vipkeylogger | 6a3ed292ffbe10a366c6c298832cb0ebcb10944f2b30fcbe52097ade905cfde6

Resubmissions

14/04/2025, 12:46

250414-pz4mraxkt4 10

14/04/2025, 12:46

250414-pzn73axks2 10

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PO-INVOICE.exe
Size

1.0MB
MD5

52801720d0495e0bd1f781e22bf48a20
SHA1

101b93a16ecedb1b143f80ddbdb12ee376ec1f88
SHA256

633fab421c431bf0c98270e6706420cb9945195e17f1a5a2ddcaaf6c56287bde
SHA512

aa7eef07b09cdb9a99e6bd056e3fab7142e1859f23cd1429b9877e03c33f281e844d718bfe1c31c37a79b8d33f7c9df43b683a2e74fc38bb63553fc8a2cd8d24
SSDEEP

24576:NRxYwke17y0EID2XalWFwXf+5pyewHrAKF6F8Ld339S:pFlA0EIDDsFwv0Mx8CL

Score

10^/10

vipkeylogger collection discovery keylogger stealer

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.iaa-airferight.com
Port:
25
Username:
[email protected]
Password:
moneyismade22
Email To:
[email protected]

Signatures

VIPKeylogger
VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
stealer keylogger vipkeylogger
Vipkeylogger family
vipkeylogger

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DigestAlgorithm.vbs	PO-INVOICE.exe

Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key opened	\REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe
Key opened	\REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
38	reallyfreegeoip.org
39	reallyfreegeoip.org
36	checkip.dyndns.org

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5900 set thread context of 4420	5900	PO-INVOICE.exe	106

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PO-INVOICE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891084417322905"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4420	InstallUtil.exe
4420	InstallUtil.exe
4420	InstallUtil.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2952	chrome.exe
2952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5900	PO-INVOICE.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeDebugPrivilege	5900	PO-INVOICE.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeDebugPrivilege	4420	InstallUtil.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	4812	chrome.exe
Token: SeCreatePagefilePrivilege	4812	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe
Token: SeCreatePagefilePrivilege	2724	chrome.exe
Token: SeShutdownPrivilege	2724	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
4812	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe
2724	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 4844	4812	chrome.exe	91
PID 4812 wrote to memory of 4844	4812	chrome.exe	91
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 5420	4812	chrome.exe	93
PID 4812 wrote to memory of 5420	4812	chrome.exe	93
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 4908	4812	chrome.exe	92
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 1576	4812	chrome.exe	97
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 1576	4812	chrome.exe	97
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96
PID 4812 wrote to memory of 3380	4812	chrome.exe	96

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	InstallUtil.exe

C:\Users\Admin\AppData\Local\Temp\PO-INVOICE.exe
"C:\Users\Admin\AppData\Local\Temp\PO-INVOICE.exe"
1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5900
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  - Accesses Microsoft Outlook profiles
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - outlook_office_path
  - outlook_win_path
  PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff921fcdcf8,0x7ff921fcdd04,0x7ff921fcdd10
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1996,i,5492206557298427627,3405700481030865423,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1544,i,5492206557298427627,3405700481030865423,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2196,i,5492206557298427627,3405700481030865423,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,5492206557298427627,3405700481030865423,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,5492206557298427627,3405700481030865423,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4248,i,5492206557298427627,3405700481030865423,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4276 /prefetch:2
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4720,i,5492206557298427627,3405700481030865423,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5224,i,5492206557298427627,3405700481030865423,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5560,i,5492206557298427627,3405700481030865423,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:5528

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9318bdcf8,0x7ff9318bdd04,0x7ff9318bdd10
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1572,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1988,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3244,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5264,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5432,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5652,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5640,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4692,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4668,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4572,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4596,i,14069437905823461582,14166789823542287616,262144 --variations-seed-version=20250413-181331.507000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
34c29bdb9e41b1f47f2d2786762c12ec

SHA1
4075131b18c3487e3e848361e112009c897629c7

SHA256
67ee11b51cd6f637795e31ab501f135ed595c8459bce885735f08b0418513a17

SHA512
ca3a978798e77b2ced27b379f38e935ef18beaa7ea23e34270a9af20b37e1b1c5edf9478606311cf1acabd83992766cb3da8444de9394c674d5955bdbc53c0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
35dcc638a9e1ab5ad0f39fc0aa9721e5

