcff5b06cffd97692bf7a7fa2d51104296cc126f005f8d57

SHA512
32fe6e68e4e57c27e1e9503944e74ba3ba6d9c706d6ce1d606b89d0565ef954e916e9c3da91725b96535a1babb5c34b72fc2c5e4a9abedbb85c491e47cdb2874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
db53a19eaf4b2362a34499c0eaa070c3

SHA1
02b94a6bb2f922c67ba523192b2c863f9284c68b

SHA256
213ca03679851981f761861874f0a0a8f0fe1deeff3f0ca62b597314000b33a7

SHA512
8dfe35b30bbba1ab5fcda89ddd8e168f6164015dfccb8af38a053bccd4823a3bfb0fa6a1a27e1ca16c8f7c5813b8400d3d0e492e0b3804d527a2c1d3a89528eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
efc32b21294da77a004a2cd3ed29bbe6

SHA1
f0a5c42555c8e19821cb866f3859c66701ada4fb

SHA256
58822a0ee01f86368664b9d694700b8e9cb33ef2892a95fe2f2f288032b167ca

SHA512
34e53b4ce67706e08fb9aa5a85feb2e8fb706313d694feb9d11a8c31064e8339f8eb6862159408422b215b85524ada00353c25b3cff03b18ee089af252752b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
76088b6c48d0b4a638bf85e489c4bd96

SHA1
744e7993f00a754353297f5c75e51dc06428f267

SHA256
c7a7ea9eec72e892b90e425321302b65dcd38c4ad9c9fe2b6eea554f6d620d86

SHA512
433d8e97db77cb4466e2ac6a11177f85d28e245bba9cd6ad2e678a42f06e53cedf70befc2eff8fd80e235927fe811f16389e3aa5f1f6bc70301846f874f192e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c0abefed3cf153f17ce64f2798ae6e7

SHA1
4ef7212e7cf9875cebc9386293aa5cde6c5e3da9

SHA256
53166e00a117996971806e13ef7b661cf27af4adbf99a4790ffce311e35a4367

SHA512
30ad7244c8745ac1196828e1aa6057d198973f5f2465839056a91f28a6b5309f06920d3c291b281ab7472af1b7a51ab8707c46b8c9bd2e2dc3182fb660b24816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
533e92a5d1ab822b86786e1f3a39f828

SHA1
d36bdfa0fb7667bfb3f88b8fd8d0791b8458f2db

SHA256
f0b18ebbc6ba540c8a9c69be9daffeda7b1bf1edd0c9639db2e52e02023a195a

SHA512
7495db8ff40793291173042b7e85599e4badac950a5088143c6af9ae004c6befd4359de8c66e09e5cecf166765af29dcec59fddcb4dfcd94b7229f2ba254e6f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5f60f2635a181c85ecd28fd35a21e02e

SHA1
f3cfb9802cbd8fd82a18dcf2968777d18b9708e9

SHA256
e2206e09f9b53c44f462aed23d520171b2ac4c2866898c45797857449b4c5aa9

SHA512
ac488c8613fbc3fc1f1e1721544b74e569e98ee54ea64d80e1682fb209aa6931845a98f73955bf6439c564ac9ed16ad6526566cba7677a5f033ce87b39ec5e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ab73f8d32f04310ee259d30c1af4a78

SHA1
12796ae0610c0c1690b974d44872712f56d2364f

SHA256
0072b7a8ddad697520cffcb1dcdb68dc5d1cabed19eaa29f0147a7984d2baa81

SHA512
c6bf294f30b76bb77a0ee89ded9886939bc1f8c063a3b2c8a9c6e0c60436b238417b8e6533f2d329fbecff32ff9613768dfeef5e4e8f413070bd1483d03753d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ad7c844633ad2aa0734c43669d87197a

SHA1
da4bc534da8a7a6d3de26eab0cf28f89b94d3c10

SHA256
957acb9f389ca587a23d9f872ea9f19ff975c603560c902f1a7cf9f159361c92

SHA512
accebd9b389344089daf996f13eb8508faa0267667b366b6de5831439f7d650c34bc7134743bac2ff8d103d4ca496667bd11e11d98f752a854c6f931c43d322b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
36f3abce00a66020cd9a059e66db5310

SHA1
0af9c2f3718e1211e5649d0a77df376ff48a74a4

SHA256
9e7ea3f3fbbc612c7216e99d6533841d66d2cea142cea9ba0634d1bb0cc825d1

SHA512
e903baf25195c6c7865a292adc320b92faf0c855797aea9c2d70703213ec861d5c90bfcf8717d13834345c41c17ab1b705568426630e1e6c6eee09fb2ffbbb5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b44ce9c463dad2b89060259ef9821899

