ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd

Resubmissions

29/05/2023, 18:32

230529-w65lysda67 1

29/05/2023, 18:13

230529-wt5fesda26 1

29/05/2023, 18:10

230529-wr9bladd41 1

Analysis

max time kernel
37s
max time network
173s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29/05/2023, 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ColorBug.zip
Size

28KB
MD5

34071c621da9508f92696709d71bb30a
SHA1

5817a14b8da5da5aecd59f5016c2b02fbbe2f631
SHA256

ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd
SHA512

eb4c3b5ce9a4d6e979565d44c1a1432272bd2b9d1b83ca6b03ddc9982a5a6c341126ba71bbfd0e8d443ffa93265b6d205c187f586ff0bcb708965d2db6c98b45
SSDEEP

384:Z6HvcubW5F4mPGngeY4S8kep2sx1skClNcnK5VYeymm7/rrYC8Feuumu+lZRmdV5:Z6Pcu65SfY4SdsCbWVjOuGR2l

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1976	chrome.exe
1976	chrome.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe
Token: SeShutdownPrivilege	1976	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe
1976	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1920	1976	chrome.exe	29
PID 1976 wrote to memory of 1920	1976	chrome.exe	29
PID 1976 wrote to memory of 1920	1976	chrome.exe	29
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 740	1976	chrome.exe	31
PID 1976 wrote to memory of 388	1976	chrome.exe	32
PID 1976 wrote to memory of 388	1976	chrome.exe	32
PID 1976 wrote to memory of 388	1976	chrome.exe	32
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33
PID 1976 wrote to memory of 300	1976	chrome.exe	33

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\ColorBug.zip
1⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7449758,0x7fef7449768,0x7fef7449778
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1240 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:2
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1568 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:8
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1700 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:8
  2⤵
  PID:300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2372 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2340 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:2
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1460 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:2
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:2
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1476 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3900 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3988 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4104 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3960 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1220 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4560 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2344 --field-trial-handle=1328,i,888459578345838212,2832424060346525497,131072 /prefetch:8
  2⤵
  PID:2184

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1288

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x484
1⤵
PID:2160

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe"
1⤵
PID:2604

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f94e00163f8ddc21af31916fdce3a18

SHA1
6a7a8a994c5a2aa018df26b37c95bfee865cd5ac

SHA256
51b63c0ead62b8b64b53f301eaeed2b497580bd30d16be0c2186d2a19004330e

SHA512
4e89026a46daeebe9ecf80655a53f4e8f3195c3f4b1f8b94c1fe991d0a570e08d7207d535d9779dd7d66dde7908605da7aa0a82d6d4464e6dbacc2f47ae1d2f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5593c1b3c86d1e008bc3b2e3f83eda3

SHA1
db6f31636ab577d9fba74bd045ff5a5a1b4fe565

SHA256
ab9e2dcfa54294798fdb11fabb47e183c401fadb4fc389fde26c33b9f1473dce

SHA512
a2cf3d9ea782703ca1c913505e99e873f4d8f3e31f46b445e59eb3537bd7a0318f3c09b6f93e401ce946709eb7a8a43ca98d574448d94dd983f65d0ea668fcdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
1024KB

MD5
19d40b230003cdff2e07eae8ff3914cd

SHA1
21e57e2ab8d24400a977ecc5bc0cf99315a6cd85

SHA256
3e2fd611228acca2857dc9243af15f5598ad4051386b022300486ed1b0f018dc

SHA512
f1349a0458f52f3f6f27e15e59a90330028f5d7bc52447ff59fc675f88f0160e223e168f1b87beaa5bdcd96ad7277df8fb792dfd82b714541e842d04d5fcbfce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
912KB

MD5
8be6ffcbb5cdb108232091fe9a734a18

SHA1
d535a1eee42b8844d05b3f1a8c7108dfd91341bd

SHA256
910cef999a5cea9ef21c8bcebb31d234de9a6a019d557125c8eb49f5d0191b9e

SHA512
2550920ac07e79d6ee2cbea643516906c19cee0ccaa3471126b361b1c0fb8934c46129b88ea1d0f661b4357d37429548a39448c037c8b9b4794b05cd4a28313f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
253187d6218f5693a82765f0bca7e361

SHA1
e52d59adeadaf9d7e388a6b0f22b44d69f7256a0

SHA256
5e18f2fc9d0308a3f64827efc2f194e5b10650adb7ca580abc422f7905fbf05d

SHA512
74b12b69a4bfdc90ec407f6a9589a24e8aace0c3cdd5d8f11484f7a6cc2bae36d67d4ab03a287d71ef18bd4888a3e674f477d0d0fd35a3fd1b59810f4ec0ffce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RF6d11cd.TMP

