agenttesla | 8dbd29ed8c36099508bbeb90855efd7c10047f80b04c2708a1359338b5d432b1

Resubmissions

12-01-2025 22:25

250112-2b6hnaslc1 10

08-01-2025 19:37

250108-yb2ypasqcl 10

08-01-2025 07:10

250108-hzb46s1qgm 10

Analysis

max time kernel
299s
max time network
302s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08-01-2025 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe
Size

625KB
MD5

9249e079e690f7368f35e72ead12f8bd
SHA1

1c454bee42bd628d33ca3c7084607e189592071e
SHA256

8dbd29ed8c36099508bbeb90855efd7c10047f80b04c2708a1359338b5d432b1
SHA512

c7e29d4592eeaddad6d26ada22accddce5d7e74b11fb04553e42128f7007722473e599a347368c89dff0c9dc085f6b8cd44677ffb6a6a8a8a17262c9fa0f6b85
SSDEEP

12288:aezvEBCTMB6UBqeZQpe16iOCL7GisZP7r9r/+ppppppppppppppppppppppppppx:aezsjBOCL7f21q

Score

10^/10

agenttesla collection credential_access discovery keylogger persistence phishing spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.globistics.co.ke
Port:
587
Username:
[email protected]
Password:
777@!mports
Email To:
[email protected]

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
Agenttesla family
agenttesla

AgentTesla payload 1 IoCs

resource	yara_rule
behavioral1/memory/5824-798-0x0000000000400000-0x000000000043C000-memory.dmp	family_agenttesla

A potential corporate email address has been identified in the URL: [email protected]
phishing
Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001

Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1411052346-3904498293-150013998-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe
Key opened	\REGISTRY\USER\S-1-5-21-1411052346-3904498293-150013998-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe
Key opened	\REGISTRY\USER\S-1-5-21-1411052346-3904498293-150013998-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1411052346-3904498293-150013998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sUMehEJ = "C:\\Users\\Admin\\AppData\\Roaming\\sUMehEJ\\sUMehEJ.exe"	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2588 set thread context of 5824	2588	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe	127

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808386722642604"	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe
5824	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe
5824	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe
5824	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe
5580	chrome.exe
5580	chrome.exe
5580	chrome.exe
5580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: 33	5300	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5300	AUDIODG.EXE
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5824	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 4512	4212	chrome.exe	102
PID 4212 wrote to memory of 4512	4212	chrome.exe	102
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 4500	4212	chrome.exe	103
PID 4212 wrote to memory of 1416	4212	chrome.exe	104
PID 4212 wrote to memory of 1416	4212	chrome.exe	104
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105
PID 4212 wrote to memory of 1408	4212	chrome.exe	105

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1411052346-3904498293-150013998-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1411052346-3904498293-150013998-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2588
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9249e079e690f7368f35e72ead12f8bd.exe"
  2⤵
  - Accesses Microsoft Outlook profiles
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - outlook_office_path
  - outlook_win_path
  PID:5824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=4148,i,14915339153108214952,13513928827091056845,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:8
1⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffa6c45cc40,0x7ffa6c45cc4c,0x7ffa6c45cc58
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4900,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5252,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5188,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5264,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4840,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5112 /prefetch:2
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5512,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3328,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5980,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1168,i,14608737032972058254,12511263097836869310,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5580

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3864

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5432

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x380 0x3c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=3704,i,14915339153108214952,13513928827091056845,262144 --variations-seed-version --mojo-platform-channel-handle=3048 /prefetch:8
1⤵
PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
af637e04e5f483cf11f73485491addac

SHA1
deff7c0af7ef952c37445e75a934774f9dd81cad

SHA256
296844033d9c5181ae43df9145686ea87a2281bd9e2967a2c3e2f8f916344f00

SHA512
1edc6eade6646b9ab542e72112a86eb17b7a3a3e138ef3b215b50f4ce6d107cf8b25dbcaad7ffc544da79dea50b855bca3ec8ba43a2ea26e1bbce5f07a7fd057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
021f5bb5824164a7844a6377c525fc17

