846794ab91f137ea04c1c530069c9ac992ec43dfbfcafc3317773225a19a0689

Analysis

max time kernel
1800s
max time network
1704s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2023, 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Olympus.exe
Size

1.6MB
MD5

f0be4da3b32d61513371ecf570719885
SHA1

9d19d021c39be9ec83c15877a1076723fe41a257
SHA256

846794ab91f137ea04c1c530069c9ac992ec43dfbfcafc3317773225a19a0689
SHA512

1b7f5b4a5268ad7ec11bdf426c1ea47fe37d4a2563cf840dc31f9c1284065223c1f927c349b7275c914cb1814226602fa4897132e9c5ed92bdc56beef9a66e17
SSDEEP

24576:W7vdzEDnjH0WMqO/om295zBAVz70yN5FsBcGiYt70M:MGX0aO5xNoBcGzo

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	Olympus.exe

Executes dropped EXE 1 IoCs

pid	Process
1192	main.exe

Loads dropped DLL 9 IoCs

pid	Process
1192	main.exe
1192	main.exe
1192	main.exe
1192	main.exe
1192	main.exe
1192	main.exe
1192	main.exe
1192	main.exe
1192	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133287548856704549"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1504	Olympus.exe
Token: 33	2000	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2000	AUDIODG.EXE
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1192	main.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 1192	1504	Olympus.exe	85
PID 1504 wrote to memory of 1192	1504	Olympus.exe	85
PID 1504 wrote to memory of 1192	1504	Olympus.exe	85
PID 4716 wrote to memory of 4920	4716	chrome.exe	96
PID 4716 wrote to memory of 4920	4716	chrome.exe	96
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4640	4716	chrome.exe	97
PID 4716 wrote to memory of 4004	4716	chrome.exe	98
PID 4716 wrote to memory of 4004	4716	chrome.exe	98
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99
PID 4716 wrote to memory of 4308	4716	chrome.exe	99

C:\Users\Admin\AppData\Local\Temp\Olympus.exe
"C:\Users\Admin\AppData\Local\Temp\Olympus.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Users\Admin\AppData\Roaming\Olympus\main.exe
  "C:\Users\Admin\AppData\Roaming\Olympus\main.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1192

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x4e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a3229758,0x7ff9a3229768,0x7ff9a3229778
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:2
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3364 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5156 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1856,i,16833534259487090553,18015206612250078059,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
6087c4d71f67eb60bf7a7b53de34246e

SHA1
f677f6499c9206c71a1acd2347781af201bba1c1

SHA256
0e458d98a19da86c47305f44a7a94be5a563d58a4b3009d3355bc9df2aabfddf

SHA512
d38202d411cd4aac99fffc474ca48bb2c0783f97498600ccb90d8f49649b8007f0f0c89be7449a6c38759f46025f7205aa0639cccbab35c4846429f0b292861c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1c924e84b9effddc137dca0d602f6479

SHA1
62a6bc2bf5c3c0c681f69dccbe9164318191aed9

SHA256
78a53134bfb122a192d71974738887070b396e22c2ef0016e904e45abaeaf247

SHA512
12555c0941fd477d53ebefb403e6ec6a4c0523dc5ab16ae404f09ac87c471a89bc907dd6c4dd7c860d89fea0209d2442104816066cce6f9216afdca5382b046f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
2deafa990b6dab31878eb680dd52a65c

SHA1
8496401322bae697f9db363e596dc021cf261350

SHA256
b62b1288fb878f11385321347886321f0bf23c4fa2f4cdd41efcb87cce1abd68

SHA512
0ef9e8454363266ac67527dc0e63c9c239bf1385f39332ba7a2bb67e455438b2d9f5798b7befc8065fa4ef45091e71c2ce9e5554f34d4febdcde3e1972c65c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bd85fc431729616345294ca45059b591

SHA1
bf0f0838821ca639ce0b4423b34bf4159b9fabd1

SHA256
85ac541cb249c4fc3e1bb135057be93acb052fdd3ce1812e9d274daf19110d8a

SHA512
18ee1277d40be60db7f209aa3202be59b0984986c7736a2678fa93026cc84462977612a49085ad0dafac4a77816fa6e04fca540a2d3b849246253a95e90c8aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
01be3f296104e83fc3d86b301bfb49de

SHA1
b6d6ebe208ef0aa978ada03a09fc30b9b062addc

SHA256
37e915a0398dfe39f09872bfd2332ed01cf23bfbddf459767824df26c711a002

SHA512
bb4431c7c86af11ababcb9a22c458b102af020e493e785e35ed7b5c1ef31ef462ca95377ed2d22415056c1f3ca5c23b5b9a276352f70fcab967c20d0bad5b72f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
433494cc9a39151fca93f4529af59a88

