hxxps://aspectcheats[.]com/

Analysis

max time kernel
749s
max time network
725s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aspectcheats.com/

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	AspectLauncher.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	AspectLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	AspectLauncher.exe

Executes dropped EXE 1 IoCs

pid	Process
4100	AspectLauncher.exe

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000700000002341e-111.dat	themida
behavioral1/memory/4100-150-0x00007FF644E70000-0x00007FF645A32000-memory.dmp	themida
behavioral1/memory/4100-152-0x00007FF644E70000-0x00007FF645A32000-memory.dmp	themida
behavioral1/memory/4100-193-0x00007FF644E70000-0x00007FF645A32000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	AspectLauncher.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4100	AspectLauncher.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578320156731743"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe
4680	chrome.exe
4680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2404	1540	chrome.exe	85
PID 1540 wrote to memory of 2404	1540	chrome.exe	85
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 3608	1540	chrome.exe	86
PID 1540 wrote to memory of 2984	1540	chrome.exe	87
PID 1540 wrote to memory of 2984	1540	chrome.exe	87
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88
PID 1540 wrote to memory of 2936	1540	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aspectcheats.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb12bbab58,0x7ffb12bbab68,0x7ffb12bbab78
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:2
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4372 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4740 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5192 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5240 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:8
  2⤵
  PID:3804
- C:\Users\Admin\Downloads\AspectLauncher.exe
  "C:\Users\Admin\Downloads\AspectLauncher.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 --field-trial-handle=1864,i,12445755178013972894,8581381079475905741,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
430b2a5369acfacf7aa95212f22ffd09

SHA1
577494dd8e40e9fb3a55e048590e55d393e9f362

SHA256
28d3fc5c53d265c218e1a3c58b2d155dcc70293b897bcc31d89d75c66d2aa076

SHA512
9d6a5a35b8a7f4d30b92d2d0c6e9fb6732ab8165810da8ee141db9030fe32ed6d708f4bf42f007d3c75b29ea1b32007c5d4b83edc629c1861b5cbfd75b1937ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3cd43bf844ee891cc9551ecc21295e44

SHA1
f8c72b1c331bd857ad70e568477fb72f89796161

SHA256
619133c52bf264bbfc0485180fa8dcd1306ddf5dd9c654f8e6360785916b2bc6

SHA512
0b7389711e983842f060924430965138c59080e773a03ab6924cad9ad25559622ef89cbf28d516804fc7203615d3025bb4a5edaefdf847a797829fe8d088b8de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
173249d02df4f2d01abfd3a45c88cbe0

SHA1
97050f9a457fefbfd523d8dcb089cfc65159a196

SHA256
ec2b5d3c6647b053fd0eddc7861407519f7f652e9c7ae3f1ddb74d57b2b66b5f

SHA512
2d52cf121c99995549e4ca18b658561de5e481f516f399084052ad53b5611dde4e252cbc431e495347cb3d4d9c01d6b8b025063238f2497fb0ee5298a02db301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
414ad0ee36a016bae3d7dec274138150

SHA1
11de17ccecc4b933012057e780b88590433f6ee3

SHA256
cd45b064be1f6da829fa81a8c504583dc41995e51a56be40214db0f1546bb55c

SHA512
4ad758eb1f31248beebbd239fa16c2ca547bfa3901a365915c60964ce7e1916b2016c3b3a717e4203f923a808cc3f4155010e4e671bc60dc0e50bb59236bb43d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
0aff284256c7e4c22537dddfdb9eb42f

SHA1
7381d91724e60d2defdecb9ab9cef0b9246230c5

SHA256
fdaad2cd13e9f94578c9da7b155f340c1c75fa52e1a330f5b29f1a060f08e57f

SHA512
0649893ffe7c657509e2e5ff66a38478e777a3924c053cdd1e1b055631c2b6530e1c6ee16d7c14a5ed85259a2b7cb1cd0a8d648da42e079bfcd686b809e01cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
721829291e221c8f57afa8445be37357

SHA1
eabb29e3b1097c5b51b39cc9fd3a8c8304a0be92

SHA256
005af49f2a51983099559591134405708d236c7277ad86d1697dd53be8b985e2

SHA512
a4952ddf764e35fb9d01bf97d5f13396028664cb844c53c77fc5381aa106d499eb55cf7ddc9285ae4eb56d6ee73598bcb8172307fd5876dab590929d8d4e8a47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c7b8ff988153eb9f8a6968d05192aa30

SHA1
a1238c591f98e8d49fffa89189d24a4aaa69b8d5

SHA256
969d2163e8b0f20a0e417e71ec3644b204ea8ce6d3bacbb9f526c856e8550352

SHA512
7a94c3f3fb8fdf88b3674722f28900b7875c47ee74ac486a3fcd9cae99dd32f7676a8114500e3c36d6c2113bd59063f9d832ad3e092ad77c9eea2cda4c8aeb00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ef798112c9e3baa3cc8e31edf7c17a91

