umbral | hxxps://mega[.]nz/file/E9dkGYjQ#72JvqGL1cLWg8XIiOR5Yoe9tYq3texD4ubT5e0locM8

Resubmissions

12-08-2023 12:16

230812-pfsfdabg37 10

12-08-2023 12:15

230812-pe7tnsdg3x 10

Analysis

max time kernel
41s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
12-08-2023 12:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/E9dkGYjQ#72JvqGL1cLWg8XIiOR5Yoe9tYq3texD4ubT5e0locM8

Score

10^/10

umbral stealer

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1139059592492490775/RfVme7UpS__l5d8CXAj8MEIFt3HBkn0_lBq7XL5xiiexXn-HuNN2OuyCPuWzXZev1fhW

Signatures

Detect Umbral payload 5 IoCs

resource	yara_rule
behavioral1/files/0x000600000002326c-315.dat	family_umbral
behavioral1/files/0x000600000002326c-331.dat	family_umbral
behavioral1/files/0x000600000002326c-332.dat	family_umbral
behavioral1/memory/4928-333-0x0000012BDBB40000-0x0000012BDBB80000-memory.dmp	family_umbral
behavioral1/files/0x000600000002326c-365.dat	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Executes dropped EXE 2 IoCs

pid	Process
4928	GtaAccGen.exe
3320	GtaAccGen.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133363161518963354"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: 33	4132	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4132	AUDIODG.EXE
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeDebugPrivilege	4928	GtaAccGen.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeIncreaseQuotaPrivilege	1432	wmic.exe
Token: SeSecurityPrivilege	1432	wmic.exe
Token: SeTakeOwnershipPrivilege	1432	wmic.exe
Token: SeLoadDriverPrivilege	1432	wmic.exe
Token: SeSystemProfilePrivilege	1432	wmic.exe
Token: SeSystemtimePrivilege	1432	wmic.exe
Token: SeProfSingleProcessPrivilege	1432	wmic.exe
Token: SeIncBasePriorityPrivilege	1432	wmic.exe
Token: SeCreatePagefilePrivilege	1432	wmic.exe
Token: SeBackupPrivilege	1432	wmic.exe
Token: SeRestorePrivilege	1432	wmic.exe
Token: SeShutdownPrivilege	1432	wmic.exe
Token: SeDebugPrivilege	1432	wmic.exe
Token: SeSystemEnvironmentPrivilege	1432	wmic.exe
Token: SeRemoteShutdownPrivilege	1432	wmic.exe
Token: SeUndockPrivilege	1432	wmic.exe
Token: SeManageVolumePrivilege	1432	wmic.exe
Token: 33	1432	wmic.exe
Token: 34	1432	wmic.exe
Token: 35	1432	wmic.exe
Token: 36	1432	wmic.exe
Token: SeIncreaseQuotaPrivilege	1432	wmic.exe
Token: SeSecurityPrivilege	1432	wmic.exe
Token: SeTakeOwnershipPrivilege	1432	wmic.exe
Token: SeLoadDriverPrivilege	1432	wmic.exe
Token: SeSystemProfilePrivilege	1432	wmic.exe
Token: SeSystemtimePrivilege	1432	wmic.exe
Token: SeProfSingleProcessPrivilege	1432	wmic.exe
Token: SeIncBasePriorityPrivilege	1432	wmic.exe
Token: SeCreatePagefilePrivilege	1432	wmic.exe
Token: SeBackupPrivilege	1432	wmic.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 1212	3508	chrome.exe	83
PID 3508 wrote to memory of 1212	3508	chrome.exe	83
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2976	3508	chrome.exe	85
PID 3508 wrote to memory of 2432	3508	chrome.exe	86
PID 3508 wrote to memory of 2432	3508	chrome.exe	86
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87
PID 3508 wrote to memory of 2216	3508	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/E9dkGYjQ#72JvqGL1cLWg8XIiOR5Yoe9tYq3texD4ubT5e0locM8
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d5ad9758,0x7ff8d5ad9768,0x7ff8d5ad9778
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5708 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5652 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5972 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 --field-trial-handle=1896,i,1309893272131888321,14332539188260392656,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Users\Admin\Downloads\GtaAccGen.exe
  "C:\Users\Admin\Downloads\GtaAccGen.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4928
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4876