SHA1
c8c13a1d198cfb3ff6e916957a8253a62e738c45

SHA256
1200afb840500b2aafbc708d82e45ba98cf01c933777217dc87392da17550d9c

SHA512
d1af8859a91c884a85fc64f3f642102b11dbc42ff5f8c43098b49ec1973dd5a327669a064ee32becc975a95a9967277229ba2c301ea7b491377d0810811060b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7c62170ab918526c531f67ad74549348

SHA1
02dde25e7d66a9d25d87fa73863ea82ebda8189d

SHA256
40d97280c2a10e280166bce5ed79dde2712ede6e703a929a56c876e92f13b8eb

SHA512
bfe2e1fc986838844115445f232c9dfe0b2a03dc8edfde6eae03a98539170ff7dd95c56870effb06fb346678c5a1fff04b81a59e2477ad3ad19afdf3a98ca232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b46e1e93d571343a7599c248cdcb9af6

SHA1
f37e7cfe8865e3e8a12e80fcb5290d4b05d701ce

SHA256
73e5db1463e8f7b2807c38c6a194eaff155f03f662b985c9f2daf30e90135c99

SHA512
3e22da1baa4651e93b2a97678abc0dd975ed5f0dc1e2208ae1f20299cbee9eee76a8d795fe83b396f3543edb39cc55f3ba0ba20db06c2dab2d0b778830bcecdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
f44866bdef11c2982327e988bffd6805

SHA1
0064ebb180bbdd77c30441b0fbbe597407ef6744

SHA256
0862a55b419e497ef81b5e51945768250d9b9eb45d318e9f6ee24138548e4b6f

SHA512
08d991de105a373a07f8ec014ee0d4244e5df7ac47a0275b18703b1ca53a5b357d3100fb33541dcdd202c694c827ec12ab8eeb13b8266e546079d85c648e32ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
729157299d29b48d609c46c6d0b49eb0

SHA1
d88e28a1b6e9b3904b6ac759732778118a113f10

SHA256
141e535a4fd803da5a757d9184ce62658570fa70741c8ee4470e9616ca44446b

SHA512
bf0d9392be9e96ec14eb5d1fca3b6db96cad9c09c7aa045eec042197b59c44c165fbd0bfadbf757faacfbe1b08d650dc0f3f79bba83169615a7142d3592ef97f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
e43e82830008871eec7a9ee26dfa92d8

SHA1
a13e67ba1c247043b181fe7770267329410ed395

SHA256
844aed40dcd422ea9a9a373d948893d06b7a44996cdcce3f3c333daf78f9a426

SHA512
d05dab4f673e98b65d794a4bf004bc3048c561f9e2132fb5a4dde4bc9cb54c7f82bab2936da798f8338c4082dc50cad3fe4253cd968943a63ab94c67b3a7e87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
211a79717f24fefe67974d3c93f6bd55

SHA1
909bec3b0f0fdc3f7a68f8e39c5e1ea23e8f48a1

SHA256
067b0d8332fe95e080de45eca3afbc9047864816e638f264c1708deed1a990c7

SHA512
2111f80296967312f19341efe98eea7c0502a69d659472c73c15e213d5b37dbe3db1d754133404e732a92e2ce86e091c37208f5147315579ddc7b549add43652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e0cd8e416293a8e0fb28dc61b085053c

SHA1
57ad05dbeb7a057510a8285c51a4388b615ab4b0

SHA256
81dc65da5555ce9d12cafb66655733e9d7f3d0e5dffc152c5f7802ad643eeca6

SHA512
48fd83a23955e37fdd231b70d9d28f00c3dbad39949b688f1b658f3c6512437d1b93b3552d1230919a2b557b9a9a299e8a5ac57f71103dcc3cb383988becf501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bb9a0f99ebf8458a488c787a6f21943d