SHA1
c671a7ab744de6dfa18ab84d7ab04a0e4bfd9f81

SHA256
1bdefcdb1d3877c203e6ed3dd7cba192ebd49ea7abeacfef4cf9908763cc70f7

SHA512
b8de2b8e12375bc407ca09a6c7e489882c3cb43412abc407d7c7736e0fa44951cbfd25efff0d76a8f11cc6ad6162087ef80dd20394af572f79c120a3e64f1a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
173904dc3e1788c5ca319aa4853095d6

SHA1
077ada1b13d72a959925ac64420f97ee07232dca

SHA256
11da8ad0441753b90cd2d9429a4f18d13ce5a387e92edf44285cfd37343d6ab0

SHA512
ccd35700963c0dc708347aa4cfb20c709dfb265ff7cb28110f4c848dcf86f9c61b96b7c0a49e79ceec51cdd39c73825665b702d70c64359212d1d119c884fa05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
df82ad2fe727422feb4f4fa30c13e6a8

SHA1
afe10a763b2470693ab0399af49fe8318a1432af

SHA256
7fdc165de8b603b58716750e2d181bbec7622c31c6d0e1ece0af8463e832df5c

SHA512
a6734711332770ad6c6eca49fe27e186672b2b30592c443df4ee158aee3b972be0728260a6956a0420e97711d7159ad5a4d844dcb4de45b1838b7e60c1763c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5801ff.TMP

Filesize
91KB

MD5
1d5a38b999e1cfcecf7f3c77e5ffef9e

SHA1
324a2fb530c3882afc6ed8ab459c612bcee9fecb

SHA256
429ae6a567539286de5a972059ccc8f4521906b497d86022e810f7a97cb6cd4e

SHA512
5f482ecb309bbb58cd978095c0bf7a45caac7ded0464799528ed0f1f808bb8efb0345003b84bb647c39a0b7f6e45a1be82540736e8a7b86c427233cc1f0387d0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 880270.crdownload

Filesize
4.4MB

MD5
208a481c1a54575d4e78cbb7cebf7dec

SHA1
a385dfd51e22b8da1ceed3be49051ec11a29afdf

SHA256
2927553135a9cf7eeb43953159910394faa48b86ca28912617c353cd145300b4

SHA512
a711bd6fa5948560573b5a4e5d388b0ef9f7826c20bd5607799e66c2109d83f41674adb386748d07c676e92706456a8b1646463952ef4feba6f1867d76844cf4

Download Submit
memory/4100-144-0x00007FFB20B10000-0x00007FFB20BCE000-memory.dmp

Filesize
760KB

Download
memory/4100-184-0x00007FFB21D10000-0x00007FFB21F05000-memory.dmp

Filesize
2.0MB

Download
memory/4100-153-0x00000153F4780000-0x00000153F4790000-memory.dmp

Filesize
64KB

Download
memory/4100-154-0x00000153F4780000-0x00000153F4790000-memory.dmp

Filesize
64KB

Download
memory/4100-152-0x00007FF644E70000-0x00007FF645A32000-memory.dmp

Filesize
11.8MB

Download
memory/4100-150-0x00007FF644E70000-0x00007FF645A32000-memory.dmp

Filesize
11.8MB

Download
memory/4100-148-0x00007FFB00030000-0x00007FFB00031000-memory.dmp

Filesize
4KB

Download
memory/4100-147-0x00007FFB00000000-0x00007FFB00002000-memory.dmp

Filesize
8KB

Download
memory/4100-183-0x00007FFB1F890000-0x00007FFB1FB59000-memory.dmp

Filesize
2.8MB

Download
memory/4100-182-0x00007FFB20B10000-0x00007FFB20BCE000-memory.dmp

Filesize
760KB

Download
memory/4100-181-0x00007FF644E70000-0x00007FF645A32000-memory.dmp

Filesize
11.8MB

Download
memory/4100-151-0x00007FFB00600000-0x00007FFB010C1000-memory.dmp

Filesize
10.8MB

Download
memory/4100-186-0x00007FFB00600000-0x00007FFB010C1000-memory.dmp

Filesize
10.8MB

Download
memory/4100-188-0x00000153F4780000-0x00000153F4790000-memory.dmp

Filesize
64KB

Download
memory/4100-190-0x00007FFB00010000-0x00007FFB00011000-memory.dmp

Filesize
4KB

Download
memory/4100-189-0x00000153F4780000-0x00000153F4790000-memory.dmp

Filesize
64KB

Download
memory/4100-195-0x00007FFB1F890000-0x00007FFB1FB59000-memory.dmp

Filesize
2.8MB

Download
memory/4100-194-0x00007FFB21D10000-0x00007FFB21F05000-memory.dmp

Filesize
2.0MB

Download
memory/4100-193-0x00007FF644E70000-0x00007FF645A32000-memory.dmp

Filesize
11.8MB

Download
memory/4100-196-0x00007FFB00600000-0x00007FFB010C1000-memory.dmp

Filesize
10.8MB

Download
memory/4100-146-0x00007FFB21D10000-0x00007FFB21F05000-memory.dmp

Filesize
2.0MB

Download
memory/4100-145-0x00007FFB1F890000-0x00007FFB1FB59000-memory.dmp

Filesize
2.8MB

Download
memory/4100-143-0x00007FF644E70000-0x00007FF645A32000-memory.dmp

Filesize
11.8MB

Download