e394b31b5d3530ba36cc348fab8ddf79cbe635b81c7991e93d1dec14c7076a68

Analysis

max time kernel
60s
max time network
61s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-09-2024 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

updater.exe
Size

6.1MB
MD5

be00675212ecb96e7603354c84387ba0
SHA1

ee4bfb93dea04a35e15e95dbcb096f66ffa8f907
SHA256

e394b31b5d3530ba36cc348fab8ddf79cbe635b81c7991e93d1dec14c7076a68
SHA512

bd0c5c530d162c70a440a471bad345c2d1d94caf6cfeb3c3a0ae38805eb68664a8a8d349b6d867747bcdc2416da39a16efd36f29ae83f04314dc06c4097d73b4
SSDEEP

98304:gJIMtJix6CC7mR6jatnIC6JCfoYFu/I36GU8seJBHh9NwQYENY1yIXXrjmjyirxc:3f3C7mRP9hPfXE/5GUJWKQKFrj0rxc

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	updater.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	updater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	updater.exe

Executes dropped EXE 1 IoCs

pid	Process
4492	loader.exe

Themida packer 5 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2248-8-0x0000000140000000-0x0000000140E52000-memory.dmp	themida
behavioral1/memory/2248-9-0x0000000140000000-0x0000000140E52000-memory.dmp	themida
behavioral1/files/0x000400000002a9c7-16.dat	themida
behavioral1/memory/4492-20-0x0000000140000000-0x00000001436EF000-memory.dmp	themida
behavioral1/memory/2248-23-0x0000000140000000-0x0000000140E52000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2248	updater.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\silence\loader.exe	updater.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700137787753123"	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2248	updater.exe
1916	chrome.exe
1916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2248	updater.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeCreatePagefilePrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 4492	2248	updater.exe	82
PID 2248 wrote to memory of 4492	2248	updater.exe	82
PID 1916 wrote to memory of 3612	1916	chrome.exe	86
PID 1916 wrote to memory of 3612	1916	chrome.exe	86
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 1196	1916	chrome.exe	87
PID 1916 wrote to memory of 4692	1916	chrome.exe	88
PID 1916 wrote to memory of 4692	1916	chrome.exe	88
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89
PID 1916 wrote to memory of 456	1916	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\updater.exe
"C:\Users\Admin\AppData\Local\Temp\updater.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files\silence\loader.exe
  "C:\Program Files\silence\loader.exe"
  2⤵
  - Executes dropped EXE
  PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fa6acc40,0x7ff9fa6acc4c,0x7ff9fa6acc58
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,3975249376058082959,17591463989555817017,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,3975249376058082959,17591463989555817017,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1740,i,3975249376058082959,17591463989555817017,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,3975249376058082959,17591463989555817017,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,3975249376058082959,17591463989555817017,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4544,i,3975249376058082959,17591463989555817017,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3668 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4620,i,3975249376058082959,17591463989555817017,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3668,i,3975249376058082959,17591463989555817017,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4552,i,3975249376058082959,17591463989555817017,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:3188

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\silence\loader.exe

Filesize
21.6MB

MD5
1f83dc0529085fcd339fc0fd5537773d

SHA1
260a92dcbab701b65218b4f0f5539984cc19481f

SHA256
d18edfdf943460fa7ee4a17543502d914fa3bcf71bead34734aa73e5de48258e

SHA512
a47f72f8a4b82d7b90c90a7a251985cac6a78224388510f510de4e0e2219167809c313ec4b52b4742d11df61dfe77a7700ca66464d0dc553e950820de5200942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
737c150477df2495b731f5e5ff9b7bfb

SHA1
b8d46b59e5be4c1ce2170ca2e14553fd66abf3a0

SHA256
907630a4afb7e056eeb9293c8b8177ccdf8ab44a2f0ff0a09dc658137121f669

SHA512
da43171a92b68eca4bbc16f8fb95da46feb9c819d2dc75dabe9632ddac25d1de5a96528934489f3c3e8dcf67a53189932d9b5171e3ab4398d68e50a4e55880cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2dc05f253a7b41b315ef2920b10c1a0c

SHA1
eb049348c671b613108787f84c7e75674e051a57

SHA256
8bc526f6dfd237297bf2e0da13f33bc69f0e698317a76ef56e916c9ab1c54fc3

SHA512
dbe8a6b853d488e57a67fbf09aa8ccc291ae9e5812793d51bbd9db45ee14e5a88cc5a1268a0d64d9446ec84dd70d1fc09a06e94cea58222df267ee84a1e7375f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
91ffc3b9695d2d821d0572048b9e9681

SHA1
ceb9f516cd8b54f7af3696703ca3d4d7eb528fe9

SHA256
c122041b975bf1dd521690d9f87bfb7660bebf4f2853e6d1065ad5634dc3af05

SHA512
914fbd60153e30a0f278db20daca3fd3a9594ee7575eb2dab5131b420487bd1f6d0dd3954d22527be52517ee2e000dc56cc6a170a594aa66bd74c6d356fe5288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1904037d7d4afa7bc6605640bf032d14

SHA1
9389fabb52381dd38352e1bd5c956ab75b8c70a8

SHA256
fd1bb716fd7d5a4f1b785ac5008506fd76441239acc91e774db782371b808b29

SHA512
d35722ca5a321ed3a459f58223ed56339b0c4deb6b8a63ef90e066f7d9c5cb23ef3c88df8e24c6f9ded9b09f3b6942c2fbbf103da206806a539cfe8704fb83dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e51d13f2908c26f56c8663bb77872ec

