3c555b8fcaba578061c7983e777a1424dbee75e31d4bebde1c9b98cc956bf170

Analysis

max time kernel
45s
max time network
47s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
27-06-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Themida Company License Full Activated.exe
Size

62.9MB
MD5

9ca6b344c75aa28af1ef7113b06add1e
SHA1

17d264c555060387f93a773e979e0deea27e04a1
SHA256

3c555b8fcaba578061c7983e777a1424dbee75e31d4bebde1c9b98cc956bf170
SHA512

eb5e3ac7b4449670cae354787373c78f8f93b533eafa7f062d07b9b21fcd3d2805e9765552759aff72dd62a8f074d26a41c879e555ba52f94cfb48c926b233c0
SSDEEP

1572864:Xaw5wAVxhFOQdmh6cxmURhgZp/xyipdDX31gixUdJJqn+MhgWGQ:Xp5wiFOYmV4p/xBHVgixp+RWL

Score

9^/10

bootkit discovery evasion persistence trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Themida64.exe

Checks BIOS information in registry 2 TTPs 3 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Themida64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Themida64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	Themida64.exe

Executes dropped EXE 2 IoCs

pid	Process
3652	Themida Company License Full Activated.tmp
4772	Themida64.exe

Loads dropped DLL 6 IoCs

pid	Process
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
4772	Themida64.exe
4772	Themida64.exe
4772	Themida64.exe
4772	Themida64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Themida64.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Themida64.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
4772	Themida64.exe
4772	Themida64.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Plugins\Examples\Delphi\is-E1ODT.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protectio Macros(Check Protection)\C\Visual C++\is-B6822.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\CBuilder\is-IR53S.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\Delphi\Via Inline Assembly\is-MH30T.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-U90SJ.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Plugins\Examples\C\is-1JT9A.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Plugins\Examples\C\x64\Debug\is-FHTAL.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protectio Macros(Check Protection)\C\Visual C++\is-KIJMV.tmp	Themida Company License Full Activated.tmp
File opened for modification	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\NativeAOT\ConsoleWrapper\ExternalDependencies\SecureEngineSDK64.dll	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\is-5AF47.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\custom_vms\public\is-VICU1.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\Visual Basic\is-AJ31E.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Plugins\Examples\C\Debug\is-9UG33.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protectio Macros(Check Protection)\Delphi\Via Inline Assembly\is-L0VO0.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\PureBasic\is-IGA8A.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Rust\is-EP08U.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-MRITN.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\Delphi\Via Inline Assembly\is-18H78.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\C\is-IIQCL.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-JIO5P.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Plugins\Examples\Delphi\is-83ACP.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protectio Macros(Check Protection)\NativeAOT\NativeAotLib\is-OB6FA.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-GTIOB.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\custom_vms\public\is-DVAVA.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\More Hacking Softwares\is-0I2EG.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\Delphi\Via Inline Assembly\is-H6CA0.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-72BGP.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Plugins\Examples\C\Debug\is-NTQVR.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-CDAUD.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\NativeAOT\ConsoleWrapper\ExternalDependencies\is-5BL9F.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\PureBasic\is-LTJ78.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\CBuilder\is-FVHV4.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\Delphi\Via Inline Assembly\is-BQ3HQ.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-FLDFQ.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-H9FDF.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\custom_vms\public\is-180JE.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protectio Macros(Check Protection)\NativeAOT\ConsoleWrapper\is-RB8SB.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-99K74.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\unins000.dat	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protectio Macros(Check Protection)\NativeAOT\NativeAotLib\is-I6D7V.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-C8A97.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-GIP68.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-KN14B.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protectio Macros(Check Protection)\C\CBuilder\is-MGPPU.tmp	Themida Company License Full Activated.tmp
File opened for modification	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\SecureEngineSDK32.dll	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\iNFo\is-55Q52.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-G52OB.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-9C2LJ.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\is-JM848.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protectio Macros(Check Protection)\C\CBuilder\is-6DVS8.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\Delphi\Via Functions\is-VHR1M.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Assembly\is-1F4V7.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-IS1RM.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Go language\is-5NPFE.tmp	Themida Company License Full Activated.tmp
File opened for modification	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protectio Macros(Check Protection)\NativeAOT\ConsoleWrapper\ExternalDependencies\SecureEngineSDK64.dll	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\custom_vms\public\is-N1TV8.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\More Hacking Softwares\is-0VL0I.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Plugins\Examples\Delphi\is-T6ES5.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\Delphi\Via Inline Assembly\is-LPB60.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\custom_vms\public\is-K400R.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\CBuilder\is-JVR6Q.tmp	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\PureBasic\is-IRVNT.tmp	Themida Company License Full Activated.tmp
File opened for modification	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\SecureEngineSDK64.dll	Themida Company License Full Activated.tmp
File created	C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Plugins\Include\C\is-EJ45B.tmp	Themida Company License Full Activated.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\WOW6432Node\CLSID\{b7c3410b-45b3-a8e5-a082-d545a584}	Themida64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\WOW6432Node\CLSID\{b7c3410b-45b3-a8e5-a082-d545a584}\SortOrderIndex = 0cb2608413d64033	Themida64.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3128	msedge.exe
3128	msedge.exe
3104	msedge.exe
3104	msedge.exe
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
4772	Themida64.exe
4772	Themida64.exe
4840	msedge.exe
4840	msedge.exe
4772	Themida64.exe
4772	Themida64.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3652	Themida Company License Full Activated.tmp
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
3652	Themida Company License Full Activated.tmp
4772	Themida64.exe
4772	Themida64.exe
4772	Themida64.exe
4772	Themida64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 3652	2424	Themida Company License Full Activated.exe	77
PID 2424 wrote to memory of 3652	2424	Themida Company License Full Activated.exe	77
PID 2424 wrote to memory of 3652	2424	Themida Company License Full Activated.exe	77
PID 3652 wrote to memory of 3104	3652	Themida Company License Full Activated.tmp	79
PID 3652 wrote to memory of 3104	3652	Themida Company License Full Activated.tmp	79
PID 3104 wrote to memory of 4088	3104	msedge.exe	80
PID 3104 wrote to memory of 4088	3104	msedge.exe	80
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 1480	3104	msedge.exe	81
PID 3104 wrote to memory of 3128	3104	msedge.exe	82
PID 3104 wrote to memory of 3128	3104	msedge.exe	82
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83
PID 3104 wrote to memory of 2188	3104	msedge.exe	83