SHA1
27e1adf36c67f21e3d684cd87cd79d56aae1d82d

SHA256
bc4c8f84e884b5a5bce322e4766c1bde5cf0668f586104774e18cf3c1e0e1498

SHA512
d698b2b7fc5031b817aeb4c41fc7b87959da9a76d5f07d3140eb47dd7a945a8e80eec7c6a5bcc2c78b2ee5fa80795e4bd7c912532c299884785bb09eaf37b2f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5680d749f81ee88b1f9e1480af2b561

SHA1
e3eeafec64a1da18418b7db82ccc7a5af707370e

SHA256
ff93031786e0f3b766afb4f1f6cdbad10919edf15122bb482e796a67e0660abf

SHA512
d5b57aab1ff86d0879eaac5742de56f7648782d6fde5ec65028ec2863fa2e7d8572ef48dbc11a796b29d107ca7fa3987708a30797a0c5d596d71d1269f7dbd02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf49a88849c723688464ed6441fae14d

SHA1
53a1e61742b7624a54441d12bb65b11fbfd0926d

SHA256
cc8d431d0ba3f3c7af0f7d0d82498227f7b5d2dcf088f73e1dc34e059f9bccaa

SHA512
1c170ba40ed501fe102b68025213a607c04e59df9b2967eb5db8c71a38876ad91d8f49c8d2dc92091c84bcbc9829d96ec87f00df568f27f365b3ecd186979d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
70a5226b8894b54f7e005f7cfc25fbef

SHA1
794aa4f0a30288e2f16f70076485e7f72bbc20ae

SHA256
22279fc0fb3f7632ba0376dd68533aa921ffd2d1afd8de927dc28d93a974e5b0

SHA512
827955dcffcdfe330dd033f9f328363b3e531ad55f44f8d59ca20d334abc7f74f7593b8181f15cac42bdad7706ba9337c4d7d35b1875ebb714ad775de9798b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c2d95c1c8c7b764fd3243807f408a294

SHA1
d71fd1e2704c169e6bf7c69cd0b7aadb866b3eb2

SHA256
be1105b266084b46201b66ff5edd42aaf41adfe995332d192f24152d82020cbb

SHA512
ffe6adb669d00e77e81caaa3f169b4046042b3cfde050d09a6d1fbadf03476885350fb8f5783b86433406a520300047b4e83b289ebc6dc1791f23d3b3f9a9fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
adf2ac96104229039a3a8dfd5a591a22

SHA1
0ae73c63ae206990bb2e6a7187160506beddb49b

SHA256
25561d93177d0694a4d00a3da6a0ad6d3f1e2e1179a938e10fed429cfa251c6f

SHA512
3a64131c8afa1e4e22c03fa7815b7619dfee1c7ad73b2744eeef516f6b573e832b034f47f60f7ceca173634c5ca940d1acb9daafee4d84dcf1886e524172e7c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0858b363668d28b2885011f32e49606f

SHA1
d3f26d13976b85b866eb26dd2b204f77fd8479ad

SHA256
4a4b7a28e0780292b316e55eb2c130b8f422cf84b6e03b2e0fb5a123bef139e1

SHA512
ee0375d0b2b49f62bbc47ffe36c6e02f4526061a4ab1dd429ccbd113cadce7ac984f0035911b98addfac8cdd654df11bd39e4127d843b0705d0bd2660b2be0eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
002eacb4693192b7750c8da1c80c14e4

SHA1
67dfd40b57ee626459f38d93864e6be6c83e8050

SHA256
cc12a536a195667dbceba200189409792577b55ac1d7bc075f1cac1a974b2728

SHA512
e2957df8073dddd5b655323bbe87c3c5b6d309f59ec4763f84c3f6eaabfd6b0a00227f3bf25655f523585969deb8064d10fa0b961c6cc822d167d592f4bda8c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6042d5513f5c64f87c35438ed153d1c8