SHA1
02a11affa42cba2d55952b09e91b71865dde41c7

SHA256
be480153449118ec3221579e2223ea2a67293fad35ecbecd80d9c2fb83a23312

SHA512
1db132c93da33a5d32d903b53107ff670599f29ebf85daec26ab1cfe24b6f8ba360672e2ccd9751f9f1aba65dd7d79f637500d9c07a24b99abb1856579d17b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
babf43bba1ff124fa22ef8114bd4fe4a

SHA1
39cce58c555629781ad186dd4025c9109c1181ae

SHA256
abe7ac280b17e5bda344e363d943e9220ae99506a25924d83e1de501b7089d3a

SHA512
03ae58d363f95a61563422c272b56510db0d5e2a049eae0f1b283215fea9c4481f2d7bdf621ff751cf3843d2e2ad7d233cfe05cab95acbe845379a1e9884bb89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
493e6784e608c84e68ce10e747c7763f

SHA1
37e16f25e84fa6fc4cc8520b90a809ee65b9bbab

SHA256
e2f8199fd777bb84cb0557c823d63d2dba0c4a026d77a7957d13b68c26359305

SHA512
abfcf0e6d1d6569d1919da616ecd0c93229c54d80e9690fd7be29ac577e3a1289b384e7a6b10f56aea0b8f729c352c659ac086feabcc5a8e0031d559adf2e65d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6bfbc44474b0d937d71d770bf58182b3

SHA1
7a21e2819224dac370116b2d28674bf0c2054035

SHA256
199dff3ad90523f04638563754aa5a6cd7cc47763f0d1d10c79e569b7adbf7c6

SHA512
75673348facf6d6606d1e0179ce4ff42ba758d45da17cdfa77855d5141fec37f8036155c5bd8aa3844b3c0b2243f5aadbcdfe0bf77266f7aabe093ac2fb6bfcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f6dd54dc8a9c61511fed1ebfe7bf1991

SHA1
de1b0883e05cd84f4f39e54b1f97d43e654b556b

SHA256
e0cd7db66bd185fb61f37360f9d53650e8ed29fcd4f83f6df557f5c56ca704d8

SHA512
4a50d26d87248d3bad52d42c29a886304b579d66de171bded36d39700ff6cac3d9a54bf560ba1adf6495c0e6f0e957af38b59965fbb41155cf953eca0dab5e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c230916b4d11eed134319385cc8441ef

SHA1
56862c9bbcdd0555a0c444f70c52f2ba8c22614a

SHA256
406b9fe2e2c7c74dbab310cd462ef9843004733f2300def3391ed8cab17cc0c7

SHA512
6c93ac45e2d54f8c75af7c2e45d48c5561b49b86ba839b850e2909cacec633ff1af31364f06c8cd46fe1fb14dd66f2a683ab9ca10a7929cfa84c34b1460724e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6c4a2d05d59ba3a949eaa22806bb87f4

SHA1
8cbe471ce88c0dc2398e64720a4682a8e31614be

SHA256
7ba4d977b4b156eae77d90cae66757c603ab9d299a7ac7da49ec14fa9739d48c

SHA512
daa29daa4501f79c4a0256d4a11ab5a8a35359b27551443f3f616d0d4a3276bfc17b67f306248cdf2b296cdf607beceec277b532c9b11cc44dc81d9f6c74c368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cfda43e0c8052d40a98be1fdcaf0a72c

SHA1
50b85ecf00f13b374a530b6db2d76ca963c47489

SHA256
ad63d22d36c6de56cce3564b2224a465d1454c963eccadbf85c9943b20510afe

SHA512
82235197c56d1215a827de0f45e521a8499179357f8e5f48795123d5d9e2f3b2ab193b52877cde9c6e3dc2b9ce6f9be2c321f914d9d63a9a194d3e3d3f8c390b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9b4d57842f675116629919820d12422e

SHA1
80704f26b01ba67e921d53e4260969345a972cbe

SHA256
fee20aa7412da76fb134e1b5aaec9c09ff86b8d5d0cdf14b75d784857cce84ad

SHA512
bde55685825e62b3999b3233c3139b0bf338ce3320b8d6c84e13f4d5485c8d8e1bb1fb206444f6a5609dfa60ccc15ec928da44bab78bb96530706472b28389f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56e851.TMP

Filesize
120B

MD5
eef3b14d6087758f78b70d7f0cc83673

SHA1
b290d465cf75d2753578e4eae0e75ec0e05b9524

SHA256
1ad85b8f341bd9820ad5ef135e629495b48468b3ee5bd319a6588de676386dac

SHA512
4ddf022fd373d149f1736c510895aa2ea6f15b6ce3c66001881915a4d0a27539511a7d3a9000acc3f0957263afd9f5a3096907746893104957970fa9c6013144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
1c254a633adb8f1953e77cb3b979f0e1