C:\Users\Admin\AppData\Local\Temp\Themida Company License Full Activated.exe
"C:\Users\Admin\AppData\Local\Temp\Themida Company License Full Activated.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Users\Admin\AppData\Local\Temp\is-AOSKQ.tmp\Themida Company License Full Activated.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-AOSKQ.tmp\Themida Company License Full Activated.tmp" /SL5="$A016C,64887595,1027072,C:\Users\Admin\AppData\Local\Temp\Themida Company License Full Activated.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dr-farfar.com/softpopup
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe25633cb8,0x7ffe25633cc8,0x7ffe25633cd8
      4⤵
      PID:4088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,109738424462025656,1505847305975874504,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
      4⤵
      PID:1480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,109738424462025656,1505847305975874504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,109738424462025656,1505847305975874504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
      4⤵
      PID:2188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,109738424462025656,1505847305975874504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:1008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,109738424462025656,1505847305975874504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
      4⤵
      PID:4072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,109738424462025656,1505847305975874504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Program Files (x86)\Themida Full Activated\Themida64.exe
"C:\Program Files (x86)\Themida Full Activated\Themida64.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Themida Full Activated\TMLicenseA1.dat

Filesize
7KB

MD5
5d81c97e2dd1236caab00d1636b90573

SHA1
f400e9e498cff8169cf3a37588cbc84e2cdf2a60

SHA256
8bcd59eb8fbbc536440a4045cd22c70c5c667bbe1c8ede4bc7fbba16068b8c8b

SHA512
2edafd3b9a5f52571c430cc6ddf812d2e897423aec059ecb65a6ed716525ec8175377ceb65c055931fed9654f8a6ea20100c27d67627b232edd892a61c50bda2

Download Submit
C:\Program Files (x86)\Themida Full Activated\Themida.exe

Filesize
30.1MB

MD5
ac042d817ab8b22903efe5168fdccd95

SHA1
a077b86df99fc2a88333c567a15885674aa65157

SHA256
eeee3378a756b15377c1443b32ad02ce743e4be1d802a21857b1b51ccefd8106

SHA512
152831fd4c40274723243a4df73321b2439add43b99c44f54949e3ccc83a202b2caa2fd5742eb5c5382de74df76f116c3ac352c4c04c648dbb7208558a1e8c54

Download Submit
C:\Program Files (x86)\Themida Full Activated\Themida.ini

Filesize
49B

MD5
d2330e246ee53d981cb580eae3cdb437

SHA1
f275e11374ed3d16b31f6c2bce4b61d39d3a87bb

SHA256
168ac3732633b0d4484764540144b43824f8973212ae19728b043dbc06b6dc35

SHA512
b81c3bad56f311eae63a5d2f45013797e9cc8fd3d6a8b603428c976267276e3530c67577a24c2fcae95fc7cd5a31bd8ee5c4bb90f3eab152efbcdc6305942b67

Download Submit
C:\Program Files (x86)\Themida Full Activated\Themida64.exe

Filesize
30.5MB

MD5
e0f0db8d1fd2c9a277f8e968977fa684

SHA1
ae23b1e880bfade564e44759d01b965fda1f15d3

SHA256
0486a1c12b05214b01ecf642e4c9c0159a767e507a4472cf8fda68deefe02786

SHA512
347cd8dd2c4c5e9e84d111a8ecec77372e409aaa85c21f2c26ccca013467fad524d34c4ed6bc82386b5fa7eafe83531c0c81d63490b64e972cf68ce0001a1d9c

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaGuiSettings.ini

Filesize
5KB

MD5
db187e646fc9d4c201fa2ab7d5720099

SHA1
6466b3b6cae339583d6d21efa27b91b8bb2f1c48

SHA256
684d3b9e8125a21765550c2a30b14145b8e0b707a371290e6f801f61e6965214

SHA512
afa43cefa733481a9c52ca16f2c184bc9df4047afc21809dfacc4ec749fa78d5020165a0c313a751b80a15913a6ea43c337158e2246654f02e4d4215bdf70f5d

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protectio Macros(Check Protection)\Delphi\Via Inline Assembly\is-DU1RG.tmp

Filesize
766B

MD5
b2bead7a8f94a1f60602c24134eb0918

SHA1
1ce25697fa205e4cdb5f8ac5d64ee23a9bb6e183

SHA256
825a023b7c300661918e9ea03cf5d508f27a6a9eb6e3770e9845cc17304c5bae

SHA512
aab4227012349a4ee09b111f1f0fae2cfc5af41b6208d3697b006195ae0a4669f5772f3269ffab2a756798002b66175f39dd532e5faa9599f9fcfdd3443e8e07

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protectio Macros(Check Protection)\NativeAOT\NativeAotLib\is-UEL0R.tmp

Filesize
28KB

MD5
6d8722b257230e3f691197715ec2b4b1

SHA1
bf141f3aff5b5e1cd2f02a5d81125931ba4a842d

SHA256
175a75ca524b269b25fb5144dc0abb4ac9b1673852df3abfbd4f6c449e01827d

SHA512
b6d077c57780ab6d58649cee36a1016573adfcafcfa8c823297a19f8bb1d1ea0c1b613044076bcd805a0c18dc37a78208ebaa4d0e19c192b65415028355f1069

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\CBuilder\is-JVR6Q.tmp

Filesize
51B

MD5
57f2b3b109407d3960a67d63f233edca

SHA1
a8d2eb898525df24c20faad482700e787252f2cf

SHA256
8b69bbbd2d66c190368104ae96efce2329d3543372dbd7b89ec393068519526c

SHA512
68ce597ae8288e45e0d1b4aab2a0897a1cf20dbe74f0525b2bdf42f5aff3741ffa3b95f91c6b47f5d75c638e6f3c259a8d6d7d98327fa8ca18fd9bfcbd42ec65