SHA1
6402ece4231269ba2e3973b34005f5f354aeb1ad

SHA256
fb77628afeee65dab675d48124258ef5e1b9a66ccfd8cad12dd9fdbadb1dcfee

SHA512
82edba64de96f1ec1255af629d69b58f42ef2c5359951df3fe63360f352b6dc9daa7e2b5f1f9a09fa6de3483d1a486a419bb81f4ef81cc80b899781d85995d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d1f7ad1e95e74cd3203110112d62d1dc

SHA1
4e0d1b9134733ae146aa6bc91b221cd27b7e6701

SHA256
bc310158a3d653160f822afa51fb602974f4fa8006a175b6d28bdfd8280aeadb

SHA512
eae4f5745e7b8eaf79f3394534da34c57df0ad3d4a9ee2dea41aae6738149d78ad340abfb9fcfb3ba6c745995a2b703e3655ccc63a3ab7301c9422fa4d735031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e303accba4d04d75d45441a1ffeb6af

SHA1
19aac6d5b06206b402e850b35035a361c963e439

SHA256
5d1c7e5f1fb6ec18a70390367dee138a869f780b4f8a26fa3da0d675874df53b

SHA512
82a92c8d497a9193667db937fe599453ec455d3d0c579d0184333e331af6f79500920c9cb08413cf43284bbf3b485cf398a01c4de994fcf3ebe564e15cad8843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b88d348c99c40c70141fc64a47affdd8

SHA1
93c97d5bcda598be3fb2c318e3b93dfccfebf6a7

SHA256
fd7c49adfb7d205471cef54659e9e3d558ef51375224a143431c479e5ccd7411

SHA512
610211c925647d02f67be96eeb6ddd9e3dd16bba66143a2591b802d0f7cf10b6305f171326b74aad9f96e81b779dc633b40b20e932fe30814d695e17e6f5ed5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ace68dc568d2ac3c3480c73b9eb0e601

SHA1
c26491657e67874f532b5847ef7da9ef1b1ac47a

SHA256
c3a18448ba188b1f547c92c0f93b3458abaab7acb1c592c821058208b0e45b35

SHA512
e971f51363583f5deefe4bc0992dd42b9feaad4591137715866a5f6ab12285a0545f92d4efe5897c4ca11f611774bb5bdd57cb6d9d1a2ba06ca4eafa55509933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4920475a868a636321e660e9dab4ee8e

SHA1
b7fda25c669e58d33996609d503158c201434b44

SHA256
372bd38651fda7021c6341c0216f26c6c375727030386cd2e12ccf76136e41c5

SHA512
1f35e8e1be4813f96887f31c3626dae5a828181c2cfca6c8de046785d5239c1590d29eb32474d071b4efd03c33556a32fd74d1794e3adcbba8a13ed8f8f82f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68d97b8afdddc7ab1b435c2071006db7

SHA1
070d4d4a4fdbdf5c043ceca130b13539a6a99f18

SHA256
c34b2710b60371ed92c63d51ee450df5299e6df8539c4cb8474e6791b5eda707

SHA512
e3dea6828ca7167a55cce3ae845e1d52acdc444f01de7c571815006928d97a9d67eebdc486efa36ddfed1e6b608c85152004bddecf65e5b8f0d9b603b2b1ae85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d4c459db384a21e0d528848450c7ee8

SHA1
f3889eae60ab170e891b2553aaa4c0884829d9b4

SHA256
7412b963e181f3518c9765273384f44b28f3c975a44fea003eede0ae0fe7d0fe

SHA512
704c19caf5a6d44c58030b16d99f9215cca4bf3ad747fe70917486ec015ed512c006b54773bee987af7e3cd7a78493a422cb73605e571ed0470f4758470cb1c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1e494272ce9c0ae284470b5ca199b95

