Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-11-2024 14:22

General

  • Target

    Resource.exe

  • Size

    137KB

  • MD5

    4f38c635b15d7f9087a758baca7c6662

  • SHA1

    0cbfe507872829dc19e63436fb8e9759dfb42271

  • SHA256

    0404b9addf506f9b143521aed1b3a1003c2c8f16828221946a4d06dac6e85bfd

  • SHA512

    dde8048dc7add02f03196438f171c52e6bd04fe099be061c6f2adcb8ed893d4e9279a823d8bd1c6d506d6f1e1857bb1ff5f5a41292e643db8aa6f025f4a8fddb

  • SSDEEP

    1536:5huxXrW4Heqv3taHo8a+rIq24GPwfWUzL7SWoWicEmDA1wWu0eja5JUrsD98fp4P:5AxbB+maI8aRqhvja5arGef1G5trgE

Malware Config

Extracted

Family

phemedrone

C2

https://mined.to/gate.php

Signatures

  • Phemedrone

    An information and wallet stealer written in C#.

  • Phemedrone family
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Resource.exe
    "C:\Users\Admin\AppData\Local\Temp\Resource.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1196
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3872
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4004
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe0060cc40,0x7ffe0060cc4c,0x7ffe0060cc58
        2⤵
          PID:1824
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1992 /prefetch:2
          2⤵
            PID:2916
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
            2⤵
              PID:3736
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
              2⤵
                PID:1668
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
                2⤵
                  PID:2572
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3352,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3456 /prefetch:1
                  2⤵
                    PID:4384
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4420 /prefetch:1
                    2⤵
                      PID:2328
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
                      2⤵
                        PID:2320
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
                        2⤵
                          PID:4032
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5152,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:1
                          2⤵
                            PID:4296
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5216,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:1
                            2⤵
                              PID:4420
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3776,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3524 /prefetch:1
                              2⤵
                                PID:3192
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3280,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:1
                                2⤵
                                  PID:3964
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5584,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5596 /prefetch:1
                                  2⤵
                                    PID:4768
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5940,i,13802894619680069131,2502949621785071475,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5912 /prefetch:8
                                    2⤵
                                      PID:724
                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                    1⤵
                                      PID:1900
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                      1⤵
                                        PID:2792
                                      • C:\Users\Admin\Downloads\ResoureFile\Resource\Resource.exe
                                        "C:\Users\Admin\Downloads\ResoureFile\Resource\Resource.exe"
                                        1⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:900

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                        Filesize

                                        649B

                                        MD5

                                        c7f4394c44ac8ab55aa1e66dff742536

                                        SHA1

                                        a269d2f5d45ea2febb73623bb24a89110c93315b

                                        SHA256

                                        6d3d0b5a26c22575c5b9b161097d139adb2144befab25135dac37ad54abbafd5

                                        SHA512

                                        1e4b56986769c2305b807dc81dbfd5eeba019efbe3788ca77b300e9cd9480aaa13706f2a880f909ad3f0cd59b4c1b1db43cbe8639058de2a925138c4adc7a186

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        1KB

                                        MD5

                                        27d1d9979cd426d9aced8fcf1db4d113

                                        SHA1

                                        e199b44cf66352d6ca8f066d9bb93c4270781a65

                                        SHA256

                                        6c8133bc2654701cd64ec5ffac7f726bbcf00279f8070e061846d80e8465fb65

                                        SHA512

                                        439f493dd942a03767341db71deca0a8531af16fbdeb95240eeceff9b02ffc9a6cc351cc94924351ced29b958ca580e0409d8114b0c9a99bd1cf274abae37e49

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

                                        Filesize

                                        44KB

                                        MD5

                                        b55ce338b8a93c38d60773d3257a011c

                                        SHA1

                                        3baa57ee446a5918d17e16bef92b4da42e06dbf5

                                        SHA256

                                        98adc239e2040e8fb8ef31326acfcf32ae8e6315139b08fe095b4fdb8a1458f7

                                        SHA512

                                        d30eb4a3623b80ef347a18729f71ac27f95b1c80b519129f7642c36b40793ae5bf99054a5fe93c5d74c6e426c4fd9757a769dc9fc1000c4e53807fc866a6493b

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                        Filesize

                                        264KB

                                        MD5

                                        3f8f3012934185f1f6e5aae2078ba7d7

                                        SHA1

                                        77c82a5b49fcdbcf468c73657e4b0cebf3cdccb1

                                        SHA256

                                        54210b4fba9e061cd05c29eff801bff92cdda1652f4a7c89eeb266c558280881

                                        SHA512

                                        c0d5aa3eaf168e4ad7091445d217382e50195bc28f8e2a08389bdae3bc33a26c04dcbbc1f476881d018302859321d24035b6a4f6dd29378059666d8299a6e6b2