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-0M8DB.tmp

Filesize
4KB

MD5
743840db22036c0e8ba7715d00435daf

SHA1
fa279c02b7650ec3954061cc5b2672aaaa3f90c2

SHA256
567fdc866f0f5f6933933945a827094bea6aa2cdc3b1d1b0635b093b9d237e3e

SHA512
c13d06eee652f47c953fa76d13662fec3c1ce0413bdf9d5760f1d2eda2f4c9a3314ceb98c63774bbd5f897687b048c94971fb09b2e4ffbf601c5e20bc3454cc3

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-1LTNF.tmp

Filesize
545B

MD5
a675bc6625359e27740535f335484f96

SHA1
1cd7e7b530f52dc5415e7a79bda580ca97966da8

SHA256
75e13695fbcc5c68c9ddc3cec62bb503c57379be5bf4688aba16d8c13ce948a5

SHA512
92a76aac68df7c9b29943a33d1eeffa4b3b70fe739c2dd7d8d896a9356f16619aa2416a2acd200c961f9915afa4e67952ddce8e74dfaa303c5b776b20629d947

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-1VETG.tmp

Filesize
318B

MD5
400a96dc12b5c76c8aa7d5f214333b07

SHA1
7ed821ed1f16b673e1374ca922fd4dd1311208c4

SHA256
39b71ad96ff7062d1f97c48475b1933b83b3e2e43a0f2e9d46e007238f8c9a26

SHA512
9136cbcb0f6a907aaf4795c3dbf1ea8d450111c2bc23e39d6acd4f50e55030e730222db2a0825ae46aad1f1fbe22cdf8e72d9d9e2cb7983ffb131124b3b6ed0e

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-5FMAT.tmp

Filesize
936B

MD5
d8f70756fa63b48d342c78b5696637c6

SHA1
e9184c387407eed091a3d69b0cf390e30a88e824

SHA256
6d05d8fd8c979597d06351a0757d3e9feb68b746f81cc9237235df68555e0c0b

SHA512
162a54b745ae13d3c58622e2503d7f331e373db4b805dae5898023df5efb94cc130c2ea05fc1f8c71db9847fcbcd0ef2fee8c0cd7e478a55c56ee030207e2f86

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-CPN7O.tmp

Filesize
1KB

MD5
19922f225c3014ca446e0325326c0068

SHA1
025feba245179f2c147c097f02934cabc2cb4531

SHA256
71a2e62811dbe3f22e5ada74408c0dc169a99e0da337d6e5bec510c94afcec88

SHA512
1598e250522283ac11014107ca39cda835c84a104ede82f499b7f25114d433d74f679498d6e9ed30b51d643281940f386d9a9b48de2ca872b34efff8bd83f358

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-KRJ59.tmp

Filesize
338B

MD5
059fd006cd016709382a8fd21a2067f1

SHA1
f2b7f4f4240f4949af8fcf6fa8ed2af101649fb3

SHA256
d1ca36fccfbc2850c88ea73ddcc3b1b55ce52ba54fa01658bea0fd8ca2a15df0

SHA512
43a1410d24d65659e02a5fb3b9468aad9e339dfa6b1ba7f295a6dcb9f20454252e3350b025840461511e0bfcd0fe8e32550fad8505731d490cd68bfd4354053f

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-L37T6.tmp

Filesize
297B

MD5
655e31044e0445feffe7a5431654759d

SHA1
d010fcc7e53f1bb161cd8a8860a6ee11fbc6d2fe

SHA256
e3ba7a5bb80289f2df81dd97ec6deefe6ea7f4deaaeac4f6fa74d9227877b336

SHA512
4ec69dfcdb050a706c2ed964a8067c7ef8e676f5fc1d5b8ba37fb6d9e63661ae4b7e1c29407df39d78094dbf3c3716641a290b29f5a0041379a50fcaef7d3d4d

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-LVSIJ.tmp

Filesize
1KB

MD5
ce88316e8b1c5dc5991d1b2682b4af93

SHA1
756a3c177a7c9ebabe00d76208824dd139707435

SHA256
f4036cf01997162ee1728dd141957b37b1ba7d1f7c786a9764429803d96c459b

SHA512
0d425cff8265ed0fb4807872558c0d49a0e704a08b91c5e95e4caec323e0837b29ceb51ba238be789e7401192cee86c588062f0a6dc5d1565d331652248f713b

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\C\Visual C++(via ASM module)\is-MRITN.tmp

Filesize
1KB

MD5
c4bbcfe5b406731ab962766cce03047a

SHA1
eed97d3b25f17c017c40f45b532ac8acf34cd6d2

SHA256
126cfbe2503ebcc23b875b627d38f25f5ff65647bf0ea978c6dab52c5e2a2de0

SHA512
5554729a57f8b1a3de5e9a2a3f1b4eb53bff5d8ea18537f04078367283396b7d39fe15e3f15126d34541c4064595d9e2b6f9a7c3cd297dfae1cbd22c0dacc92c

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\ExamplesSDK\Protection Macros\NativeAOT\ConsoleWrapper\ExternalDependencies\is-5BL9F.tmp

Filesize
13B

MD5
c4d8a57e2ca5dc5d71d2cf3dbbbbaabe

SHA1
0d1f7c04669ca1989ea046d30a13c8a03252aa8e

SHA256
1e80e852ddd2372d676d70b3e21fcdb64b81296995e834e9bab70f29c78a5a53

SHA512
7b75e580779c3f071f6a1a6431bb55be345852dc0171be2e0f55d7c133ed93441a8aa486c379ac15454708a26c85b5580d796f354731b95eabee43fe25487e80

Download Submit
C:\Program Files (x86)\Themida Full Activated\ThemidaSDK\Include\Delphi\is-CVTQE.tmp

Filesize
84B

MD5
1b6927de492d864c686ee9339a07dc02

SHA1
8ad9f7b6423cdc5af012ccd6dedcd5d660a3b80a

SHA256
3ab3b6919efe515076288307d0f0061e5d6d391bb9749d6427c97c49b728a919

SHA512
336a600aa19e84cbc9d600b8e08a41f930bf571f8e5da4550e59212381001fc2bb0925107d34226eeffd557ab15b5b5aeb3b075b037b53b24ad3d362053b00d1