Filesize
527B

MD5
73f67c641ef3a631944af6e89a2a2d0f

SHA1
3af70d9f025b5619164e54e1ecb081214c112722

SHA256
ef73ad0f86f032f3ef48be3cfdac080c3fcd66941fe5473114bbdc4203f48eef

SHA512
b5d6ff5da835625d3cacea37819202cc27904a23877507846d898a2ec43bc67f6ad4360366c8543fa8cdc70ffdfd3505a4b89e402c8d37fd0f3f6187ca35c24d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7e9bdd6dc75ba52584b6529f44dfb873

SHA1
9799051b9a43db04b008e0cf238ada208daf2ddb

SHA256
2750e248cb7188b84f0ece57ac1d599867e20459359cad2ed5d83a6ebd767ba2

SHA512
b9ecb0257b30c8bc886f75efa490ec8586e2dd61f978e9eef59de844d7b1230d41b3001c80f1cf6ef5ed85c822c14788e4e71ac8a4e2826fba63dd8ea8edb0f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
08355115759487104261c572f9ac0f70

SHA1
49e6fec784280bfbf7312640839f6750f8ee2225

SHA256
f43163c0a78fecea4b3052966ab52e262ef4abbbb07037097f22f896b2fab578

SHA512
8d396f00dfeea5a914a6ef944fc07c48a3473a75b967a0023eb31a1af567ad3176df9c5ee6ec5d8879ef6d4eb2785d4246652394688fdadf4d5f28045697024a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13329864766189800

Filesize
102KB

MD5
80bb2ce22c8c52a2d6fca47b7a5d1ed9

SHA1
3a09e86ad5b127cd4d8a806090835203924320bf

SHA256
4bf9f2af55997b2ccc07cc98ebaca5afd9c26c7e8341c8256074ccf3dd0f0382

SHA512
54c26d7de0b64b342dd98da4062e836583ee6f56daac229b52f1566039450980331c24598313c2298a75fd368bc8f8fc37dba509030a65776535672269d61aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a9486e1a-4c61-4f75-ac5f-c5ef5fdbee23.tmp

Filesize
5KB

MD5
cf449dc243447dd4ec7020c0cde4865c

SHA1
6ba3196f58a36149c0aedb53d8cfb831d0d58d6a

SHA256
93ce45d52c4db4d47107f8b9ce49d99dcd1b921d94921d339e808df821016f69

SHA512
9eb5ecf231009c40415ba15fb3d4279260202e085c8b9ec6f2d1eaf0bff1840042b4834a32cfb1e83e4afee835113954d36b526ad96c0ac2c8d7e9b03f7455ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d7a2b776-d0bf-4638-9020-19316d171c35.tmp

Filesize
4KB

MD5
b200a4d5352cf707d4c9755999219d58

SHA1
9783ed7777bb9e7c2171efe3a6a79b11e6549d13

SHA256
40d63b9afb008c74caa82447444ae8035408bf8c4e8ab10bb3754501aa854287

SHA512
bc87b5d5676b23639e13f0e22e1f41f768e0c0efaebbf441c1450085c4f813c25ffe1114a4eb17a9dc8ac0961abe512d8c97b5c2a577602e83b181566021cabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
8debf84ea2d6227f7bc497a0d70b3302

SHA1
21ae501f1cbb5d198ed1d55e4a47e78023457179

SHA256
4a018b9ba3ca637784a785a27415fda103b4085316d8bc6ebae4378fa4ec1005

SHA512
40c2ffc798ae156ea76dbae49190d8c8e0b0879c614217af0235a73010cf534cb72941664f00171e94c75ebcff2f43b33aa153a7d2151884c55b0270b5a6d518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
38b1d88cd5a520326fdc7e38450b1763

SHA1
3ae3fb8a5e16462b5631eb1386f943a8585b7aa2

SHA256
8923ec74a39ded7f5ef6fc9e2380106b2dd9d9908fe94d7e4c5fc3179f81c395

SHA512
47d6eba1951ccc547159fecd0414835c3c7249533eb9e0df065b225d3159028b008855ccbe45fe7afd9289e3c3e1d21c31f71df4eca1fb5cce73c2ff5f6c3edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
ca88506240c024251fa27d784ae29fd8

SHA1
a6d447c4f404738f1dd89152d51e2f480978df90

SHA256
f30e166a7be4e906f3270a0b588a4206793b04ba4e3b434cfe8f851ce343a3af

SHA512
f79c7c3097d1eaa322bf92e206922867096c79497252bc0763f872146ddf5972d3f7bf76dc0cdb74dbfc8d677159a9c9007ff007f9287077bd66e224909e2c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
b0b4a7e938225a560641850f9bb5a400

SHA1
e3f13b0878982646b8a397f868be9ae89a6737b7

SHA256
5979101c2a0063894445b95f9207ffc6725b1d249bdf9ca2ebb309bac22a9d5a

SHA512
2f28ed5bff9b5e2f735b819d02d51b5c7680bc01e105d65cbdf964f09a2cb43cb21ea205b1a70751961a15c35bbaf17e7a9b17a479991785426d3366c77a9c58

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBA52.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
memory/2604-809-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download