SHA1
10e3ee0fd6be74e054483347d9b15945b5ff9c4b

SHA256
b8a18210af412bd2f335a9a187fe5c91219d1fbf277b5d100bbd3c6b5ec88b7e

SHA512
7308d7576704452522a47780c98318fc31c48f73206fcface05e9c5c18523fdcc23873df52ac80910caa7fb1bfcdc05d512447275bbe37b5e65f40f29228e997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
d28553a77e3581095e84bd5c93703cd1

SHA1
3ea714ad697151aa473ebada8aa4f1912824b1f5

SHA256
2c7faee23373da916f002e8eb8150c2a53d35b33ef1816687387108e26970a81

SHA512
3a798ef41d4213e88347360ef085ad175d6dc5d266117676d8f3b8dba8557b4b036655299dd7131c0b8dbad7ed9fde26ed1b143b3762e0bf657b8899dab10b41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
aba804fd9e1d8c6940cca49b63b25a6c

SHA1
a8c74c5e7922ae53eed7c90fa4c3d581529e17a8

SHA256
c8e6b74b4a49f88ad7d1b5cde6373640450d44ec2c5ef2a92d0f6e4393a4b9fb

SHA512
cdd30dd2c19fa017f760ec01c17aa6814e261d5a6a89924cf56ff1de032e7ecd8567d5980aa8fe6de9db9ef3f143333d7e64cc9f1918479b7c02b2d59a7fe870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
f68b3ad5e75ea5ee3255b2c8aedcb29f

SHA1
211291e82d0a9db4aa5db60bbee569addb1a5c1d

SHA256
dc93259142fd639e62879e6f30b336ace1361167362e3adfa8930bbccd724a9f

SHA512
908e3b22476e02bd35908be134f4c008988790ea7a158c9ffeaafdae206c5666bd2035789b14279c5828d66e8d1d740b3d7682fb52991d9ea23b6329af432e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
fa2765f3d2e13fa44b6647aef9545b48

SHA1
30d62d08186e2ce19344a23474e9a16ca7774be1

SHA256
fb5089f3eb96c9a97974d317dd50956c379a948ad218e3c5cbddd6e9be0ad39e

SHA512
d3618891a6246ccc0e98eaf327ce7755dec5e3bdede1d38e91b56844ab143bc28026a23976a1a2b12fdc4a465381bf1fdb183b6f4d4b6586cef244a689f159e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5a99f4a797c83ead28a015247163902f

SHA1
b70bed00eaaaa23626bbb854452a180ba8516e8a

SHA256
b3b5262fc6b9097b8aa9bb115bf4e6374ebc5e7ebc95933240f6cc7303df3952

SHA512
032c8fc0334858acfb1a197c6b86ed4fe078a260d14c6dce289fd744ca8c8ea5d53badb67f43f866fada35162f976ee3882bdd1667e69c5ece272e5bb7f7cb4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DIPS-wal

Filesize
16KB

MD5
eb2bd7ed188d89ba6163bf928067ce52

SHA1
0acc23b5c714db42f2aad311af03d0cce1ddd025

SHA256
d4dcaf3d93f0593eb5d1c1a146426be79939b3758ee4edfc962dff443a6df6d9

SHA512
ea0bc2dde58f8edd79bd618880d7e85e4edcda49ca5099399bc594d0c559374d341c6aedb760acb7c3402ff82fc50d5e579c06465189008225f5d4c68dfaece5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
61013cff040bf105885ed6a1c4abdd0b

SHA1
b0db4b59e96f03af95a51b05bced4090848753c9

SHA256
74f633d8212b72437bd8d71711a3ebcef818fac83c89194c786854b2b117cfc9

SHA512
dcecb19b12c778a263609766a8334e935c7007123bb74bdfb63585353771b551ba272b49a9edf5d3f7c118763a5428c7b92bbb3e827f7996dcc33bedc990068b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
330B