Download Submit
C:\Program Files (x86)\Themida Full Activated\VCOMP140.DLL

Filesize
135KB

MD5
6b2739f7a5238c8fb4442355dcfdbb0d

SHA1
eff490909fbea9a3f6593fbf401f797730cea8eb

SHA256
41db8ab344bde359137d6a7d5be5dbf79c4bf2b52d8263c4fad3eac525606ab9

SHA512
f061a61ce4dbc499afbb8f18c2f2af5fd56286399253aa3e2ab86073e22148c56a044167acae81856b48cb03c4cfd060c8e1b74eb958083d182041a7c3e1ea89

Download Submit
C:\Program Files (x86)\Themida Full Activated\WinlicenseSDK.dll

Filesize
214KB

MD5
89cf33cbe62f8b7c15d0cb47d3ae4ffd

SHA1
81ca15044476606cf5ef13a1372c6f5e06ba2eb2

SHA256
9063dc5b7a3e57fc94b8b753e4aa869efcab683637776335f5723c4140a751e3

SHA512
b8e39e3d55482c707f54f491a11e7f9fbd9f5aca4439b9cdce164b595f0cccb176134d716bbc3f9e29acc856cf6351319769cf3dcc159eb0947912ddd451b8ce

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\dolphin32_black.vm

Filesize
2KB

MD5
a6e5aab0dcdfea5f936403b3324789ba

SHA1
29a03a6c3975d5a41b08c0875be7c8773f0624a4

SHA256
6a50fea38830733aa18b284ec00a1d4a87ac8c185baa4ee39745190e8c40e149

SHA512
5cf15f4a03b13fe66071238669eb9b05d7f5a41d2e0307553d0e2bc4a05df4c62369f84db288065774b43e9895477c59310a32a6917e174fb5ca0bd58f5a98bb

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\dolphin32_red.vm

Filesize
2KB

MD5
5fb70e4f810d72d77071819b61db071d

SHA1
a3791a36274e18608da1b6e27c07e5d80b6768b4

SHA256
f0191d6e1cacd7ba63d0af17de2da992f343ce6b54b1072f33218f5050010ccb

SHA512
c8217829adcea509a445f85c3e34d699a57ef222ec46f092b1dad8ca65b133d504865e65dafaac973c1c44aaf2114d0a67056fd9c940ca15910dac4ae6d3175f

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\dolphin32_white.vm

Filesize
2KB

MD5
bb174884720a42883533fc12bb78c58f

SHA1
c3f05c1f8175fe7ab45f21d057578e9eb9546e86

SHA256
7ca0d9a1e4a971d8da434de12f4429ed404b432c57ce1afacaee5accb4353990

SHA512
4cf05892c1463fec4733959898111c646077e1be5e14255cda98e3bea590a21f432e19186d745f0c74daf760b4ccadab33166882501e5a3bb3d11c309e01428f

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\dolphin64_black.vm

Filesize
2KB

MD5
4072229bd12668777ce76c2d2b582ba2

SHA1
1369687dff9bd7976c20a639a8031cfe510354c5

SHA256
4c5c3e67741b651ee7625768b0c4e8d9b35fc66a738f1db558be07fc48bdd06b

SHA512
dabee5f0f9f5ca70d51a3785a2207d5b0452ce46d33f05ee4b736ee4ec6892ea2bec28ebbe25e2626211325ffbe2a2cde0d6bdfe83d6c32be9af4cb0f9c5de53

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\dolphin64_red.vm

Filesize
2KB

MD5
b629a5d05108c097038352ce45b4934d

SHA1
6efd78ba31f285632d43c5ab6b599b8724a58e7f

SHA256
cfe9977238ac61286bb959e58fd77382b01964d4bb28499626028d02f41ef59a

SHA512
789937b67c98bdbf8244813b9927eafd914a768419b141625e3555e4130d6d55babb2fd61512298bbe1db4b92353106f0f9b10a4647f5278c64b9587fcb214ed

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\dolphin64_white.vm

Filesize
2KB

MD5
e4bae5af38063a3526759ba68498c18e

SHA1
932b96b2b7007e8d38416df69fbc7142ae796eda

SHA256
58b08a225b420776420de6df1b3a1ec671133f67d10a81bbdf4e3c4cfacc45b1

SHA512
35b6f40dcff7fbfe4c155fc450d19d895d0b82a4a3c85fae1c79a691b2fb98b7d768e51f3f743faae2c5ded4d5211dc91bd39166f460a6b00ce6305025e9f128

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\eagle32_black.vm

Filesize
3KB

MD5
cbeb2e84dfb1d2359365c43e673db1fb

SHA1
0ea5a4fcfcca112c2edced26c148dbd6bd7ea7f7

SHA256
5d09dc7512372117292822e841f3c5226d9fe20db014281e0abaac8a9072358f

SHA512
f69cf26211bf02da3ec42454bd48500c03c2064e8d22cf73b41617c573354fb1b92ac46b068aecda2657e6a1100b81460ce4e9c3786f1a10aa12748a90ede610

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\eagle32_red.vm

Filesize
3KB

MD5
0c8954a48d9b7b3e73f67f736f712b9c

SHA1
f3ec98e344a583d6f412a80cfea5ce8ad1a73877

SHA256
44824486e1819ff1e96f78a07b692ac14915b821acfeb2f41daad728e4f23593

SHA512
8c23cca14671cd325b240378edb772bf605d27316545245ec49a386432782f809e87a8a18db5faaa7dc496f03b9e49862db270e94e42c6c1dece7fcbd809d0d6

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\eagle32_white.vm

Filesize
3KB

MD5
22dcd5403760b82c318afd76ed7e9a97

SHA1
2d88f5da25deddfc20c907f4316e9e15c84dde3e

SHA256
84a89664e6a9751f4d811592df10b9097846df4c54c786c94dfcb8d73800b9cc

SHA512
7360e769e334a3480347458b5178c449147cbc4b06381bbc07ad85dfc37ece4836f929e912cfddb24f40de35a4f982966d8bd4362c037e3726679c93c545c523