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

                                        Filesize

                                        1.0MB

                                        MD5

                                        92e0917382c3c1cd31e071f7e88ff011

                                        SHA1

                                        7a501177dce6fdb3c5070a95b8f587e8691853ad

                                        SHA256

                                        a317186ea1900480723d19565bbf2a9d32bb53f60cbcf8a209293bc1a0e13717

                                        SHA512

                                        954da0f37c23f8c8f242700e9b1b1e263d93cf65a39de1e14de2151e4fd732da3328d40ced8af1fff5a7cfed50b2ba6ac1381d55d2fe493c9be5b9416886839a

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

                                        Filesize

                                        4.0MB

                                        MD5

                                        64cbd46162e0c0351fc5893fb85e3798

                                        SHA1

                                        e85741c0bf1a8faf7c12fa823a3fc126fcd81d87

                                        SHA256

                                        a1d627a4ed8987dd0a73f8cb8ae8c0fb08e60c1d6f40ac13491b15f6dc8bd3fd

                                        SHA512

                                        26f1b3537766684b5591b15eb055c1eed4289d5e93ee72ab61c9116a02bfbf5bd540f0ff808c38c14172b8c30afe88593cb86c678d1f08b7071426be5b36e313

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_uploadnow.io_0.indexeddb.leveldb\000005.ldb

                                        Filesize

                                        1KB

                                        MD5

                                        42db2ec37f80a72464d05024ef6caf4d

                                        SHA1

                                        db604ad7ff1caf55bd206cfc577febb2378c130d

                                        SHA256

                                        c9d746fa79aebf9c5c9ac3d5a17069e62dc5f97ee6ea89ce17b575a71875a485

                                        SHA512

                                        52aff3fd2f467f15d00bef3f2e304788986d6f775d52ff3722d088e0c4a07d72bdce96e7bc3966eb31dd40182b13cedc28ffb5a40f615a2d2c953ad0e89cdd58

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                        Filesize

                                        20KB

                                        MD5

                                        1d193de119613df9f8e6470d998ac55a

                                        SHA1

                                        d5e3c4ec9da00efa98f44467057726dcfc634346

                                        SHA256

                                        4e1bf32fe5e791682f299857f38c2d8ca520b1e69085c60f16a3417e1588bb53

                                        SHA512

                                        0bdd69e3cb8d073d9b0dca2d0706c9f0e6bce9d35a2a1f736d8fd94e7dfba61164ace5571ba744f2e44f32d6d178d51f6c2f03d4b3282dc836de77a6c23d9d24

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        6KB

                                        MD5

                                        747c2bfe6c8b36be17d2b8d8a936ce67

                                        SHA1

                                        548c9ec3a947d51cb2e41db0d1ad2ddf31734a10

                                        SHA256

                                        c3ba8c9758325affff56ec107538f482d143ea04bd87292b2d7c3f06e3980eb7

                                        SHA512

                                        8b14efd7cdae4b77588bba41e47611ab224f25c7b5a48702ce6f6ac888ede93edeb7ec1c5874928a2c3ea4a011e0140471f5778ea377ef9816a1ab3aa0a2f02b

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        858B

                                        MD5

                                        63ccfa4897e128ffcb732c20be0dbbed

                                        SHA1

                                        b12829b7ca457292b90955e7bcd6b5b809420688

                                        SHA256

                                        3e5ef366d27fe2f517127ea09dd512d4984203afdda5298a3ff9628743934ea0

                                        SHA512

                                        6113156c95a0ad5b95e49e169d554724d2a7f81796ed813ffc3c021a5ceec883a91117446850c3ccc387cf35f591b44677a7a2ddb1df2806ceda06ce77d35ff5

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        356B

                                        MD5

                                        8cfd77b929d11ba22d79e32dfc45bd5d

                                        SHA1

                                        c7026cc1a58558c65f94d66ffba8083fb103e7ff

                                        SHA256

                                        29f54f819e5d63bc63325e94f255c96cf652b387be2b3c39ee466db3e67b6350

                                        SHA512

                                        b0861f4a2a6a26a44f597153a5b807a6fc1209efaec7e1550e83858c654d06e889cb0a834413005c6f643c82323903cbed24add3e7da3dbecfa5d04628748eb8

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        be80e7b59a1f244b70d72530c2d9419f

                                        SHA1

                                        9018ec0a32a06fd528736b5582463a756294f7dc

                                        SHA256

                                        9d593d3910f12aeca68df48ee5530bdfbcfe754ecde9fb361a25f87da0f215d7

                                        SHA512

                                        260c91a65d9d3c8c4c0d5e6d7bb0cdeeafab266187443cffb03426d8cdd5a6d11f4cb6d785c810800cbe92da2f3fe8a24f3b5ab8e8d15ee28ff88b76112cfa4c

