vidar | 29c88d185c4c1bee7944a0dc0a53bb5809eba3691b147a8361300b5a2572e350

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
20-02-2025 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

131KB
MD5

abf2df1aba1a934b229a5c6c26954414
SHA1

18ee222087a4f65366a24df3998f17e760ad7aa2
SHA256

29c88d185c4c1bee7944a0dc0a53bb5809eba3691b147a8361300b5a2572e350
SHA512

ec19194c5ee91d59c3681f50ffd0b7a8afe1dd65b835418f136e9b4185465b16bb286ed60d77f816421c4d4af80806576dbce351a224975e63ed1ce10cdb280d
SSDEEP

3072:/dK22H8N0c2rPy+nm493gs39GgFNTIGHSxYld4RTV82Sq0:168mPD93ga7yeSgq0

Score

10^/10

vidar credential_access discovery spyware stealer

Malware Config

Extracted

Family

vidar

https://t.me/g02f04

https://steamcommunity.com/profiles/76561199828130190

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Signatures

Detect Vidar Stealer 26 IoCs

stealer

resource	yara_rule
behavioral3/memory/5032-4-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-5-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-7-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-9-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-11-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-10-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-21-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-22-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-23-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-24-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-64-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-65-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-67-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-68-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-69-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-127-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-137-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-140-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-143-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-147-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/5032-148-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-151-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-152-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-155-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-159-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7
behavioral3/memory/704-160-0x0000000000400000-0x0000000000422000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar

Uses browser remote debugging 2 TTPs 8 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
352	chrome.exe
3372	chrome.exe
1144	chrome.exe
4448	chrome.exe
2528	chrome.exe
4732	chrome.exe
1208	chrome.exe
1496	chrome.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 5052 set thread context of 5032	5052	Setup.exe	82
PID 5052 set thread context of 704	5052	Setup.exe	84