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\eagle64_black.vm

Filesize
3KB

MD5
a3441b9017686b32e3be22e1c189ebaa

SHA1
ba29ccdfe3860e6f11bc53c2346008e570162b34

SHA256
81636409b1759ea512a397a7c393d0976e1dfd2b6dd6dc3f769342777252a973

SHA512
d426570470dbc8049ade16ee3ba77e3e4fd0a0abb5e4822a59a365196c5451cf1a4425f60deb7f2b4a74785c38c7cc4d55bb421ca92a63910cc6220095ce2951

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\eagle64_red.vm

Filesize
3KB

MD5
63d99cf4adac70db2ad866aa261caf9b

SHA1
a20bc75b310b3e04ca66a539fa4f2c2162c0f8a7

SHA256
b8e4e9b6bbd3bcebdb460d4e250fe4525d8d723c9e9c0de937b9cba58e55d0fc

SHA512
668fe064de94d77ce9afad583f2853ab6b2f532a007a8fa254ef1e6eb52c6638c34675a18d5a0c77e65a0f961ce8d3131b4f6975a5090f8327bcee3654b319e1

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\eagle64_white.vm

Filesize
3KB

MD5
6b129631ab40630fdeccb08ed01fe7d3

SHA1
0959c12085398697f341a4214a55f1f5d6c2b397

SHA256
fb9e0c18d7bddb6fc29045f5d3f34d24dd8e70fddfae7bd6d3037444ce5ae700

SHA512
05f730968a9289f8480eb31c9ab71211c23b259f19232de24eb5a7e229b7a887e602fb43c59e2bac24409bcdcb7fac71886f735c57b4e453e56d91d8e35c2110

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\falcon32_tiny.vm

Filesize
1KB

MD5
1e8a8d04af598189ef39bb0c67d2f797

SHA1
6bf53544063eb7ca87e67e7771004024b1232f98

SHA256
ec560e7f9749d8191d6ea448eefc38134106756ad668c570a439518a910b8378

SHA512
f306d221e89a2acfddf08ac5f5a9ba23b8528402f55f39b3e272ed3bfd3eb8b19d7c3e0cac82a68041cf3e50deea4ac29049c0591cb56437229e762b371bdbdb

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\falcon64_tiny.vm

Filesize
1KB

MD5
9c16b1906440f395dc92593758e38543

SHA1
e14a952f35260aadbe5ee2aecf1218e622e77d26

SHA256
e36c2c5ed67d45015022e523966695f4155611f439420194d33fa79552c50822

SHA512
8635b72408ba81f2bb0e9e9055038976775a4f0f038faa67fc46483a554c688930b9d3c333de3e7fb5aebfbbb7195204ef5fda550205af96ebbdeb809b8ec9f9

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\fish32_black.vm

Filesize
2KB

MD5
11327658b4bdc55181f668c1714297bf

SHA1
8f4c904b66ce3431071b18457253b6a9cb8854c1

SHA256
dee4ec599fd974992d13a116881bf724e03f735b4a4d6a3e6d95e39c26eadc2c

SHA512
5eaa8c902f2302a923fcfbd099aea3700e8041dac1fc925bbbc681903123e6dde77b9e94192b532b3b6d5601c803774b6dbfd12c8f734b5e94b8eb50c9f126e1

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\fish32_red.vm

Filesize
2KB

MD5
9a39a8c4fa63eb3cd5792b5babcd79ed

SHA1
a3e0963728b5ef20df5448193bce4c7323803223

SHA256
c4b33d9e40a57d3059c9f92eac4bec2b5fd7d7c3b2a5c16fa090e69eed49ee81

SHA512
9693ab488a5584cc0f718517f43cd01d275b79829bc10ff2705d81e4d19aa6a0db76a53239fa560a30571bc78dd2788a419d7342812c3bbe1f868853908f1c74

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\fish32_white.vm

Filesize
2KB

MD5
281fad30559432ef99ec9ad410a3ea79

SHA1
6d9324fc6a2a285a53f4e78a2d684b62a26a8dab

SHA256
6232379c0ce94efc1dcb9af56147b999b8c4f1cae352cdac4634823803f7390f

SHA512
742fc89321d4933ee0b7ea665b24d5c5d2d17e7f55dc7bacd7fbb449140a72ea43c81711249ae0b182ebc2b1ede553711bac70aeade93f6e0c01c7131fe637af

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\fish64_black.vm

Filesize
2KB

MD5
b87ec0d5a64bfc6ad9a2544659aae8b5

SHA1
1c941c4a08312b1f6be58926814c808e73f150cb

SHA256
e7c68d401672835fc55cea7b97f6dd4b204b14bb8c5a4c824b5d856c1d06cfca

SHA512
1a47cf51c402239f9802b3f0603e54857b8139abbb5fc711c873d153e5542a8f257550af7f8321c35b267e2d54c818c70a7e93cb534117b877dbb2ff468fa0af

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\fish64_red.vm

Filesize
2KB

MD5
2512fd9d393388019d59fa763ef83eae

SHA1
cb029fdab73e93765281c8fe58a7ca61fa24600f

SHA256
a83da4b13344ebd2b52f0bdd99666c3f7ee84b93116f2e27b68bf1a1d666e56a

SHA512
0ac707c5cd1ca17907b1731360659c304c7b96d8b69849c5d4823d0b2d2b42b31d3375f536878f574efa2ca4ac59fa0a0c06bb45268642e2b7f2e27aaa5eedea

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\fish64_white.vm

Filesize
2KB

MD5
602c33513f508106dd52e71974a46ab4

SHA1
b3803b2c1f5bf2c25bff489457c44a6e7583f474

SHA256
d1424f4417e113c08287a1cbff400f4610c2791a4b4c3a1dd0fc9852e731fe7f

SHA512
048a72f60a3fe33e32610c076f21280baa8afce75c1713bc9b8c94e32719f57151c3a23c187f0deb535dd553bbfda321b71f9e01ed4c2f9857b7d9d2127e2445

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\lion32_black.vm

Filesize
2KB

MD5
ce71ce1d10056691876e4e05106781a6

SHA1
330cfdfcd93202742b2a354eeb2245ef8ece5937

SHA256
3dd5734db012bdb15522f1b70d63fdff7f6f6d984ed499ff4966688ef803373e

SHA512
5c9eb2e8623ab879a8ea7408dbcc2bf2d4db25c43d0de08f5d8c01f905f84af329ad17dea456de88a59e421aa7bcad2781a3464f3587aa5a9200d2bdcecd5dc3