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4132

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3236

C:\Users\Admin\Downloads\GtaAccGen.exe
"C:\Users\Admin\Downloads\GtaAccGen.exe"
1⤵
- Executes dropped EXE
PID:3320
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:3392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
ece9bb32e4881bdbf3dd2f7728e2e9b8

SHA1
5ebbc3821a3173120a1f6fb5f2fb15a090ec3c23

SHA256
2275d5593331cbec67741ce86ddac3fd3f0f6b56ac74dade4ef3f88f6110e69f

SHA512
ae07214d3931dcd3ece730fb81a33b0a1e0553af91fbad94705fe77790d3a6c7a99f65fab26b7c62daf8d6190c4cb0920cb7bfd7a3ec3de8d2c16553537d3095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
d5302fdc207264ba527671edf553db2c

SHA1
59cb2c61f1217dc1f3080cdb9ed365d47e7b042c

SHA256
8a86d60c15ca35dbe803245ffb79c00ae4e3f7cc303bbbd999398f54292e59b0

SHA512
a1184731bedad45c6f486da9602c15d0a2af2becebe849faab9c4d2135378de084d60a6bff440dfadf0434ec3051b439b515fcd1016487e9bd4a3ee039cda28c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1bd8c87d9a65cce68de0c24cbb3b22f4

SHA1
23a82b32074391bfa2129c02263eaa15a1615254

SHA256
dd83f3f992f222c236527873859fb2c1995b421d6e1ff32af58c3513b290b56f

SHA512
fc8f9e4836df193687e3009b31e5c3be06ff354b9bc1217645d617b943f6ef0e7eccd2962d068b94dae7e8e7ec760921c55182ab185945a746e8228a102242b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c4824f6c812c982914317b69d9ca75e2

SHA1
0a7643597ddfbb706e88677f1d4ff1d07269259c

SHA256
b8efd86e94f54ada1badec62bd247236d88b4d0e7d8595d36886cb9a3d369964

SHA512
9b2c35045fcaf6ecca46d6473f1f7a4be6610ad2decd9839d26dc28cf48ad24c8495a69f3af1ecad12681521230be2f2aeeadf3c606ba9e8cf5f5b724a20c19a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6e07e646a23e896ec9838209bb24c51d

SHA1
142ea74319e23fdc281d8c677d5436dca539da9d

SHA256
61b69492d8127e855b77609eb694440b3081dd781a6a48eb55c03a859a386593

SHA512
53a75f976222784e5d98b8e4c7d188850d9963824bca68cf83f5a0060bbf8eb7f01ca99584810574de126a821b7ec6f2dc8d066549a6e596f67c2f47ff52b180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d8bc.TMP

Filesize
48B

MD5
52bb7afff369eb21b49c7d5fe8b170bd

SHA1
366941f4a88cc0fc6df4b40d27eda424681b238a

SHA256
fb53842aa035fc85ff5fe8d702a4d5a02857321d4f1a042dbccae3753d47fa50

SHA512
d0617c098f6b63a269335a2f85ebeaa1f9a3277641a7a44e7f0f6ec14da4ec15ac58af0ab213239d40f2b6e09d863128d4447498de3c5c2e13b46ceaff743f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
014219a2a5b83fd561b1ebaec8bac05c

SHA1
364a42697522684fe81c9a545d05d0cb83613877

SHA256
30503bfadbc263e0760ef0192f717ca75cd83f31209a6e51ace468b611066d76

SHA512
208e51013de9babd0c0f0afdf2072309d09734aef018d996b65195bdf37d133b9e4644c892c1aa4f2ca92ed25d9e4b2d5310a3c32a7424bd594d36106e93ead2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\GtaAccGen.exe.log

