agenttesla | f8945563dab52de0ef1cc3dcce3afbdcd8122cfef0c84a0a5d6661ae3ab6137a

Analysis

max time kernel
149s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 11:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vessel Position.exe
Size

461KB
MD5

2811bb21fbddfc5aa2fc7645899490f1
SHA1

409103b6f327dfdb552dbbcccfc42c8079114f20
SHA256

f8945563dab52de0ef1cc3dcce3afbdcd8122cfef0c84a0a5d6661ae3ab6137a
SHA512

fd51548706dee4ef4ad01e69444c24157760d0f7200adf6293cc7f34700014458cc10d7586e77388b0c91f066baaad982c3365abc79a08cc7b19875c4a7c6e3e
SSDEEP

6144:TWeKZc3d4L6GzC/fikYczRj+m2xHfTVDgjnx3G5UuBjhpH3565Xnnz/8vqe7fV:kLCwczBGVgjx3q5

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
66.29.151.236
Port:
587
Username:
[email protected]
Password:
jxkiKr1nB8PV

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
66.29.151.236
Port:
587
Username:
[email protected]
Password:
jxkiKr1nB8PV
Email To:
[email protected]

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Vessel Position.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepads = "C:\\Users\\Admin\\AppData\\Roaming\\notepads.exe"	Vessel Position.exe

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

70 api.ipify.org
71 api.ipify.org
Suspicious use of SetThreadContext 1 IoCs

Processes:

Vessel Position.exe

description pid process target process

PID 3816 set thread context of 1120 3816 Vessel Position.exe Vessel Position.exe

flow	ioc
70	api.ipify.org
71	api.ipify.org

description	pid	process	target process
PID 3816 set thread context of 1120	3816	Vessel Position.exe	Vessel Position.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607652269892902"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

chrome.exeVessel Position.exe

pid process

3380 chrome.exe
3380 chrome.exe
1120 Vessel Position.exe
1120 Vessel Position.exe
1120 Vessel Position.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

3380 chrome.exe
3380 chrome.exe
3380 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Vessel Position.exechrome.exeVessel Position.exe

description	pid	process
Token: SeDebugPrivilege	3816	Vessel Position.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeDebugPrivilege	3816	Vessel Position.exe
Token: SeDebugPrivilege	1120	Vessel Position.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe
Token: SeCreatePagefilePrivilege	3380	chrome.exe
Token: SeShutdownPrivilege	3380	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3380 wrote to memory of 4600	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 4600	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 3100	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1128	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1128	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe
PID 3380 wrote to memory of 1616	3380	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Vessel Position.exe
"C:\Users\Admin\AppData\Local\Temp\Vessel Position.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3816
- C:\Users\Admin\AppData\Local\Temp\Vessel Position.exe
  "C:\Users\Admin\AppData\Local\Temp\Vessel Position.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff4a30ab58,0x7fff4a30ab68,0x7fff4a30ab78
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1980,i,4352775412557423772,4529774895320018199,131072 /prefetch:2
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1980,i,4352775412557423772,4529774895320018199,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2344 --field-trial-handle=1980,i,4352775412557423772,4529774895320018199,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1980,i,4352775412557423772,4529774895320018199,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1980,i,4352775412557423772,4529774895320018199,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1980,i,4352775412557423772,4529774895320018199,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1980,i,4352775412557423772,4529774895320018199,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1980,i,4352775412557423772,4529774895320018199,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1980,i,4352775412557423772,4529774895320018199,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4988 --field-trial-handle=1980,i,4352775412557423772,4529774895320018199,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1980,i,4352775412557423772,4529774895320018199,131072 /prefetch:8
  2⤵
  PID:1544

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
29799d8f2e39f1adc95bf51ba33cb380

SHA1
25ddecf0632d10e429e2c708f7edba6ff22bb71a

SHA256
723474d0303308cb7fcb77c3dec2dff4439706aa829bc9f3e119eb16921ed7bd

SHA512
88219b4a38964839a3db205a60d4e1250edd506fa39035008c5e818c8064d20667e79cf191752ec67d4982bea0d53dc66679b3f16537deb712e5f75279f66ef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b3d1a5b18ea9165d255f106951f559d8

SHA1
0e5517ece7e348bfd13645eb67b0484cba1e1c8d

SHA256
e09a490008836e4b29cec7f29173c98a6247bdd30e01ef5dd35c2a801b3050ef

SHA512
059220b956ab12b25218cbad155310fcff875b589a7ca57278f4f24fc17e72bb03893fdf014871ab6bf8d91f40217accc7333f83a1b595d06bf3a95e580905d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3cccfdd6c4f4bcd15d2048b1d2f08c53