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        1b19b61b6a332cd400b93be1122d8566

                                        SHA1

                                        2e0c2cba74296b8e56da774e9eb7aee3857500f3

                                        SHA256

                                        c622264d0168a816cace42709baf208b4048ff17deb3d8d2000564166ca48947

                                        SHA512

                                        612fde6ecb0ac0637c4c0e66974f0ff3290a1dcc8078873018e8fef2198d62174142ff66c0b024e3e55a90749c761c4c63d498933752ff368f7b6cd93c10995d

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        60c6b2353bc0e2d6b129864c0be480ec

                                        SHA1

                                        497c0625a0ac0c45a89a786ac820d9b3cdcaa44a

                                        SHA256

                                        b2c63a5d604f5ef90ed0d1e3af6d4557ad615129de27bd8e0d6ab5d43f1d8a40

                                        SHA512

                                        ce311aa4bd71200e20e08ffb9df07b5212194ed51fe2d287f189d683f16c55e96328ef01c24da5d944fd213ca38acaefce62be8ccd52c891c530d29d2e719db0

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        b86538dfd96fc40da5ea22d8d99b06ae

                                        SHA1

                                        875828c2c0097bd1118e57e51eb37be4827dbb9d

                                        SHA256

                                        71b19d52cb79c59de2081a7f28b601508a522973e51ab5182e37caa1b9a34c0e

                                        SHA512

                                        9ec1bbd3e884e40ef485e0048fce576e78789aab791c141e904174cd3e8e76d251798fea99b9fceb4e9b55a831a7c5316b1d116ca46bda5fdd7d8ff496bad096

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        554330e0ef8feb2ed8e25883e9436146

                                        SHA1

                                        cddfd0d5f5f4ad089137026af5e4a2e5dc942419

                                        SHA256

                                        92a0b91564b5e66d3b169380107e4a976536100350a57f58e121a60ac3fc6d2d

                                        SHA512

                                        b34fcbf0521b7faa2fb4816e4ae150e282667dbd4e32efefea1f14d8a863e80056f2e1d998f7ea5b21719d73094348c9034fba8390775d0a7616550b24af893c

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        34029cff234164969f7551c911ef8bde

                                        SHA1

                                        6d3bceed02a7b13b94fdb83f45079c86febe61f5

                                        SHA256

                                        4ee52fcf2d564b0dfd5a8ce748d2ba40635ea2ca5115de1a1f95731bebd556ed

                                        SHA512

                                        8c463605cf4dc7c333a34f17556180dc970cd48fd17f88e93380e043cf55eff66cf8cefb47b3878cbcb61d45d513bc822e7f3ba0d1a45b299e9917835865211d

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        9KB

                                        MD5

                                        84f39c4842bbc661cf6ac140dabbd6f0

                                        SHA1

                                        ef3d9af602e4a3642bb92415b1d3f634c55fbfc4

                                        SHA256

                                        c2444a2217e39d09f8f21caf238aac571a99240ea4427a69455efc2e214df57a

                                        SHA512

                                        e60a61069626058a76ee3df340f159d21bba490ae9f9ba117ff962cdfcff5f1fd793517fb99097b94ef46984968c139a5f22ece2e7229ac9bd7155d88c60edf5

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                        Filesize

                                        15KB

                                        MD5

                                        d84bf250ad32865f192fce4b5ac4b35d

                                        SHA1

                                        a6c9ed17523f57eb2fbcf87e89fbeb91b10421fd

                                        SHA256

                                        d1fdfe63174378cd0ad4555f3f918637cbc0694d3be11c0ec38e1f347f3e89a3

                                        SHA512

                                        23720b8bad9640eb5e0db14d3a23eb2e9e5ae30a9ad5540b7dc9e3d38e2414155c47bedcf32e50ef64e970b691873f8e0fe04c8f18c01293e2ea4cfaffa07c92

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

                                        Filesize

                                        44KB

                                        MD5

                                        f27fd6c450e51d328002a23de271b5d7

                                        SHA1

                                        20ee326dda003910629b6e51612b95e31798a182

                                        SHA256

                                        6e594f86111fd76981ae7ddc239c045258ae6486112ef04eabd6f59836ff9279

                                        SHA512

                                        c5a5771e311e34c3ab3a12159a2ebb4e49d7a6033cb226d267660694a8caca3c2b9a9d14493b83a193c86ed057898a8e50713b2834427d553596ce751ae10a0d