SHA1
49483c109d23091a5567bea6517d84dd2ba06dde

SHA256
707c999928d269193b2a1d9fc837d3c596c62a79b3b192cc18adeb5b568a1dd4

SHA512
890408b11f18c1a75dc0819653cbd25115bf09437cfb2ba214d040ca5afc64b79d6c0992dab5cf1ac2f979c714151e68949b417192286801507c28728bbec308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
26870776537e3dd97c6497725cc4b156

SHA1
d4ca54e3b4a1dba2520cb40187e4dea45065cd06

SHA256
885496ab336a19e3b77b5ecdbb1a874b2c4db49a0157f3a69a4a9e61e3a79e13

SHA512
6c3811ff1751dc26422963b2e05ff3fb6e51cb02b4af7b6cf9ea77018fd54c243861557ae0b9cd74ba335c14d001f227cf295805b1d3ca95650cbe7954b15102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
ade29d30e3b63d1b1cda6b29ed78175e

SHA1
4c21179be152bebf5619f8fca714d26aea493f0a

SHA256
e50871656b5df5c2580adee11d8df23965dfcfec81d82e8bb2ec3c663393d904

SHA512
012c97e261c25d607820735c4068a0d4a0f96ee04251d2c9c271099dfd18155bb95d084da49a56cf6b9ac5539f64f919dcdd73eeed65b2164294fa446bc8d5e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
b5c724dc129e815867672016dd2befde

SHA1
ec4ac2e207aede6507c34de94786feaee2aa136c

SHA256
98c12c35216bc3ad2f24c11d6929e8e9893d2194738807bfd199ca5591cd51d4

SHA512
3d319812b007665b431e95c6f3853c0544983bf9ae85974f45bd9ebc65b2cd3191ca2ecf6938912d881298fc37f7760b45429d15902e7b9c5af1d8c90fb26593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
f0117079f27baaa32697857e3489610c

SHA1
c8680b83f7e30d2a567e3c862c24057b2c132d8f

SHA256
3b94dee844e1e441d801acc81aee04801ed634a1e9c6d4c3b8fd3138b01d0014

SHA512
132be1549ba9bdc62a3171e107103b19743a2dbe11c2fbe514918cbae259f95c88c42a4aa28f238cbf7f6ef8e97142a95dc0fe7f97448aaadb6031b07a66de52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
f0117079f27baaa32697857e3489610c

SHA1
c8680b83f7e30d2a567e3c862c24057b2c132d8f

SHA256
3b94dee844e1e441d801acc81aee04801ed634a1e9c6d4c3b8fd3138b01d0014

SHA512
132be1549ba9bdc62a3171e107103b19743a2dbe11c2fbe514918cbae259f95c88c42a4aa28f238cbf7f6ef8e97142a95dc0fe7f97448aaadb6031b07a66de52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
f0117079f27baaa32697857e3489610c

SHA1
c8680b83f7e30d2a567e3c862c24057b2c132d8f

SHA256
3b94dee844e1e441d801acc81aee04801ed634a1e9c6d4c3b8fd3138b01d0014

SHA512
132be1549ba9bdc62a3171e107103b19743a2dbe11c2fbe514918cbae259f95c88c42a4aa28f238cbf7f6ef8e97142a95dc0fe7f97448aaadb6031b07a66de52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
06a5698e0581fd82cce6f16b34739f9d

SHA1
d23a27e3c64e6720c93011775ed492d287974adb

SHA256
4fc5427021659c104de3643db867ef5eb537775f45b284226308928bd118e77d

SHA512
453a0e1397275e963222e2c5f0380fefa785f7ee447a8f8dc45110b8dabbbabf942c0636541995603af525fb1b017c5254088bf10d1616b6185ef17d7fa77051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
da4c3df6896f2bfec4fb8202a0e13951

SHA1
7bdbe5cd84ddef789555e8d0d924f4b31568d218

SHA256
32e3ef525c849d5f580fba14147fb9a7669e246477108e156dbdac9ac364eab5

SHA512
0f4319602b26ac0f2197ee0b561d22c9240fca526a8a95e2ee62835e0bf36c91389f134b8a1c2706c194c6e8aee35525b974faac89461325e560846b514cd86a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
bc5fcbca08cd2d346dd1cfd6fa2c6c31

SHA1
1f6e81cb778eadbc24653f7ee15e022f783a6277

SHA256
7f1e48d7732d81cbb6f851de5a75435615755b6c183101fd5b7be070cc6bdc76

SHA512
26d16c43842ec0f2ff3d502b7658f3dafabbc53c068b644d1378d4c2829eee0676091681e9ce375ea1855a66dadfc2abeb224330ef542153a0a2a72b0ceee8de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
3cb8ddad4eff0ad0a735ff718531f1df