SHA1
86de10a71ca668e352d7c5c20e6278c76b9ba817

SHA256
eaf8e6cf828b7f3f979c6a51c450a3118a23396c17e7794786cf08f62a318292

SHA512
507e1d5c4b0bc378880d00e8a4cc32c602bcf08dd9e64f449a3a071751fda82564943cd3d81beb7363981bd4e0310a7b0d4edbbb13cca86ce91587bf02430518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
871b50538fb6912ee0cc8ff9e6824181

SHA1
83779433a5db4790eaa1066c2abe29fb58e57d8f

SHA256
fd539e56cacee6e319710ce403df3202fef558321802ff2f2a77f635b95a6a59

SHA512
3bfe4e05d9d1e7523d96b06abf0be57cde0f7dbf2a8fa53b2e3450d449ae384a8b41b26d11ebc2fb4e4e511b7a100ad9c6b9a78a19311e84e394ac593d5fc9de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd073b7ba7d7e80e9f843aa1c6b29bef

SHA1
2da9a07b13af31226e2976a9d0dbe9e875e5174d

SHA256
9eda0d1dbdd019186d921fbeff1c01e971575b3525296687ea4cca5bedc53ce0

SHA512
3aa6bf2934b80d5c0a7a90ee467e7d2494aade6152b00b780e3dd3c832c6bb2b9ea2cffa3d51d49e442599f31918caeb31e4e8bdf3a06b4e8196d32a2bf72df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
cb7ae9936a07a9442bd0f459962c2f0d

SHA1
e8c498db8102cdd25a4621a1e55b75f4dd13d12e

SHA256
13b4fdc3feeaf6b03bcb3ec8affd0354710fde372b28338f4c55a9f0e35d7aae

SHA512
69e88c1040e6d66bd3feec82b55df1707b21dd8522718f2ade21adf94e4345015b18b530e4ccdf6cae8a15efee84d5f3beb8b98d08c7ab3bb6e43294e78a2e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
b61223ca3ef361efe60340cb6f9a81d1

SHA1
6d5a409afd9e4c58351a76cc0038e9ccae533f64

SHA256
0685b3109161b724c9b00a62ef6c761e3efefbb60bcf4b71ca18093bb9d18e9a

SHA512
d3a81ec17a432e94456c316c41a50dd6b3a633125a76daea450214088c665c2c9651a8afe8abac6cc89994074cebc43029548ef5ec9b392cfb5dd2d65c9011ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
1da60379e08f3955c68d92f90ac2fe56

SHA1
5acffa39b5c9f78a8c676b53acdeb0300e2dcd6a

SHA256
654e2e8a545ae3ba293aad5f42dfa4b77ae730fbdaa946ab85bde2317169835d

SHA512
68a21e3c1bcae59230cc10456d48b2c175231fe6b05f10fa24aa5c75fe6131536aa366ff86e1221cd56b91f0f4d5a70cd74ca2d3b2be7fc2438d3dbf4004bf5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ff15da8f606673dfed938f8d602cc467

SHA1
7eed0dc32f0a1b0ea59212e6833432ea5a8e9a1c

SHA256
537cfdf20b35814060a15b9b863dfeefb24f2e472b94b02f778a2975c211fb39

SHA512
2ac49b405e7a6fd7a1992bf37af91d79529725798a8264af16ccf64827e425c493a22836d37b3452dbfeb2e82bd05ee4f939f8a2e656b89bcbe3079dad1f03bb

Download Submit
memory/2248-8-0x0000000140000000-0x0000000140E52000-memory.dmp

Filesize
14.3MB

Download
memory/2248-0-0x0000000140000000-0x0000000140E52000-memory.dmp

Filesize
14.3MB

Download
memory/2248-23-0x0000000140000000-0x0000000140E52000-memory.dmp

Filesize
14.3MB

Download
memory/2248-2-0x00007FFA09170000-0x00007FFA0922D000-memory.dmp

Filesize
756KB

Download
memory/2248-11-0x00007FFA0918A000-0x00007FFA0918B000-memory.dmp

Filesize
4KB

Download
memory/2248-10-0x0000000140000000-0x0000000140E52000-memory.dmp

Filesize
14.3MB

Download
memory/2248-9-0x0000000140000000-0x0000000140E52000-memory.dmp

Filesize
14.3MB

Download
memory/2248-24-0x00007FFA09170000-0x00007FFA0922D000-memory.dmp

Filesize
756KB

Download
memory/2248-5-0x00007FFA09170000-0x00007FFA0922D000-memory.dmp

Filesize
756KB

Download
memory/2248-6-0x00007FFA09170000-0x00007FFA0922D000-memory.dmp

Filesize
756KB

Download
memory/2248-4-0x00007FFA09170000-0x00007FFA0922D000-memory.dmp

Filesize
756KB

Download
memory/2248-1-0x00007FFA0918A000-0x00007FFA0918B000-memory.dmp

Filesize
4KB

Download
memory/2248-3-0x00007FFA09170000-0x00007FFA0922D000-memory.dmp

Filesize
756KB

Download
memory/4492-20-0x0000000140000000-0x00000001436EF000-memory.dmp

Filesize
54.9MB

Download