SHA1
83f07b732a5757469457c18a562d49efde31a9bf

SHA256
82c8c1bbcee4c526dc3dabb8f892bab15e962e63b4ce24e1a6341dc14d8cbd72

SHA512
5063e7c394ef7fd0076effdb0678402fe20593ab2c9b6e78855e38d4871ccfdcae5438c2f2935af78820e24995fdec554be6424183aa4119cd368565fb37c4cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
af9b8a39b1baa960678de6b235ba10b0

SHA1
cf33891ffbb560df835454590f545b5aeeaf5d17

SHA256
3afbd5fb7a5b560bec2f487d2d5880617fb33dc710f36d52eecac12446084828

SHA512
35a27308ba2a1efeeca41db296c76f5317c62c14cde710098e2905c813219054ab02b748b0a30fc37504f2adc645dd2ad88e0f0529883eeb7259be3685bb3239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
3f70181b3f05e0e2f72b952e9428bbae

SHA1
4373f823b863a39b8485ef5790b0ce034e859fb4

SHA256
0440a8eeb152a1862050f1ee4f0b679c3851d15cfdd816c1df5dff1b47bf409a

SHA512
ea5750c726102102cdeea3e15895ee0c774325858809b85388c66018e883497e062bbb6ce92a100e57c528439d2352a31d8a11b2bc767cf84c5068d4ca16e404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
e2daae01380d1e475390a6f440d7a916

SHA1
202f5be2798647463e372dcf8855d9538982b1c8

SHA256
4e2d04031170d103946afaaf71881aee5768a41968bee4066a5918b0ca238e6e

SHA512
f548f5607f423b7faee3d05f444325b86f6496cab1151b5908f2b899ff4d5be3b91025bb6c9e623a8e57fd2fbbc1b599aa737af3304518f28acd46a31fa39f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
ad7816f5ebe67d3d9222dc4038112000

SHA1
f415c64a97a7af95e48643186c9f47aa13cce1c5

SHA256
f159a2d40ebf9c85d83d139b7f3d0a7dae166a54a2edb0ccd60556a40b682b89

SHA512
d3f4c5e244a0fa5ea701dacd983f8200b2f2a165aeeb90bad9bcaec1f10d31f37a2c077ccd680c789064a21c6c4c8cb3f2c595dbc4771179abc203f7e085ef19

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4212_301824858\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/2588-4-0x0000000004AA0000-0x0000000004AAA000-memory.dmp

Filesize
40KB

Download
memory/2588-256-0x0000000074FDE000-0x0000000074FDF000-memory.dmp

Filesize
4KB

Download
memory/2588-1-0x0000000000030000-0x00000000000D2000-memory.dmp

Filesize
648KB

Download
memory/2588-2-0x00000000050A0000-0x0000000005646000-memory.dmp

Filesize
5.6MB

Download
memory/2588-802-0x0000000074FD0000-0x0000000075781000-memory.dmp

Filesize
7.7MB

Download
memory/2588-419-0x0000000074FD0000-0x0000000075781000-memory.dmp

Filesize
7.7MB

Download
memory/2588-796-0x00000000080C0000-0x000000000815C000-memory.dmp

Filesize
624KB

Download
memory/2588-797-0x00000000081C0000-0x0000000008220000-memory.dmp

Filesize
384KB

Download
memory/2588-3-0x0000000004AF0000-0x0000000004B82000-memory.dmp

Filesize
584KB

Download
memory/2588-0-0x0000000074FDE000-0x0000000074FDF000-memory.dmp

Filesize
4KB

Download
memory/2588-6-0x00000000080B0000-0x00000000080BE000-memory.dmp

Filesize
56KB

Download
memory/2588-5-0x0000000074FD0000-0x0000000075781000-memory.dmp

Filesize
7.7MB

Download
memory/5824-798-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5824-823-0x0000000005190000-0x00000000051A8000-memory.dmp

Filesize
96KB

Download
memory/5824-824-0x0000000006860000-0x00000000068C6000-memory.dmp

Filesize
408KB

Download
memory/5824-917-0x0000000006B20000-0x0000000006B70000-memory.dmp

Filesize
320KB

Download