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\lion32_red.vm

Filesize
2KB

MD5
5159f0a515d2da8aa3219d65e7d8b796

SHA1
76202a24a84c21a5721c7ff0803d3fafec4ee951

SHA256
bdb212cc6db9b2e59541b6354b15a5eb51c97c6c1f5d7a0fea94c149d52d26d2

SHA512
b54d0d97086441ea459032d416acb05e1029a9eee73de291ad716fb9c10c8db9d407177bb00f37c7c9daa9d123c2dc94445bde1ea24ebbc8e9f695b855f0f239

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\lion32_white.vm

Filesize
2KB

MD5
799479150429d97be769d59e544de561

SHA1
465c01c20dc470c6fbf5252812c70fbb564ab6ef

SHA256
bf362886d8f8e2e48bdeb1e8a6ae7ca3b6331618b2d61319a3e50cd1311ea4bf

SHA512
7d22f85b593ef5754c28d89e06071932305ae051025c38343c7cec665fd8734dce07b3bfb0d6648c78766679b8a42f1d6322ba938869599a7d3dfe4bdb5ce57f

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\lion64_black.vm

Filesize
2KB

MD5
cd8d59bc7464948e75d322baebffd665

SHA1
f7d3925176c36f7cd77a21045f8ca95e7059b71e

SHA256
c2fe3a22134d4ea68f9b3e3932797a63043c473fa6a8e237b517a5203cc2b7b6

SHA512
879762533b88d61994569b1e61f15414b3546e03bc6f2a67b9f87ddeacf77df50119c36fc70abfff212268d0b8a06e64554191fac633de839a4fc48f387a26e9

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\lion64_red.vm

Filesize
2KB

MD5
0e7b414b14d9ea68cf21c4936b8eb1f6

SHA1
745bea808f0f7b5ea62feb817ba9cabf1af01a10

SHA256
f0a66881eb4a551b6f75ffc2095858bb240e2c2d59d9ddafbb107825c41a3344

SHA512
44e86b8bc6005665468a3645e1d9fcb43e2c3d86a08b41b02c7771442364f55331b985d8e883ce696cc1f6184a6b4b9fc276ab2e1c7913cb44ebee4335ad603b

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\lion64_white.vm

Filesize
2KB

MD5
ad70bf506c041dfb6ddc6032b6b3d713

SHA1
bc8808e6e9cb8dabe1bf3c84f65a4fe240afccf4

SHA256
c05e83c3235ca0f852c08c657cc2eb6f145ae9daaa2fc0fc94c408b0109b8fb3

SHA512
8ad36cc73f8b01223778bf7581a88a790f431b90652a7ef484ef5f07cf424dc88e4d8a6b4fb323a077fc0dfa26d7c0b54bc081297cbbaf37a835187f3cf5c662

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\puma32_black.vm

Filesize
3KB

MD5
3dedf4fbb2e0a43c94993fead88efa89

SHA1
03192dac4da521419e47e3c5d05e85bc8f592c2e

SHA256
271e987b088a2b168d30df10a82665c38a55572e96010a13c5476892a8ffac73

SHA512
090f43b140125a68d8229feffd6a8c9163273c00f8bfdf400355db94351011de1c3b3f4001eb58be2e9ead7aeaa21c82fcd699aca3cccdf5ab4fcc8b9c949220

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\puma32_red.vm

Filesize
3KB

MD5
74c57c9b71d9fd9ad9d11e5d0024b32e

SHA1
cac26a548d0da85c68bb3198c2a0ed33796a5259

SHA256
771dbb95e4d605b3847353efce337e91e3f2357dac27fa9a6c8f53cf3f845c08

SHA512
79b56275c39376cae07b13288ceeea1647ee65b0a6004fe3bf0fea80030ab5ee887c0bac4c7172cf397249fbbfeff3a80257759ed4f42b1c0c9c20c90c2c31da

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\puma32_white.vm

Filesize
3KB

MD5
29b4aaec06fe1e4765b1a23b44915d6d

SHA1
14f14e5f1438df1325632b495b1f51afd4f61d12

SHA256
f50810ce6b183b285c11c8ba012610e543879922f8ec241339810f07f07c8b25

SHA512
ef1c76948e8762be7d54ff3fd3f85afe1bc32301e21130acde02e2c5d52c64882554ac180847d680c674e30c5ff192a0776eebd1bc8c963fce8be0129cfe9b5b

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\puma64_black.vm

Filesize
3KB

MD5
2776d33d620808e65d5d15caae1ab8d4

SHA1
dc75e46ff696d92a7747c9048ddec17677866ee3

SHA256
86fdfdcaff10978afb93f1108fa85c0f9086e5c3bb3775d231f5c9910ec65937

SHA512
ee25b4a026bd4dd46e0940a6b8e55a94e1bee28d721b9af3bb6ebd7f920cfdc189c5d77519f0fcf59cac2ab1eae90c2c1624c5689ad227aba3f28be51e904220

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\puma64_red.vm

Filesize
3KB

MD5
91439f040d2b0cf2d7d293300df7f331

SHA1
5c03fc2ed81a65804e5598d4c4db4768352580a6

SHA256
49660834559e5698bcfde12ae525ee282bcaa8aafb86504c3da35eaa97d5d9d6

SHA512
24a2c2dba220d5bca05b1726753c89f99551053344184fb025d59479a8e509de7c0ebff6696421be962f7464f66b23677265c2db53e7996a87d634db3b7112d1

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\puma64_white.vm

Filesize
3KB

MD5
99dee73f938fd211e913ff9b733c33b3

SHA1
579523facfa2f4114c175f5fc2a94ae2cc4fedc0

SHA256
6161040a0423f1da576f25ee8e2784425efce686727efe1dd770c6d48e689bee

SHA512
1e69eebea59e772312ce1231b94327b9f4e6d7ac2bd9d5b1ca6e70c1286dba6789e56b82af596953547751f9bf4a61e99045448adc4d9e658ba65a9cfcc931e7