SHA1
c9e1d40ccd47189e16eb9ffc8b5c7d5e8cccd37d

SHA256
b065f42f48b894182d1dae518af11e7194104b7d435c8be3d7958e407bc24b95

SHA512
2bb6d5bcafdbb7e294da6a8d08cbf6b20b204d16c37459c843fdacf956ed6a91f5b1f7c5b5bd546a7f21c12da04218d3da351d7d66d20dd21c18f1d78065d4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
0b55934981b5e28954189334ae374b43

SHA1
2736f4648ac5fbd0efd1b1b620b8f07cd580fd3b

SHA256
1c054e3b43d1e7630b8294863b15ceb138ba38546beac1616b8d673f8f4d7e14

SHA512
6feba7be7a9ac0b8d031ac9db950e4fd745e3985e8d530e38a1d12512f5ecbe49acec14931c8a103914bb9a7a49b812560b8e9c553b3e54fdac0df280a702e91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\MSVCP120.dll

Filesize
444KB

MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\MSVCR120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\OpenAL32.dll

Filesize
786KB

MD5
1642cf4c20d8a6e705155f6e97916483

SHA1
af218d3c31fbd31ab64d6ab291bc95d978c95cc8

SHA256
5417b7908ba39f95433ac3f49a90c8b82b4d29d609af5f5fd54163f9c1f76e41

SHA512
93bb747a7a7bbf2c6cc0814f6b9fc225dd6444bc431a952bbb720eb0b8ccf9c554babf269c3b5c000aaf40146694709888a8ae8c7218d33980dcdfd4181c9604

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\OpenAL32.dll

Filesize
786KB

MD5
1642cf4c20d8a6e705155f6e97916483

SHA1
af218d3c31fbd31ab64d6ab291bc95d978c95cc8

SHA256
5417b7908ba39f95433ac3f49a90c8b82b4d29d609af5f5fd54163f9c1f76e41

SHA512
93bb747a7a7bbf2c6cc0814f6b9fc225dd6444bc431a952bbb720eb0b8ccf9c554babf269c3b5c000aaf40146694709888a8ae8c7218d33980dcdfd4181c9604

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\SDL2.dll

Filesize
971KB

MD5
72d3e6d9bd1a792630d3a2c3b5bacedf

SHA1
ada61df45117f8d32605ce49b884140ab057100f

SHA256
0d8a11cbe2068bb518082670c88921134892e5e60f297994aa5905acbb59e57a

SHA512
1ffbf64ba73a3a102898b12799f3610a7bea1302540d4924192baab034b859d904e319debd255a53e998b69688a20b9864e3f954464eabbafe3e3b0e4817cd22

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\SDL2.dll

Filesize
971KB

MD5
72d3e6d9bd1a792630d3a2c3b5bacedf

SHA1
ada61df45117f8d32605ce49b884140ab057100f

SHA256
0d8a11cbe2068bb518082670c88921134892e5e60f297994aa5905acbb59e57a

SHA512
1ffbf64ba73a3a102898b12799f3610a7bea1302540d4924192baab034b859d904e319debd255a53e998b69688a20b9864e3f954464eabbafe3e3b0e4817cd22

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\libcurl.dll

Filesize
488KB

MD5
23148e96ed43c314e5002e04c9fb2eb3

SHA1
8b9e7cc901735619adb68bac7dae8eb79f3ee21d

SHA256
5ea8f1fa78f1bbc10951cb050560a403d46a212f94fb51eb1afe76847fbfc2a7

SHA512
36942d3e6fa99a68b69c1ac4594882dc5e16fa753f13e1a16e22adfba4280755c0e90a5e8e63c3cf4997df44be2b24fc49d6c289cee2862c152d2d8ef776a495

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\libcurl.dll

Filesize
488KB

MD5
23148e96ed43c314e5002e04c9fb2eb3

SHA1
8b9e7cc901735619adb68bac7dae8eb79f3ee21d

SHA256
5ea8f1fa78f1bbc10951cb050560a403d46a212f94fb51eb1afe76847fbfc2a7

SHA512
36942d3e6fa99a68b69c1ac4594882dc5e16fa753f13e1a16e22adfba4280755c0e90a5e8e63c3cf4997df44be2b24fc49d6c289cee2862c152d2d8ef776a495

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\love.dll

Filesize
3.7MB

MD5
8a70bbf9aa03ae2cf0d41b2d8617042c

SHA1
9304c6f8c534bf77e99d03d95d1eb0c71554b3a9

SHA256
b3bb84a6e6a84fe07accada2d013b45ccd79008e5108ef87bdb85f07dd1ca3ee

SHA512
9c73539609df1f28f0fbcf0e93bb83f5d6ad38ed142ce3e0913027b5f8df6a40564ae67812f67a256c045a28f8cdfff1445d96891883c7f67beb2410823e4fe0