SHA1
5a7d45e86c75310577716c5d14eb55f52e9dc5dc

SHA256
84e79346b4f2e4835463c87c928609260b1933efe929e391cf62f9b7a8bb0be4

SHA512
bbb1676810d045ca94bd6f27e06edb78109f588668512f6ba968f1f9dccc9b6e6230a80bd12745e0f0c0046e0c52f4fb484f657b4132c452a2d536bba160efe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
5e55b847949fb9ce9aa93afd7247f77d

SHA1
97557343d9335c05415f6e473d752fcd0967d1a9

SHA256
06ea7ee6ecd368f2033639876ddbe4fa4a7b62255fabd4b28cff0c9ea54e0533

SHA512
8a65396d6e5727e2ec118b949cae76d09d6c3eaa22085042a31755bc6d21aebc71f68b8ebbcdce4bf06e86f1fdffb2c65bad662159bfa5055d0edb976c73ce99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
1d02c361a42cad69c2070c1aa4a86e17

SHA1
5611d0c69f68142a63a390a23d86ef7e6372ea1e

SHA256
76ecb8762c1aa8beb91f9129e9dab4e15eac851dfe993ecf0c4283c0d2dea6b4

SHA512
4793f34ae291ff857c41a364653621e242ecf830c7695d7ee223d902293ea8eb65598a3254da7a05799fe9b4a5e862b0d3858201681679a56c03e6f156922148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Vessel Position.exe.log

Filesize
1KB

MD5
489c7565f9b029ba9fadff774073cc98

SHA1
56c05089b33ee7e7dfa9e6a2d098164efd8e1150

SHA256
10bf6242da02dad8b2e1208b9dab9a7303cf986320e05e5ef20b99c9b71326d4

SHA512
ddea09c011a8d4f85905842c2f34c98add0110a0b6b3b2709718c3614a2c42dec5f4f5d5b9442cfd3c6c23e9a90c8c0b25c14c3dbd42faea9cc8dd232cace1ac

Download Submit
\??\pipe\crashpad_3380_SASWWTKDFNRZFZVC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1120-4970-0x00000000067C0000-0x0000000006852000-memory.dmp

Filesize
584KB

Download
memory/1120-4965-0x0000000074B40000-0x00000000752F0000-memory.dmp

Filesize
7.7MB

Download
memory/1120-4964-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1120-4966-0x0000000074B40000-0x00000000752F0000-memory.dmp

Filesize
7.7MB

Download
memory/1120-4967-0x00000000051B0000-0x0000000005216000-memory.dmp

Filesize
408KB

Download
memory/1120-4968-0x0000000006590000-0x00000000065E0000-memory.dmp

Filesize
320KB

Download
memory/1120-4969-0x0000000006680000-0x000000000671C000-memory.dmp

Filesize
624KB

Download
memory/1120-4971-0x0000000006750000-0x000000000675A000-memory.dmp

Filesize
40KB

Download
memory/1120-4981-0x0000000074B40000-0x00000000752F0000-memory.dmp

Filesize
7.7MB

Download
memory/3816-63-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-4892-0x0000000006270000-0x00000000062DC000-memory.dmp

Filesize
432KB

Download
memory/3816-51-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-49-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-47-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-45-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-43-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-37-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-35-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-31-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-27-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-25-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-23-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-41-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-39-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-21-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-17-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-15-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-13-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-11-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-4890-0x0000000074B40000-0x00000000752F0000-memory.dmp

Filesize
7.7MB

Download
memory/3816-4891-0x0000000006240000-0x0000000006246000-memory.dmp

Filesize
24KB

Download
memory/3816-4893-0x00000000062E0000-0x000000000632C000-memory.dmp

Filesize
304KB

Download
memory/3816-53-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-55-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-57-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-4931-0x0000000074B4E000-0x0000000074B4F000-memory.dmp

Filesize
4KB

Download
memory/3816-4932-0x0000000074B40000-0x00000000752F0000-memory.dmp

Filesize
7.7MB

Download
memory/3816-0-0x0000000074B4E000-0x0000000074B4F000-memory.dmp

Filesize
4KB

Download
memory/3816-65-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-67-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-61-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-4957-0x0000000009750000-0x0000000009CF4000-memory.dmp

Filesize
5.6MB

Download
memory/3816-4958-0x00000000063E0000-0x0000000006434000-memory.dmp

Filesize
336KB

Download
memory/3816-59-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-33-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-4963-0x0000000074B40000-0x00000000752F0000-memory.dmp

Filesize
7.7MB

Download
memory/3816-29-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-4-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-5-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-19-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-7-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-9-0x0000000007C00000-0x0000000007E2A000-memory.dmp

Filesize
2.2MB

Download
memory/3816-3-0x0000000007C00000-0x0000000007E30000-memory.dmp

Filesize
2.2MB

Download
memory/3816-2-0x0000000074B40000-0x00000000752F0000-memory.dmp

Filesize
7.7MB

Download
memory/3816-1-0x0000000000FA0000-0x0000000001016000-memory.dmp

Filesize
472KB

Download