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3612	5052	WerFault.exe	80

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133845374468952103"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
5032	Setup.exe
2528	chrome.exe
2528	chrome.exe
704	Setup.exe
704	Setup.exe
704	Setup.exe
704	Setup.exe
352	chrome.exe
352	chrome.exe
5032	Setup.exe
5032	Setup.exe
704	Setup.exe
704	Setup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	352	chrome.exe
Token: SeCreatePagefilePrivilege	352	chrome.exe
Token: SeShutdownPrivilege	352	chrome.exe
Token: SeCreatePagefilePrivilege	352	chrome.exe
Token: SeShutdownPrivilege	352	chrome.exe
Token: SeCreatePagefilePrivilege	352	chrome.exe
Token: SeShutdownPrivilege	352	chrome.exe
Token: SeCreatePagefilePrivilege	352	chrome.exe
Token: SeShutdownPrivilege	352	chrome.exe
Token: SeCreatePagefilePrivilege	352	chrome.exe
Token: SeShutdownPrivilege	352	chrome.exe
Token: SeCreatePagefilePrivilege	352	chrome.exe
Token: SeShutdownPrivilege	352	chrome.exe
Token: SeCreatePagefilePrivilege	352	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe
352	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 5032	5052	Setup.exe	82
PID 5052 wrote to memory of 5032	5052	Setup.exe	82
PID 5052 wrote to memory of 5032	5052	Setup.exe	82
PID 5052 wrote to memory of 5032	5052	Setup.exe	82
PID 5052 wrote to memory of 5032	5052	Setup.exe	82
PID 5052 wrote to memory of 5032	5052	Setup.exe	82
PID 5052 wrote to memory of 5032	5052	Setup.exe	82
PID 5052 wrote to memory of 5032	5052	Setup.exe	82
PID 5052 wrote to memory of 5032	5052	Setup.exe	82
PID 5052 wrote to memory of 5032	5052	Setup.exe	82
PID 5052 wrote to memory of 5032	5052	Setup.exe	82
PID 5052 wrote to memory of 1304	5052	Setup.exe	83
PID 5052 wrote to memory of 1304	5052	Setup.exe	83
PID 5052 wrote to memory of 1304	5052	Setup.exe	83
PID 5052 wrote to memory of 704	5052	Setup.exe	84
PID 5052 wrote to memory of 704	5052	Setup.exe	84
PID 5052 wrote to memory of 704	5052	Setup.exe	84
PID 5052 wrote to memory of 704	5052	Setup.exe	84
PID 5052 wrote to memory of 704	5052	Setup.exe	84
PID 5052 wrote to memory of 704	5052	Setup.exe	84
PID 5052 wrote to memory of 704	5052	Setup.exe	84
PID 5052 wrote to memory of 704	5052	Setup.exe	84
PID 5052 wrote to memory of 704	5052	Setup.exe	84
PID 5052 wrote to memory of 704	5052	Setup.exe	84
PID 5052 wrote to memory of 704	5052	Setup.exe	84
PID 5032 wrote to memory of 2528	5032	Setup.exe	90
PID 5032 wrote to memory of 2528	5032	Setup.exe	90
PID 2528 wrote to memory of 4488	2528	chrome.exe	91
PID 2528 wrote to memory of 4488	2528	chrome.exe	91
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4188	2528	chrome.exe	92
PID 2528 wrote to memory of 4908	2528	chrome.exe	93
PID 2528 wrote to memory of 4908	2528	chrome.exe	93
PID 2528 wrote to memory of 1792	2528	chrome.exe	94
PID 2528 wrote to memory of 1792	2528	chrome.exe	94
PID 2528 wrote to memory of 1792	2528	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5032
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
    3⤵
    - Uses browser remote debugging
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2528
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff8bb56cc40,0x7ff8bb56cc4c,0x7ff8bb56cc58
      4⤵
      PID:4488
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,16579963461327214446,6542933598633972701,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1848 /prefetch:2
      4⤵
      PID:4188
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1448,i,16579963461327214446,6542933598633972701,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2128 /prefetch:3
      4⤵
      PID:4908
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,16579963461327214446,6542933598633972701,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2176 /prefetch:8
      4⤵
      PID:1792
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,16579963461327214446,6542933598633972701,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3156 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:1208
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,16579963461327214446,6542933598633972701,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3196 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:4732
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3824,i,16579963461327214446,6542933598633972701,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4468 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:1496
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4440,i,16579963461327214446,6542933598633972701,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4720 /prefetch:8
      4⤵
      PID:5060
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4492,i,16579963461327214446,6542933598633972701,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4700 /prefetch:8
      4⤵
      PID:4600
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  PID:1304
- C:\Users\Admin\AppData\Local\Temp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:704
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
    3⤵
    - Uses browser remote debugging
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:352
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8bb56cc40,0x7ff8bb56cc4c,0x7ff8bb56cc58
      4⤵
      PID:3532
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2400,i,16503081179533926274,4292106141798069830,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2396 /prefetch:2
      4⤵
      PID:3844
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1244,i,16503081179533926274,4292106141798069830,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2460 /prefetch:3
      4⤵
      PID:2808
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1896,i,16503081179533926274,4292106141798069830,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2572 /prefetch:8
      4⤵
      PID:2692
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,16503081179533926274,4292106141798069830,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3160 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:1144
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,16503081179533926274,4292106141798069830,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3208 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:3372
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4160,i,16503081179533926274,4292106141798069830,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4552 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:4448
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,16503081179533926274,4292106141798069830,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4680 /prefetch:8
      4⤵
      PID:2516
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,16503081179533926274,4292106141798069830,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3580 /prefetch:8
      4⤵
      PID:1396
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4684,i,16503081179533926274,4292106141798069830,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4448 /prefetch:8
      4⤵
      PID:1944
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,16503081179533926274,4292106141798069830,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4960 /prefetch:8
      4⤵
      PID:1424
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 1012
  2⤵
  - Program crash
  PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5052 -ip 5052
1⤵
PID:3728

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5044

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

T1556

Privilege Escalation

Defense Evasion

Modify Authentication Process

T1556

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
734B

MD5
e192462f281446b5d1500d474fbacc4b

SHA1
5ed0044ac937193b78f9878ad7bac5c9ff7534ff

SHA256
f1ba9f1b63c447682ebf9de956d0da2a027b1b779abef9522d347d3479139a60

SHA512
cc69a761a4e8e1d4bf6585aa8e3e5a7dfed610f540a6d43a288ebb35b16e669874ed5d2b06756ee4f30854f6465c84ee423502fc5b67ee9e7758a2dab41b31d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\17552FB041736063427FCC1455F2E792