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

                                        Filesize

                                        264KB

                                        MD5

                                        0feeb73afc5fb5abd984e54abdad0c48

                                        SHA1

                                        50f0a5731e8f0f3c493117a2c4e3319156eba953

                                        SHA256

                                        84e5b84f21433debae8d09a40e57e9a7a066f29f61fc3f1a4e9a713bcb5519ab

                                        SHA512

                                        7016abdc1c2b604f63510dbc3f52a0faa73c97fcb4c1ee1713fb153bb04024559a5b4cb071426d9de139c2ecd287ab8d29bf4779c71624b3b2fe411cd6657022

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

                                        Filesize

                                        4.0MB

                                        MD5

                                        68acd7fcb4483f4419d8b968cd307a09

                                        SHA1

                                        eba331ca60dced2cd819a417f97b2558c8c5c68e

                                        SHA256

                                        0ee4ead098f0cf9872c6a0922adc9d75088fac53b2e5f887816f1bc2c0449c89

                                        SHA512

                                        73ad05eba113fda8b09e28703847f78f7d90750d460c1f79b8c89b4f11b45581db034abc0900d7b9740d559f93785ed24e5014d8d3397a1269e5d0fd0308e676

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

                                        Filesize

                                        106B

                                        MD5

                                        de9ef0c5bcc012a3a1131988dee272d8

                                        SHA1

                                        fa9ccbdc969ac9e1474fce773234b28d50951cd8

                                        SHA256

                                        3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

                                        SHA512

                                        cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                        Filesize

                                        14B

                                        MD5

                                        ef48733031b712ca7027624fff3ab208

                                        SHA1

                                        da4f3812e6afc4b90d2185f4709dfbb6b47714fa

                                        SHA256

                                        c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

                                        SHA512

                                        ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        234KB

                                        MD5

                                        60ea7bfc9032f10949c8f275890abc80

                                        SHA1

                                        064d0a10a850c0c4ea6ada7bdd12d43cc7e0bd7a

                                        SHA256

                                        0635f5141c1fba246fe4261dff4335d66d76926da6e979ecbd16d1658b19133c

                                        SHA512

                                        e6733141c21f583666b0b81ced2e7c14804b1955ad08bc57dfac68ff640e49a7e0a53ca617bc358feb16fffa731e601e39714bdd9fb5f42ea068945394af1333

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        234KB

                                        MD5

                                        b39a99403eba36b502b84d8a0ddbfb9d

                                        SHA1

                                        c3ead20a7348079ebeb93280f4a7f1d189ac2c52

                                        SHA256

                                        7a06601a5f6c12f179566e9e390bcb272f672a797a5eb6e5f9cf489d7e9d0d3d

                                        SHA512

                                        cc9d3f32ada1214aba9895edaf592ae2f9c2101416cf7da160b593d369a7f861e484815077ffed981c1d46f3b568b0f25d925c95e12184723f1cfd1e8555d870

                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Resource.exe.log

                                        Filesize

                                        1KB

                                        MD5

                                        25d65aaa381506c5ecc1aeca0344de73

                                        SHA1

                                        c536d9e10eaad2a31465b631c95614002a7facb4

                                        SHA256

                                        f3e5b208d4a508a5adcfe88d993cd5b6a6db80da5f38e4f772521920cd73cce3

                                        SHA512

                                        9b761c5358b9d37fbedfc5bb46552e75ad74019d356c38afabd55abe3dbfb60d68d629e1d733ddb483a7448db0b1b9cff7fda579f2654ee53aff11c62324a4d4

                                      • C:\Users\Admin\Downloads\ResoureFile.zip

                                        Filesize

                                        138KB

                                        MD5

                                        6174ba506514ec4b51459759c8d0f0cb

                                        SHA1

                                        4c6340680c3ddaeae06d1a8cd34dfbba2de748c5

                                        SHA256

                                        f22347457dcc1547a18a9aa2526dc2d355b4af14ebc468c0ac56ba1f1084041f

                                        SHA512

                                        799ed2e2ed3837604edd51119424dbc749938a207cd414fa5a709f6b2eef7d9c2195e3b1ffb69a59242190dcf123113b21e895fbee0543e7d74f41abc5729df1

                                      • memory/1196-0-0x00007FFE00F33000-0x00007FFE00F35000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/1196-4-0x00007FFE00F30000-0x00007FFE019F1000-memory.dmp

                                        Filesize

                                        10.8MB

                                      • memory/1196-2-0x00007FFE00F30000-0x00007FFE019F1000-memory.dmp

                                        Filesize

                                        10.8MB

                                      • memory/1196-1-0x0000017D02190000-0x0000017D021B8000-memory.dmp

                                        Filesize

                                        160KB