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\shark32_black.vm

Filesize
3KB

MD5
4751dbc42566da935d6a950adc1afc50

SHA1
0590e83d685b08d7d37e3dd5a135fbd0a980312b

SHA256
251414d2033e176d2ff393f5ca7d96a8de9ad6084aa6ff8111a4eba7603e4a4a

SHA512
dd9852f90e894ede730582f5a8a4be5e3e78063a83ed020efb7634a6d78edb9eac33325a3523d71548f7d4de7ea6b651f676665fefd75fe3f373b9a9a467408d

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\shark32_red.vm

Filesize
3KB

MD5
4b265b0965720f6617bc0a8816509787

SHA1
2260d29e62334ee75226b54e58e46452622d9f18

SHA256
73e068168464155f5587efbe55158a8a4cc27cdb82a16527652ebd075ebc10a4

SHA512
daa4d2809700cb7302909ef32c080b0b5287f0e82eadd3b0b02315e6725bf4179263a282e0a7e80fd3f5357427a9414a35d9f746e64e517a21f65928894cbddb

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\shark32_white.vm

Filesize
3KB

MD5
38ffd8b794ade770f157c71f8750ef20

SHA1
cab20f5c076954b99b7c8d2c94f9e2ae7d417ac2

SHA256
bba5fad22229f63e6ed7ade24b907f55e97752f366df97e9176dc2b223e77b9a

SHA512
52d7d643da018fbe1b25d80f3515424e61f5ff37aa78eb843b35769c146a9559ac875d75772323414f9f65ce244aee9d4915b7b473e9f61a22b26c9ee3b1a248

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\shark64_black.vm

Filesize
3KB

MD5
9415bf1d790b879f14e481b2bf4d3235

SHA1
dd3c4b45d82a90581109c376181c31fbc673a933

SHA256
8a545b8de4c09eda770be8046bc47e048f2981141a1f75fbb98b5f156bb638a3

SHA512
cdff05d99c8164a45c41b58dacb7edd0aa7d9de821eda4d1442df8cad7eefffaf898fcbbdbcfd508c5163133cda69fca4fabb3ba41d425485ea8f4a43c560ba0

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\shark64_red.vm

Filesize
3KB

MD5
54bc29577ea9408deb0f01bd0343e0e7

SHA1
8e50b6fced59464f8962d13c8f5ba536981edc86

SHA256
a631c5af0f2c868b8d340239143ef5de8b958481d880444ebffe91863fb119f9

SHA512
a6d198628a4f8286f53a13f28185f3d22de277d7bcba1151e1e9b3d33aea9fffa4b9ea861336bf5352bc81601446cc4898b428075f677b3d861af07038168eef

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\shark64_white.vm

Filesize
3KB

MD5
0e393f3a0d83d3fddabedd077128ec5f

SHA1
a1628d30d6e24ffdf012c3ac6d48c7eb7daab83c

SHA256
e20119e3a0739bae403d302b933562259efe1b8a1f51659650ec9d81bef6bc14

SHA512
7b202e54afdc9f1e4813abd2b15c6c5ebc979808766c758731b91518f9cf43a035c8c1ee9d9fb5733f4aadad7d57eb7c7b8bb6d61e6b93ef7e219cc5048fca2f

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\tiger32_black.vm

Filesize
2KB

MD5
4869f9d01618a693d54726c4f69f2c38

SHA1
467505c4d378991cbef72de1b9e85c204c33be9c

SHA256
449b9160344884f052ba5fb9b013106e98fbf223904fb1f4b86275b330bcfe83

SHA512
662630a03b6a7118ae298dbfe942f8883323b8553095fc5a9a9054f5667a98eb4f14dedb15bf0f0fdbd627d44561674f96fadd65cbcad43e417287cf3619692e

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\tiger32_red.vm

Filesize
2KB

MD5
70a4d7e8deef47b69980daa4f6730f4d

SHA1
d0cc1efc4e7216b55c77666d8baa581e1d545c19

SHA256
e91284e96e8faae4db9cd1df91334e50749ac04bdc1b7bec8e333b149a8e3dd9

SHA512
70f09fe7b4b70f1c0ee170fd3f212017954afda9b5fcd27be06352fa89e6567cd3623ada5a2553431d39e2b63713cc65c6856262f5f262b618a93b0500847fda

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\tiger32_white.vm

Filesize
2KB

MD5
3c23f346b210d6ecee2905e98f63d4e4

SHA1
6a5eb323d3ff179ff0fc4e4cea07c0037ac6d07c

SHA256
9e0d061111a3c239552fa8f25d419b005e2994665a39593890eb1ac0bfd17b2c

SHA512
1a0d4a7dac37bc210be10bd82525e7cee0f3513835484502bcaa8b9fe0c79a343e8bd1f1cb86639277b266d74eedaf8fd1ca7c68e4c7ac92d1dcafc763b7ccfa

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\tiger64_black.vm

Filesize
2KB

MD5
52a5dd937392391fdd874b944ae887de

SHA1
071b4be35957c5a9e7b4c351d65ca9609244c327

SHA256
6353b37d1aa06ef175ef2b2f5fbf41fc52ff056cdff59250fe653744de94b4d3

SHA512
e9dec32b47c63f75a0070141f4fca3846645e6c152a7f1ecd5c899064b0e5ae47708a352ab5e59c95ae081c2b1817b60115ed923c8c7536d37ae9cc142042c38

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\tiger64_red.vm

Filesize
2KB

MD5
92106dbd1a4285826243a7870f8763f2

SHA1
8600836593646a265ca0c023d12b13af902baa8d

SHA256
a7e89b85f101af348a4c8ddbcef33627357c837a330d83d260c98cd774143da0

SHA512
0d3015144680c5a0baef9006e6919ea2e4bdbf2d4f5cc163fbac1623c6b3bdff8c93378ab69cb99fd13c3313d8eb44e6e67fa0e316423ea3cee803ca31aaa1b4

Download Submit
C:\Program Files (x86)\Themida Full Activated\custom_vms\public\tiger64_white.vm