Filesize
345B

MD5
5e634887125b9f233db67a1096b238cf

SHA1
f16b21895d001646d9d29ae05ecb688ec494c634

SHA256
290abf38eeb487a26650af4fb1fba13f09e3ed7a95adeef63ad84c9372029354

SHA512
48c886592b8c1a0cae43b8cc73dbee8ce21c2f7f00a27712775a95489aff2fdc6532bc04a5b7269107f7a066e6c2d80034a5ccc336fe26b57018816b0092f318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
0b1d1f5d0c9c705921c6d9289038af55

SHA1
54a6e2695f1ee4523a872a341a03d76f2f581c6f

SHA256
b82d170918b109db99cd53fa253f4114f0df002d837a25a9526c694d17982f11

SHA512
753cdb707b7f0944cb4ee8d20364466503c0859ea6835c0ec929907d3c5a6230c6288c7ec19e5cd05a1c7ecf937b6bb0cac196f7d305bdf94ee3d5b9deb52aa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\17552FB041736063427FCC1455F2E792

Filesize
540B

MD5
dec702f7cbfbcedae9240c6612e7b685

SHA1
c1d7a4d3855f4386ac2433f5b63d2e9d962d6f8e

SHA256
07ed2a7fcde5c0af93364c19c93787a10e889524580bed1596b7a21b7f0fca46

SHA512
ff4ca50f2c496c197938ec33dccbabd3a71ff0480a4fe92370e112ce84264c4b25ff1aafc6c9b35ddd8737c9f1f70c5202677da4b8c733de9c591a90dfdfcb2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7ef6364e5322f9df6f5b52305b387a98

SHA1
9778ce281418a8595956130edb0abedb9c0fe6ed

SHA256
0b21a0b0cc4cc98d9e0dd6a2a2777767d43f96cedf3d84c2ee7e7c2d3d5a5019

SHA512
9e0543f9058f21f2a5c3f3a62509bd236582066f701c797b86913f5a22145b3c8e0302b602e4e75e48514067087ac0aa5a1ad9951cd2b0988ff9d7999cc3dae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d5a1f5c07978c6c8749b6d2ac8654c6d

SHA1
848d6154351a63dd1b0eea4594fc8dba78f05ccc

SHA256
31287eb2b289a0c979de9f32807b77e389e196958589b18d66698166c646d9b8

SHA512
131eaa86693bfa825a0e78cc4e0f60a6475d0d2b321e98638ad8e992b952b5f54d4ec77b1aa7d8850ef6a91a9b788f5dd3dfcf93f41eb35931482f444678c528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
8f2beed5b61c5837470b5028b92156fe

SHA1
a1165cdd8d3d6f547cdc85505c8574db53d3a26b

SHA256
34d35d21bbe78e54ac6df71df76678363f2c9a5fc843dca45665ec090ae47432

SHA512
a4c917328462cd96789c0ac197da6da63d0439cf033a3e159072dd01648fa09cb660f1cc9e144a38c62113ae75bfc0e701bc4218ee938446caa008f1a4cb057e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
d4412ef13b7d053231bb749ecc42f762

SHA1
8afd01f5a0bd0bd595a1392d14bdcf45b37d7e29

SHA256
2ebe46019baf7740122c26a83eefd91072bdda35ac62c63f11d487f9818605e0

SHA512
c234cc0868d93b32bbab549cba2e9b67ff5b6c22908af63b616a664011b4062fe94ae5a489e4f10b8173e7a35c8b2f42378f75a5c0f772d752cbe9480bc08c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
35KB

MD5
4f0f76f2b8d7567474104adfd0ad91ef

SHA1
a0abe6a512f607a8858c1ed18493fa19317801c1

SHA256
85247faa5167537ff0883271b2611385cba6a55b9e1484c0679d149f045c0896

SHA512
72fee8aa53d5efe1c112c4503e1e168bb885fa98c48091cfbf4b9bcb322dfc8b2e16c1efc489d7887b4ce19143958f75b93680231354854695266ebed03a70b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
62KB