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\love.dll

Filesize
3.7MB

MD5
8a70bbf9aa03ae2cf0d41b2d8617042c

SHA1
9304c6f8c534bf77e99d03d95d1eb0c71554b3a9

SHA256
b3bb84a6e6a84fe07accada2d013b45ccd79008e5108ef87bdb85f07dd1ca3ee

SHA512
9c73539609df1f28f0fbcf0e93bb83f5d6ad38ed142ce3e0913027b5f8df6a40564ae67812f67a256c045a28f8cdfff1445d96891883c7f67beb2410823e4fe0

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\lua51.dll

Filesize
342KB

MD5
63e39f84e3703f6b94f1bc85780fd5e0

SHA1
70dc38ffa1408175b79291571c1d15681053e87f

SHA256
95a60a5e7012bf874fadf30ad071d3bbf4785a6cd189f34b62babdfd86655cbd

SHA512
a0e12c79f21692dafe5144198eb5d2554f05672ed9a992b283e0c4406e1f092c32ec0aa477dfe91f3b2e7092d9e43b83ee5dbe07a035c80d3d804600865a3af1

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\lua51.dll

Filesize
342KB

MD5
63e39f84e3703f6b94f1bc85780fd5e0

SHA1
70dc38ffa1408175b79291571c1d15681053e87f

SHA256
95a60a5e7012bf874fadf30ad071d3bbf4785a6cd189f34b62babdfd86655cbd

SHA512
a0e12c79f21692dafe5144198eb5d2554f05672ed9a992b283e0c4406e1f092c32ec0aa477dfe91f3b2e7092d9e43b83ee5dbe07a035c80d3d804600865a3af1

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\main.exe

Filesize
2.4MB

MD5
a8659c42f9a203bcaffce5e261cddf01

SHA1
02dd56c59dde9f037ee5a9fc507f6c5cfcbed86e

SHA256
081b3399fdec518a7667878b84a48e07e7d16f64967d42d0caf3787471eb0eea

SHA512
14797c147c71789ade3aeb08e8a11fc81a3a3a1de8250371d50eba21b3165995f7b98aa8e2c903b314db1a8ecd33fac7bafa617d387d8208fe371cfba24ec068

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\main.exe

Filesize
2.4MB

MD5
a8659c42f9a203bcaffce5e261cddf01

SHA1
02dd56c59dde9f037ee5a9fc507f6c5cfcbed86e

SHA256
081b3399fdec518a7667878b84a48e07e7d16f64967d42d0caf3787471eb0eea

SHA512
14797c147c71789ade3aeb08e8a11fc81a3a3a1de8250371d50eba21b3165995f7b98aa8e2c903b314db1a8ecd33fac7bafa617d387d8208fe371cfba24ec068

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\main.exe

Filesize
2.4MB

MD5
a8659c42f9a203bcaffce5e261cddf01

SHA1
02dd56c59dde9f037ee5a9fc507f6c5cfcbed86e

SHA256
081b3399fdec518a7667878b84a48e07e7d16f64967d42d0caf3787471eb0eea

SHA512
14797c147c71789ade3aeb08e8a11fc81a3a3a1de8250371d50eba21b3165995f7b98aa8e2c903b314db1a8ecd33fac7bafa617d387d8208fe371cfba24ec068

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\mpg123.dll

Filesize
142KB

MD5
0c9d960f98c869b30dc2774186f7a70f

SHA1
8e249220c8bb702b635f8c0123491a5508311c95

SHA256
81c26ff34f48e8bfb3f45a46ca47b5465fd97158170bba7fbdd9fe6766b1e1bf

SHA512
5ff2c531865bf18ee3890ea0d1c2977a3f8dab18969461c7fb99735083b4c2b2c7dca0f3f7ad87c89a02facf1cec33fd0e297f29e5225574b09971e1577936d4

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\mpg123.dll

Filesize
142KB

MD5
0c9d960f98c869b30dc2774186f7a70f

SHA1
8e249220c8bb702b635f8c0123491a5508311c95

SHA256
81c26ff34f48e8bfb3f45a46ca47b5465fd97158170bba7fbdd9fe6766b1e1bf

SHA512
5ff2c531865bf18ee3890ea0d1c2977a3f8dab18969461c7fb99735083b4c2b2c7dca0f3f7ad87c89a02facf1cec33fd0e297f29e5225574b09971e1577936d4

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\msvcp120.dll

Filesize
444KB

MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\msvcr120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Users\Admin\AppData\Roaming\Olympus\msvcr120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
memory/1504-133-0x00000000001A0000-0x0000000000334000-memory.dmp

Filesize
1.6MB

Download
memory/1504-137-0x000000001B230000-0x000000001B252000-memory.dmp

Filesize
136KB

Download
memory/1504-136-0x00000000024F0000-0x0000000002500000-memory.dmp

Filesize
64KB

Download
memory/1504-134-0x000000001B0B0000-0x000000001B0C2000-memory.dmp

Filesize
72KB

Download
memory/1504-135-0x000000001B0D0000-0x000000001B0DA000-memory.dmp

Filesize
40KB

Download