Filesize
2KB

MD5
0e326afc9c59f553ce1b4d242c23d514

SHA1
63d8e07e750e9bc0f2359ebf17453c61e2e4124f

SHA256
abc09860be9415fdfe21835269ed2c9fdcf905bfe634774c05347660cd45b1a4

SHA512
15816e5fee25911619a1bcd64649ffa981860e0b762fc68c6685f8dfe11910a5187d6539aed89893b5a20a224ce43651976e9f6ddc010fad4334dd2cfc8b129a

Download Submit
C:\Program Files (x86)\Themida Full Activated\libspv.dll

Filesize
868KB

MD5
6c8042af9e749f6406b7bd7dcf98d7eb

SHA1
b7395c27c72eb4b78d8459bb379c613d5f2bb365

SHA256
8338de9a14e5bea902708b00d25c16ec5549639167b96ae162dcdd22f65ec955

SHA512
098a8292a4e35fd21bd4f35c729581dd59e5640b46c2761790864a4f6195c78c7014f33201d2b63ab990cdcb66bc9bbc1b7d76fd46df745e8586e111b159c3ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c705388d79c00418e5c1751159353e3

SHA1
aaeafebce5483626ef82813d286511c1f353f861

SHA256
697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d

SHA512
c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d84d1490aa9f725b68407eab8f0030e

SHA1
83964574467b7422e160af34ef024d1821d6d1c3

SHA256
40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e

SHA512
f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e3ee248f048c6ea10a097e6a02837d8c

SHA1
e4ec1af28a4e683797981a65c6b9236c034da037

SHA256
9a41d7e0dd030b5875ad88cf1c2946b92c3b6df5e27559cd571de0978a5984f4

SHA512
7d8da7bd8f3fffcc326bd4f42c60fa8fe6279f786c66f5618691e5dac378bcb65039cdfc93f728f761ef45cdfcdc73fb1da22788fba2c1e7f256987e29fae935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5a4af94920de63ed73db13c076733953

SHA1
3a0cf72fbac8f286a4f18578f5581da492ea16e7

SHA256
aa6816afc332192c3c82fb77df5855f31bd7b55e40b827c8c245d503e640700b

SHA512
69669fde5364921ed0842bcfc5f5eaeac0aea2d9e82c09aafaabcb751aba54074ab3dc459bc7521b04d5d83b2e3106b62e641a221c919fe1cd48a566fc90681f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\41ec407e.dll

Filesize
8KB

MD5
54567e082e0e1987f13a6fe7e3431761

SHA1
b3b3ae53bf362099ef7c593e37a1c8ba40576162

SHA256
17db2ce42b83bb8fe64b29f187d97c88598753c177a8868684f62f9eacf5e244

SHA512
b8608b98616019fbf22b48636e936df1e8a7987d8d56f749df54208bef65267212b7047893043cdc48801b2bff0faaf12c82934d251bf914424a170976e3f1d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AOSKQ.tmp\Themida Company License Full Activated.tmp

Filesize
3.2MB

MD5
2d819048a182b850a3147ec827e8a80f

SHA1
8fd971ecfab132e825e08f37e4f9f12be5cc1218

SHA256
381d6df8b4dd98375c1e42315f1407d6ba46216b6d3ab7876be1f4f358a4257b

SHA512
a5c009011f5c36bd2c9359a7dbdd65b77f1d91c1d2ebabcd4b13d3e9271134ee1af27537f67f5ab3dbd86ce388a7f40883bd3b01186b3494d7bc59af507e8fc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TU37D.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
memory/2424-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2424-79-0x0000000000400000-0x0000000000508000-memory.dmp

Filesize
1.0MB

Download
memory/2424-0-0x0000000000400000-0x0000000000508000-memory.dmp

Filesize
1.0MB

Download
memory/3652-937-0x0000000000400000-0x0000000000743000-memory.dmp

Filesize
3.3MB

Download
memory/3652-70-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-52-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-53-0x0000000003410000-0x0000000003411000-memory.dmp

Filesize
4KB

Download
memory/3652-54-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-519-0x0000000000400000-0x0000000000743000-memory.dmp

Filesize
3.3MB

Download
memory/3652-56-0x0000000003420000-0x0000000003421000-memory.dmp

Filesize
4KB

Download
memory/3652-57-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-58-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-59-0x0000000003430000-0x0000000003431000-memory.dmp

Filesize
4KB

Download
memory/3652-45-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-44-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/3652-43-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-42-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-72-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-938-0x0000000000400000-0x0000000000743000-memory.dmp

Filesize
3.3MB

Download
memory/3652-41-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/3652-977-0x0000000000400000-0x0000000000743000-memory.dmp

Filesize
3.3MB

Download
memory/3652-38-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/3652-60-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-61-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-37-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-35-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/3652-62-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/3652-63-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-64-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-65-0x0000000003450000-0x0000000003451000-memory.dmp

Filesize
4KB

Download
memory/3652-66-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-67-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-68-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/3652-94-0x0000000000400000-0x0000000000743000-memory.dmp

Filesize
3.3MB

Download
memory/3652-82-0x0000000000400000-0x0000000000743000-memory.dmp

Filesize
3.3MB

Download
memory/3652-78-0x0000000000400000-0x0000000000743000-memory.dmp

Filesize
3.3MB

Download
memory/3652-77-0x0000000000400000-0x0000000000743000-memory.dmp

Filesize
3.3MB

Download
memory/3652-69-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-51-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-71-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/3652-73-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-39-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-23-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/3652-15-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-12-0x0000000002DC0000-0x00000000030DA000-memory.dmp

Filesize
3.1MB

Download
memory/3652-22-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-6-0x0000000000400000-0x0000000000743000-memory.dmp

Filesize
3.3MB

Download
memory/3652-14-0x0000000003240000-0x0000000003241000-memory.dmp

Filesize
4KB

Download
memory/3652-16-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-17-0x0000000003350000-0x0000000003351000-memory.dmp

Filesize
4KB

Download
memory/3652-18-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-28-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-19-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-20-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/3652-21-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-32-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/3652-31-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-33-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-34-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-36-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-40-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-24-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-25-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-26-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/3652-27-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-46-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-47-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/3652-48-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-50-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/3652-49-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-55-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download
memory/3652-29-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/3652-30-0x00000000030E0000-0x0000000003220000-memory.dmp

Filesize
1.2MB

Download