MD5
3b37cfe151890ecf2145072e17fe2105

SHA1
454efea7acb1fd3d2d1e2c21c4c57a754adcd95f

SHA256
ab87c5b7a83fe0815b93936f51513b5df88ada2b0dacc65285ef9c5a40e595d8

SHA512
add3c0c7373cbb1e24ca3b15ab92a22d99f877b645a610084f80729a57a05cfe8b4542645b26d7eefcc1a2abe7bda0e39fb7bfd5ece09f94db7ce996ef1bff33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
76cbc4d6d388de4ef92f9e137e26b822

SHA1
dee1764a6918be81e2bd427122b27d3830988f7d

SHA256
31bddf26ca1f50a0244a792a93812dae38c486aaf02cf1c4af7938c6d811a0dd

SHA512
7474c0b1234baf68866d3348c71828a31c78538a1b7eac9b57981cee6249dae12501226bacb37be6a2e3757a610005a7e84aaeb57c33a15a9d2bee1df08eb7ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
1d9154bf6b818733047846ed2dacd284

SHA1
3262a0e30bc4de7c18c8b8875525f0a0d47a839f

SHA256
061799017e524ae3f270d0d6d3dd11d36105c5cfbc5b081ee59846c8641299d0

SHA512
d86b2c8ff1354119028b9c83632c9f0a7c735f9e4bbb756a05dae64751a98058afdf5fedc4ef3fcdd63e93625e5f03ad5ea19cac1256d5eb62ced5be8766ef89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
6b382b3e4d0b420ff0d129f02e712329

SHA1
d4a496dadbd8b3afa7be7c0d6649caf6dfd6618d

SHA256
479b1c8dd3e3c81a1f14e2aa106a202ad0876d732321d5ebf4dbca48210679f1

SHA512
418bfdaa00a4256d587fa62f8ce73d79960e58d2ff890fbf38da34f8703fa7b88241b22753c86d46f5c4918a0d93ac535ac976168599b7ab1f47fa537b29cbe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
52bb6b1a8d9db924fcb2ddb45668fa72

SHA1
12996023e66ef0ae44d4e8a36c5d6f1ec78a85e8

SHA256
ae324698ce5ffcd56026f3de4c29ed754e9706f1ae1029a0409b4a3998128b52

SHA512
944d29fee61a718410e5a45bb55008dd2a7b9107380def625768c849b31c325c9592795c53b7d5818e883c791d7c6e271c1691ae0805c557ab9f1d0c2f9c36f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
cfa172a650b84b3abdbcc47097ea7b57

SHA1
5b45943b506c37225942826c102fcca6bb743847

SHA256
74581baa80a130006b3dd5628aa4845b20089bb80a5c5710c459e2708c95b038

SHA512
fd8626ec91e0b48a17bfe1bbf51ff8419717f631109ea2ca39b908dbc06d7628b4ff5d861bee7bc2070685c59a63c9c3759db1cb589299a0cf430a7d3b5dabfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
06011746df5efe769e7afa0f3e9c61ca

SHA1
d0dfedd971b7803ec88d70263c9ff2d122ea799e

SHA256
7be43d68131b20af83d888f98664675ee379bdb58f10b0e46e0ce2de77a9b6b2

SHA512
5ed066d9d2ceb21f0e686e1ef7d27ac3d7bf90df0d619c52be8c5669da122d973775b64a8d208c2fc4023a95b43b0189afaaf62d7b01d7e3ed71c6a18631dd16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
9432a4d920bdae0b4e9a8aacc7cb8902

SHA1
c673ddaa6354029090689f3aa89f6d1de4e66f28

SHA256
bd5e1d9473499b57265cbc6a919b890e69097baaf8a642586c21c67c6a931811

SHA512
5ff715298e605a7d71d0429894221af4ec09bd6955eee40201dc01118f1e90c17f18280024561995e454bfef1f98d26568768b2c5851f9e0b76cafbd2f44a1fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
289B

MD5
541c42f1c98b3e1b011d22eba854e707

SHA1
db30188de1f22e3077e7044be1386a5d0ecaed9d

SHA256
0768e811c51ac61a8e573ac6b53f89dbb1d89eb2fcf62536a9a5f730329c584b

SHA512
47828c1b40deb8d37d6ff4fc8f7673fbb59b40e07f54f0fa4121b91941160134c251e20f7f28f7ee5185f3c8aee2b7e95a1bef573bc64c68912016accbe90604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
89133c88be82b81583da6c2a24cfb5f6

SHA1
94b38e0c2e406929437c152aaf0fbad520410a04

SHA256
3722a7ebe6a24c84342a3235d85619113da96cfced6efb0fac00947e36592e5c

SHA512
bc251fcfa3e2d16306ccb1d4e21c5b659dccbd80f0b51e39aeadb27a2e8ae1f2cd81f232477b802025f37da54fca098df535b23f568fb8842ff226392966159b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13384537442838210

Filesize
2KB

MD5
a4bdddb4f49e7c6af6d7330cfb0bb952

SHA1
9e7372c3bb33fc1883a675293ed4bb6c44a64939

SHA256
df142f13e02c0f754c03f5370d7f1834fd8237e7b0dcaa253fab8d31cfb2a19a

SHA512
c6415f224fe8fe8a6ef7b381b7a5a58867586f0889f91b42e2faffa70104356f424da6c7403f2379739e187cb9db284c8f596ae54da9b7dd73eaee11a8a46d20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
0232750779dbd5273ccbcd76c8518514

SHA1
8b74cb10efaceaa05c19e211353da9b7162e5837

SHA256
3df5287c2218cd5975f7ca74a8fc8cbd6d8cc8417a464d912cb25c720e6dcb07

SHA512
f6b9e0e7d46ad486e44e2be2d404c681af024b895b2f4dc0894fdc50a5a7781df8342dbf23d07a53e5a97b9b2e7c49543828bc8110b7e7e19edef3951f40b54d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
d3a1338ac0dca16ba8f7d1f30449273b

SHA1
635cdae732fa30675ef8c192b3aae065fb1f0ded

SHA256
2e61108d881bf9026d0665b363312898608f4387f52d6272e6a86bb664fe64b4

SHA512
282cba1dd9be59075fe493d2f003d2edad3bb2fd0f0435cd2e7db5e54b5445a5688aecd8223026bfd4a92b0247e7dec4206551797b69e9b420cb36ac56da18db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
65e2ac73af1d0078288f6443ec3f034d

SHA1
b764aa6e758e65eaaf1833d25db0c8d1c5669b04

SHA256
a3c20e4849c14a330ba69a513fd477a1ab1deeec0ee402c2a4b32eccf2901cb6

SHA512
290346ce93173d3f735b857e736e5ba3a0bb218b94814344d46f38cdedefe542b07d31d4975ccad5629b895db5b85c80dfd2b64348b8466d40541ea189ea1777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
14KB

MD5
99878187876f1e71914ea8cd71ec69cc

SHA1
b5400c6d8a713929d38f2e68623884c3e8fa3863

SHA256
3b23633c4586757391a5fed3549043e05d5f78db3afe105bef0a1ef1ed0ae754

SHA512
8d001c1e32f21bcd3b5dda84f302967a9349ace2525c81bd019b33cdd1ef5f49cd47b26e3e599d4f44240958a00a9b67774e07f83f2b6889177a08bb0fd472d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
bbe989814d06900c04dd95c3df21459b

SHA1
b03306c78915529e10462a9d87409adc2debc48b

SHA256
2baaba2347f7f6a8a092ff04f9804a6091d876a77b9e61f7241b82533ac30227

SHA512
4cf919c2d36ce1eb9f807e3b34daeb5aed6d55c31464da664d3f2e971d57115f38e12ac90fed92415e130d3c183cd49d69a9d01c6efffe3272680d2991a23060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
4b7d63cabcd3f50b6f3af566fa78a8aa

SHA1
ee98a166a56fa2cd1b09437213b39eec07d3d682

SHA256
3462c7809b700a78a83b8f89f5aaa17ee385dca650e204abc8abd245ba3c6d12

SHA512
287b4854830493bff4a6c9296c0c5bdb32608d3e0ff4f555d529cb17d3fa20121f51293f8d4fd1dffd8641b7c423274bf1813a7922a993f80b229481d02c3f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
540164d88c792fcebc558805a43658dd

SHA1
84aed9ca7ebb95bc636b33ffc505acb597f48660

SHA256
8c72a13f0b87cbfc825372524a7763e48cab546102bb7e6c8c2109377c781b7f

SHA512
9b7cbddbab5a5e6fa8bff3df70c8aead370eecf1762b2d4e408e885fd005d1553b778d75fb44587e15618633979519d183ce7581b040980c4642b6229cd00f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
9d8b1db4e75d583c25e024a80e579c7f

SHA1
2dbd1ad3e9fb30b8dfd2099c43ea021307cbd026

SHA256
8e98bbaf513f63efccb316740f5a085751b62a971d8df36bf7ba7f591d799130

SHA512
fea682273d3c1753165dcb51b54ee51c855078cc155adf2dcb5a9cd42d0191a54b05c970a43fd9dc2c9e1fa78edb7d3578c5a50b7aee8e3c4af3068c4544b525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
1e62c2c014845b93b3a569774edab3d6

SHA1
8998b029f9d5ded218e6094ac8eac6196bc1c942

SHA256
a6f04f95094c496e3e13848ff4596b71894aec20bad207180e3472d62c68f1b8

SHA512
cce6e101fc676f5ea4181c8126d46cd903b28d8859f2b88c389a229e52b2241423cae66a392c210b5c927e0b5e3e40dae1daeb814fab44f47e6776fbf9f55574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
ce9f4bf1a665197c1d088648afbac152

SHA1
dfd04f838910f0ac81c6186d5bb9a4872293d8e8

SHA256
c6908441d91b40a0af0dfcfb4ef659bf9327995155abb8a0d513ccc1f5eeb8b5

SHA512
511719baa58ac4d34da8ea7bb1c4e65c9a62ed6ce70baada5838fd19f216c3219f7a14fc2310e510a3f5419648dfb4f71431c900baea685041d566afddbbbba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
3b6705193d9b59d38564a4f7b273a4e6

SHA1
62a3e2b80eae6e2ba0d7e356d494ba20fe10108e

SHA256
ba59a943fa27be9c85cea1012b6a7ba8dffdc12c4293fe076b845391081db12b

SHA512
64be04474a3c81ea40c0e3805c8453d1ee7685ddbf71153141db5dfd22ec8679b3fe431cdfa01900038c05752acc03293a958f4bd90d070ecb060710cf21b0f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
358cc39d856f19dc5b43bb6b67710152

SHA1
10cf7bf6e0f63303a0ccea464d8ab635c9b7d586

SHA256
9fde8b6d94e023406731032744b7f6adf2dcb11504712421458faf50d6a51761

SHA512
2bc0ac3ffa0db0752347c856da065687ddf8ef7aa82793f2c759508687c667943354a2f6fdbdc679642e14229abfda435893ffe7dbe50d6c4941d4852f8eb073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
memory/704-127-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/704-67-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/704-160-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/704-159-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/704-155-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/704-152-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/704-11-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/704-9-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/704-151-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/704-64-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/704-65-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/704-69-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-140-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-137-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-7-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-21-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-5-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-4-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-10-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-68-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-23-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-24-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-22-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-143-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-147-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5032-148-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/5052-0-0x000000007492E000-0x000000007492F000-memory.dmp

Filesize
4KB

Download
memory/5052-1-0x0000000000780000-0x00000000007A8000-memory.dmp

Filesize
160KB

Download
memory/5052-2-0x0000000005690000-0x0000000005C36000-memory.dmp

Filesize
5.6MB

Download
memory/5052-12-0x0000000074920000-0x00000000750D1000-memory.dmp

Filesize
7.7MB

Download
memory/5052-6-0x0000000074920000-0x00000000750D1000-memory.dmp

Filesize
7.7MB

Download