SHA1
223db1f665fed3c7b03e2c9d83382053c1df424d

SHA256
d4b975288d6057f8ccee00a05520d3e8a8de977f15fa462c948404d704dd66fa

SHA512
304cef3a510e6b778354ab28d1ea1526661936a5c429304f3fbb5c8f672d88f286a21333bd03a2572a2dff477d7ebe194834ee212388c2e6e0a6f49ea193bf58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
06f62ce00d372671425059f0f73a8c54

SHA1
639037b1a099f8652c69d647fbe16afc5cb02f8d

SHA256
bced8c04dd1697695cc680b219bf056ad2f7fecc1fd02216c937f1e68e89cd8b

SHA512
ab783b897bf0f16b5990fed8eba7ee5b1d46a86cbeea12eea788d91bc9d6aac20491d7d9da485055070557cfb18423bf7a2ccd9017227c2bc7d96d8dbc76ce0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
304bf88cfda3162ab1be7b2312fef82c

SHA1
718f34bf345973f1768ad9a2bcb8346153574428

SHA256
1452783f8a360d3c186b90a4d9537cd045c39df5d74333ed55ea579aeb8a431a

SHA512
f2797c25e9110ffb978f8f0c294c1823a6aae72448261bd1d9e07fbb37141c837e9a3ad32825cff7afcf95a578f68e61d7c8cebd02cfcfdc829ce20a9ddae949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
26870776537e3dd97c6497725cc4b156

SHA1
d4ca54e3b4a1dba2520cb40187e4dea45065cd06

SHA256
885496ab336a19e3b77b5ecdbb1a874b2c4db49a0157f3a69a4a9e61e3a79e13

SHA512
6c3811ff1751dc26422963b2e05ff3fb6e51cb02b4af7b6cf9ea77018fd54c243861557ae0b9cd74ba335c14d001f227cf295805b1d3ca95650cbe7954b15102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
26870776537e3dd97c6497725cc4b156

SHA1
d4ca54e3b4a1dba2520cb40187e4dea45065cd06

SHA256
885496ab336a19e3b77b5ecdbb1a874b2c4db49a0157f3a69a4a9e61e3a79e13

SHA512
6c3811ff1751dc26422963b2e05ff3fb6e51cb02b4af7b6cf9ea77018fd54c243861557ae0b9cd74ba335c14d001f227cf295805b1d3ca95650cbe7954b15102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
ffe9bc7547350945125c46acd77098fe

SHA1
34fd8d2ee135280317848779b7e69bbfa69ed0d8

SHA256
569f055fd098dec1926413a11e691cfebe9ecae9fb04ee37f54e8fab6c9b5a6e

SHA512
e636c0ce9c5f60613a4dc0763024071c4b2bf8abca70a29092f3c0e2db72e1aad29b357d17e4a44cfcf036b0def9b07fc045ef9fe18f1ae2c6608f8f59d57ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
b241433f606d009e1816750c3dc072cf

SHA1
3b7fed51fb8d07043bead466d9e0b2d685989071

SHA256
efb38aba3b3e8a2891672379ee6275de43918d14281ec5a7baa538e9b119159c

SHA512
63268e53889d3d63533069865f6f8c906d1ca3b07112442f6e99078c11af421b633c987efe1b9b06421bb128b0f5e54164013670035996528fce053d284c307d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
753ee338a6e78aa80da9007bc174b301

SHA1
f756cf68ca51842c69d7b296bc693dc0223e80dd

SHA256
45b4bccc6d84a4644175e1e4d2358d4506dd1fb1d22d956df8547914b66e437e

SHA512
b7f6a857c9d75813686230484f506b33150a0650c3d198138cfff5608ae509731c0bccb97a73fb0b0a28d3c5ef8323f36dee5e356b3ce5df51d49660defd7620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
716eb0b64d15c6d20afae5d72e98e6d8

SHA1
0badc3b13d4e986f85f6fef3bd1f9f7cd5d64ecb

SHA256
cd3e5ea603091b55b8b7bb495b6c0ddb0c5e54e45f56fbe993743532d99f541b

SHA512
af0e84bdb443c7a604411c270d2428ed91848845bd766326adab260985500f2ba830b16760097e90c11051afe146b19907c3271e54452f354b5935295e0664e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57efee.TMP

Filesize
93KB

MD5
c137d2c051cfec0c22c6625603f14bce

SHA1
25ed0af8212263fcf196980d2bebb1e611677078

SHA256
188ae38c12324bcf76fda8c7edfa83893f120c708eedd2f718b800bdaab6be41

SHA512
86087f58c97f8a6c2a8060e9784ef2278fd6b92354493fc5feacd44c72789de4b0f609c1e1763a2d5056853168aff2be751ca168687a93d7ac3455cea9044747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit