umbral | d94fca1806e2fd56a8d56dd4599ba69f39633a0247b78922773da7504d51cf19

Resubmissions

18-03-2024 14:39

240318-r1efcsbg4x 10

18-03-2024 14:35

240318-rx8vssbf81 10

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

celex.exe
Size

227KB
MD5

f16dec0bdfdb9ae71b1b410c6ed815ec
SHA1

10077d4bbc449011fdebc06810fc2196873eaf86
SHA256

d94fca1806e2fd56a8d56dd4599ba69f39633a0247b78922773da7504d51cf19
SHA512

3b9d0b195eb8348fb44739d9a703228113c9810f50e9d145eaac0e8642dbac9435b593be7f982f4b0c041b6bc635b2b14da5fcba577004e3e25f77a2b7ad071e
SSDEEP

6144:eloZM+rIkd8g+EtXHkv/iD4oAWfecjfUQ1gevPec5/b8e1mPi:IoZtL+EP8oAWfecjfUQ1gevPecNR

Score

10^/10

umbral stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral2/memory/1236-0-0x000002BDE2CF0000-0x000002BDE2D30000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133552461851577571"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1236	celex.exe
Token: SeIncreaseQuotaPrivilege	5088	wmic.exe
Token: SeSecurityPrivilege	5088	wmic.exe
Token: SeTakeOwnershipPrivilege	5088	wmic.exe
Token: SeLoadDriverPrivilege	5088	wmic.exe
Token: SeSystemProfilePrivilege	5088	wmic.exe
Token: SeSystemtimePrivilege	5088	wmic.exe
Token: SeProfSingleProcessPrivilege	5088	wmic.exe
Token: SeIncBasePriorityPrivilege	5088	wmic.exe
Token: SeCreatePagefilePrivilege	5088	wmic.exe
Token: SeBackupPrivilege	5088	wmic.exe
Token: SeRestorePrivilege	5088	wmic.exe
Token: SeShutdownPrivilege	5088	wmic.exe
Token: SeDebugPrivilege	5088	wmic.exe
Token: SeSystemEnvironmentPrivilege	5088	wmic.exe
Token: SeRemoteShutdownPrivilege	5088	wmic.exe
Token: SeUndockPrivilege	5088	wmic.exe
Token: SeManageVolumePrivilege	5088	wmic.exe
Token: 33	5088	wmic.exe
Token: 34	5088	wmic.exe
Token: 35	5088	wmic.exe
Token: 36	5088	wmic.exe
Token: SeIncreaseQuotaPrivilege	5088	wmic.exe
Token: SeSecurityPrivilege	5088	wmic.exe
Token: SeTakeOwnershipPrivilege	5088	wmic.exe
Token: SeLoadDriverPrivilege	5088	wmic.exe
Token: SeSystemProfilePrivilege	5088	wmic.exe
Token: SeSystemtimePrivilege	5088	wmic.exe
Token: SeProfSingleProcessPrivilege	5088	wmic.exe
Token: SeIncBasePriorityPrivilege	5088	wmic.exe
Token: SeCreatePagefilePrivilege	5088	wmic.exe
Token: SeBackupPrivilege	5088	wmic.exe
Token: SeRestorePrivilege	5088	wmic.exe
Token: SeShutdownPrivilege	5088	wmic.exe
Token: SeDebugPrivilege	5088	wmic.exe
Token: SeSystemEnvironmentPrivilege	5088	wmic.exe
Token: SeRemoteShutdownPrivilege	5088	wmic.exe
Token: SeUndockPrivilege	5088	wmic.exe
Token: SeManageVolumePrivilege	5088	wmic.exe
Token: 33	5088	wmic.exe
Token: 34	5088	wmic.exe
Token: 35	5088	wmic.exe
Token: 36	5088	wmic.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe
Token: SeCreatePagefilePrivilege	4432	chrome.exe
Token: SeShutdownPrivilege	4432	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 5088	1236	celex.exe	93
PID 1236 wrote to memory of 5088	1236	celex.exe	93
PID 4432 wrote to memory of 1504	4432	chrome.exe	111
PID 4432 wrote to memory of 1504	4432	chrome.exe	111
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 4024	4432	chrome.exe	113
PID 4432 wrote to memory of 3328	4432	chrome.exe	114
PID 4432 wrote to memory of 3328	4432	chrome.exe	114
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115
PID 4432 wrote to memory of 2896	4432	chrome.exe	115

C:\Users\Admin\AppData\Local\Temp\celex.exe
"C:\Users\Admin\AppData\Local\Temp\celex.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5088

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff14059758,0x7fff14059768,0x7fff14059778
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:2
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4624 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:8
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2860 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4860 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5384 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5572 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5772 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1128 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1764 --field-trial-handle=1932,i,1613203252454439802,10894082045873653182,131072 /prefetch:1
  2⤵
  PID:4424

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
30KB

MD5
14714a5bc8bbcc1bfa05219e80a410b9

SHA1
692d05a0ccb9f98590f68a66f57b8f751291d44c

SHA256
05a43f3e84b7439b3d5e193079c665dd46ba639a69f4ba8c5819c89294e5e6a5

SHA512
9b493790caa175fe72b477f7cb4fbdaea0c4eaf03f41abe6498ee54fd0368e66a454703918d84bfccc2eca2f40182d7440eba7ca8b018695a6c4e1d110dc361b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
f4adccf8af3b545cb85256dffbe052a8

SHA1
446fbd5879231c26f6eb04a2f030b311babf2b97

SHA256
e6c989ddf612eb33d96b6edbf17c75118183a3d021d135528a110706e1bccb9b

SHA512
2c7a6d292a9ba4241aa09c68004148f55a831889edc593c395eca9e5ad14a30e3657f6688b68d6f60fa69445c219b79c6ee27d9c13049db90753c0b67e954f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dbaeb63131d279db8891519400f9da86

SHA1
e39347105ccbef7dc943651989dbf71bd1a83c92

SHA256
91e603aa8d9e12613ae8f3fd719ec150a5e3838869d23f1155ef6c6f2870d558

SHA512
591185ed428cbd45adb546aa74982b10ab22e692f297b2b83578817502104cb4587e0283fa5255e9a00f30b75b6634c9516621efb18d4ff77cf3867cd6ca82d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3f7c427f9d352bf93f30524a758d8682

SHA1
ae0199b9892751fff8275c0f9139e19c1c3c9e6a

SHA256
e9d6044e07f09f16d64ef8d3b8aea095d390d322788f8f40ec3f178725a92919

SHA512
c51d90d5293d1491d83ff341f71e66b38ee69a7f69b9315ce9c85040d30a4d9a7f35d20a44e69d224f39debe7443c4352f915ffb6ca2f0f7137514af16d5af85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
ebd5fb916321577fbea91d92d87b0794

SHA1
89c1ec3099fc556f03e95a9ce55062a117169fa9

SHA256
1b6166f748ca42f7ba6923e47e7fe5599f3ae85332881b4181288b92cbf466fc

SHA512
a5ee514a184804d5d79af5d925ac74b7deacf9d8f9299f324a8113ed778bd2b687bb06461846a8dca94d1e41e89bf0181f797497617c8154cd367f927dbe317d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
9aba8bb5de11ae2c8bb7febc0171152f

SHA1
268f523dd6b1d068c2d3e92e44028dfa968c25e8

SHA256
41a8f0b09f66278aaabf08a23399c084f3466f6ec62f81f5eee5729eef5d28b5

SHA512
81e12d9be627c86ac27e0c79875bd8c2694b981662314cc757834cf2ffef9b229796c86daff34dfa522875a45a7efe21f7d146d109c9d01ac4ae9ef41c839291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
3e512a9b7484fdbf4b648b88dbd01372

SHA1
89ceabdba7d5041af8f3e2762b8c7d2b7e2fe3b3

SHA256
d2e33e4253d3c3fe89b43f2af18efa392c98d1c588542d9540ab51369320a469

SHA512
1dae7efce4fe8a8663a5ecbdeac2fc9cc175b810b19a5da30175bc57c2b4186c2d6fc4251f3c58f76c263577fd85f7e4fe1642f07928e3d9f748dc82e6b9e8a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
d11021bc7cc8a017b9a7f3032e7c4941

SHA1
764afdd0990ae8f52d49216502b8771779a17289

SHA256
4e757ec06bb92cf7426129b76e5ba1b35da7c75421615bd16559533d766cd090

SHA512
4e4c3bc095cfa6d185ac19ae875f6e2ecaf5ac453b58e283334daa30a3928a902d0e98e8cac9195e975cf7663fb84fbfded3bc1c936653851e79882b0d30895b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f7db8a38b2773dd5fd81a94e3c45daf8

SHA1
60fb404cee29939a49bcc3b0720aed7412b54c42

SHA256
f984bc70389deee063e1bcfbe55334691ba244bb0359bba37bc1975a6cb13d98

SHA512
501020c8d716d9070f4580f1e4fbfbf01acb1e8ca35d25a1131535505acd12bf704a94c43c8b14fcf479cfd9f216c5d6d52ff91056e26dd9b84ce04eeb964c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
64edbd0e7ec0a0a0fb17875f7917a77d

SHA1
b54d72fc82d54e3f5e3f259320383f547c1ac442

SHA256
551af33c9d6cdda4be2711d0ce18addbc25f77b7cb5196c4cc1614f6be3f42d4

SHA512
4bcdb4182802bf6fc016251104bb51e2914a40f896c677ab1bb3c924ffa7f7979dddec3f610fcb708c7adcb6c705fe6528333359df52ab4a129dc37ef561d0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3ce83d2dc9b7b9c527fe447eebe92b50

SHA1
ee3fa57133da236505c08de556a5c4a824fc3d2c

SHA256
b892ece922b60f13cdec83054bd6733f37bd168c30703ba831db6e3c3710b7de

SHA512
27109f55a1330785dbce58a409e7094481f1433fe1f9084f7f7aaaeb81ece49527116de2ba49e8d0dd421fc8c05700969f93ad5cbd6c082dac140f28d972553e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
437fb2ddd3439e9af1776fdce4aff388

SHA1
616e43f85da517ded7d8edc6eafa8ea490dff7c6

SHA256
9e4cb827209bdbc22047b774362bd7e2c941aa302ff5ce0d1d07bd7b690af411

SHA512
5ca49b35c72a873ea6d5a669f9688745841015da7b54a0b6db6ecd8b9dcd18159b66c4614319db81f1eb60a5f8fb811b2379eb0730879394e8b038edba16e140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
703caef73995e73e4d7873e4e2f6b7c2

SHA1
ab7538b47486336a410d869b33111655dc9c2f14

SHA256
64094f12acefb0fdeece0d5b510066fef4aa14f3240b027fced9a8e45aca05cf

SHA512
df29dc111e7d6a843885a70135b57c88c9dfdd870e00ae73d83e5738ae0e6bdd55e3793c36c8b8236f187de19d0d88438151ddb1a820229c7a31159e27a169d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f0893ee08b84ff706a110974611acc8f

SHA1
edeaad7d5dfb45c365fad5ae88f8e56718c4b5eb

SHA256
31218253dc96b73ea179100620f5b1e1328b09320dbfe8a38c12ab18d52da00e

SHA512
fdc26b2fca0866ce977c89d323f53966ca89c6e38e8bc671a33ac0e569cce6ecff2e347f7c4bc91852a570a185195ddb044c603e2ad8c1e06cb0da0eb0d5dd64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3bde791db8121c7e048df5d7439671e3

SHA1
80b896414a86c2cbd60223a7709a0f1d2d8df023

SHA256
fef68537a31ac7770fe35640f3130e38f0afaf57e4d58f8d27e8cb0618d8fe72

SHA512
0b926a02c49c1045d858e75dbfc6f7853b8eae321bd5d8e91284b783348109e8339642ea14301148e6ff28933f217364fddbb64ce091eea8569a8980bf785f36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
f272c8ed6ae6b131271467c3f3bb6d49

SHA1
efe42aa89acf7735a3e734552e0de4c63d006077

SHA256
04abbb89b267f480a37916cbc91961f44291553b47dc6ee57f969157c39f38c3

SHA512
3df7a93b7410941356f1cd0cec56f7b268c5cbb56756060416b1852bd9648e5f260c16cae8a6e665bbf25fa3ef5d7599f5a0e4ac4b13cb432f3c4565c9d4f03f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
e212b0c293b42520d4bb65cb7089614f

SHA1
6c27d9bc2e55af49b5990abc8400c32ca7c30461

SHA256
b44c183dc2b110c130290b3b465c49ce0e78ec805d880519f69c5bbc65ddc5f6

SHA512
4a9cb8089a828ee3a093915354ecc41e45bde88fcbfc1591cb48042f3a83c2834445f3a29e2e68820163d0b9acd3e3b860e673a34c405c20b80f27805d2b0f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1236-4-0x00007FFF152B0000-0x00007FFF15D71000-memory.dmp

Filesize
10.8MB

Download
memory/1236-2-0x000002BDFD1C0000-0x000002BDFD1D0000-memory.dmp

Filesize
64KB

Download
memory/1236-0-0x000002BDE2CF0000-0x000002BDE2D30000-memory.dmp

Filesize
256KB

Download
memory/1236-1-0x00007FFF152B0000-0x00007FFF15D71000-memory.dmp

Filesize
10.8MB

Download