Filesize
1KB

MD5
8094b248fe3231e48995c2be32aeb08c

SHA1
2fe06e000ebec919bf982d033c5d1219c1f916b6

SHA256
136c30d964f4abbb5279bdc86d0e00578333782f15f05f0d2d050730dcb7a9bc

SHA512
bf27a3822008796370e2c506c910a40992b9240606ea1bc19f683b2fee86b81897660ac0cf8e746ca093dae9e408949e2e9002ded75678a69f020d3b0452801f

Download Submit
C:\Users\Admin\Downloads\GtaAccGen.exe

Filesize
228KB

MD5
05a33ea7d85b6d6b8e33a599ec2faf16

SHA1
97e518884e7b550d0cb602c02a4fc6dd329820d5

SHA256
9b7a87ec1c2e0a52ec50a4ee23eeec7cafa6d6553f96ddd2e30405652a7cb0b6

SHA512
092913f6bd0ca504baa9901a94ac97abd6cc56dedbb4c7d8a3aa5f73e49953cab235620fa4c9bc05f87ba61e04ccc65f41b83c30c59119292fa9ee6f1740a1ef

Download Submit
C:\Users\Admin\Downloads\GtaAccGen.exe

Filesize
228KB

MD5
05a33ea7d85b6d6b8e33a599ec2faf16

SHA1
97e518884e7b550d0cb602c02a4fc6dd329820d5

SHA256
9b7a87ec1c2e0a52ec50a4ee23eeec7cafa6d6553f96ddd2e30405652a7cb0b6

SHA512
092913f6bd0ca504baa9901a94ac97abd6cc56dedbb4c7d8a3aa5f73e49953cab235620fa4c9bc05f87ba61e04ccc65f41b83c30c59119292fa9ee6f1740a1ef

Download Submit
C:\Users\Admin\Downloads\GtaAccGen.exe

Filesize
228KB

MD5
05a33ea7d85b6d6b8e33a599ec2faf16

SHA1
97e518884e7b550d0cb602c02a4fc6dd329820d5

SHA256
9b7a87ec1c2e0a52ec50a4ee23eeec7cafa6d6553f96ddd2e30405652a7cb0b6

SHA512
092913f6bd0ca504baa9901a94ac97abd6cc56dedbb4c7d8a3aa5f73e49953cab235620fa4c9bc05f87ba61e04ccc65f41b83c30c59119292fa9ee6f1740a1ef

Download Submit
C:\Users\Admin\Downloads\GtaAccGen.exe

Filesize
228KB

MD5
05a33ea7d85b6d6b8e33a599ec2faf16

SHA1
97e518884e7b550d0cb602c02a4fc6dd329820d5

SHA256
9b7a87ec1c2e0a52ec50a4ee23eeec7cafa6d6553f96ddd2e30405652a7cb0b6

SHA512
092913f6bd0ca504baa9901a94ac97abd6cc56dedbb4c7d8a3aa5f73e49953cab235620fa4c9bc05f87ba61e04ccc65f41b83c30c59119292fa9ee6f1740a1ef

Download Submit
memory/3320-367-0x00007FF8C1EE0000-0x00007FF8C29A1000-memory.dmp

Filesize
10.8MB

Download
memory/3320-368-0x0000029720480000-0x0000029720490000-memory.dmp

Filesize
64KB

Download
memory/3320-369-0x00007FF8C1EE0000-0x00007FF8C29A1000-memory.dmp

Filesize
10.8MB

Download
memory/4928-337-0x00007FF8C2C60000-0x00007FF8C3721000-memory.dmp

Filesize
10.8MB

Download
memory/4928-335-0x0000012BF6180000-0x0000012BF6190000-memory.dmp

Filesize
64KB

Download
memory/4928-334-0x00007FF8C2C60000-0x00007FF8C3721000-memory.dmp

Filesize
10.8MB

Download
memory/4928-333-0x0000012BDBB40000-0x0000012BDBB80000-memory.dmp

Filesize
256KB

Download