MD5
67702618aae10f44d541e28632d8176d

SHA1
2cbf0ed086de5b1cd856908137e43e280ad6b2be

SHA256
1bc3fe15d6872fcbc3412ff16f7ea335c9f4973d7b347685e678cc9f36025c66

SHA512
e157301f69106e7c34718b521d0f9f1fa4a26fdf0ce25301826390f1f79332207e7ef1176e8355b31066c5672250941dba24716791994f3dc4c2224c4b9ae65c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
c26f5ef63571771ddda1d090ff1275e1

SHA1
e74bc6700efc0389a2981ee9727136fa82f93f4d

SHA256
2198e330b0dedb45b42f84fd975355662fb4c32d3f251daa2bc3b054b932656b

SHA512
5a6ac9839b21a7cc8ca2c40557566b6bd7c5546498097a298af95f4624623b96be70b493b6c654cfbf6e76c0a3aa728065163c647348a17c5bb56e9dce914ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b471ffd7b06b6b9d7a89c502e4f6e869

SHA1
d71376e994ae9271e87b9fe3f4c39675d750facd

SHA256
6cc4f7f10234bf09d0e6bbdae1ac8efdbd7575a62feea140a4df5eba605ddde4

SHA512
29d4df82e04d615d7311af137650aa7995ac03f582d3e62634d09a9ed5046f73930be9c793f8e072d2e3879ffb9e6fc4d7911f0ae4fc0ad49c065c37da7ededb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea918342a2dad8f489ce8a11f2e89594

SHA1
5a66430a3602a25efd905d981d09c5c4d0157d56

SHA256
f048b7da7698fd72771dcb7147025bcb9f924e47ca322e84e8a3b98ab97127ac

SHA512
4c64a5a9db867429a964e6213ef880443747549d39431d9eae4128e7c3f445cbedb30f4c6517e3f6e691a123c45f23d1ddc15f2607ed766843ef2b6dcf618e5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ade69ec8bd8d153e5a694d6fb6e38357

SHA1
53d78cb5b8c8e3bce6f85cd420b17b2e9c8acbac

SHA256
972699223d23719cba669c1929fc6e811ebb91ca62ccf22429f4225b87340e52

SHA512
b71418fe67cea5bc7e324ae6471d068ea65c3cca33344e1de97a030a7fc14682f461d0e833bbb8b0e0234d31b30a8040d5e6a8a43bae00c8f1071992e5fd2b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5ba174b0be2efd7c6cc467909718819c

SHA1
db971c53d883de6c991a16add9f016a7eef1e8fb

SHA256
4246c140ce6c26b35338599bad9c0cf11d469d66eaaad950622034ecd75bb281

SHA512
6d1ad95290eccc6fcad8e8ec12a53d8934e31b5aa6203d52391fcf734be4ef7128ba5ca5ca0cdead9f543a970e16760c4e98f958b3e855fedb0f82606b92169d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f018ce05fee1365de9d9023ab95fc74c

SHA1
792b7863c115bb2e52d287a8e78743e61edc0565

SHA256
e2747e43ffda1db5f79ac849e2a5bfbbacdbc2ddbf8ea6d6269e957982cf892a

SHA512
8b9fcf84cabc7e5088432344b86442322db0076993a835a83ba9c48dd3068d0431a4a4590e90b97a5231ad14c746bfb225e47615906f1b42cfbef3e1ce533e0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58ddacd9ce422a5ad35cbeb0cc4f0813

SHA1
0e9edc4c5bd5c397b693d9580fe09f6538701a59

SHA256
902add3dc798e1d3ed10c0e3f1a66fafe78820f76d635618e63e493900ff587a

SHA512
041a1920821baa39623027aee937746d180a9d0061cc3613fb5abc3cba4a8b43cee45581d76383599da78060c4c979c4bce526122b20855cc23cdc39e8dfe039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a8c408b460042a180e1f0b28b6ce8378

SHA1
989fa5fd3bb0090b6274b9d9ca081e8870107d6f

SHA256
3ac24418ce30cf22524afb604816f04f7466b1ba55ac074b289382755168fae9

SHA512
b0526142ee44241f75de7b393644388d7dd76e72237a46e700cb1ef20c1808b277222ec67f27835fa4bd6b6788830308191898d781d1cb917f2dc475452caeb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
3KB

MD5
efbd9a6138c0d8fcb7b0f53694065956

SHA1
31416ad5f5f0a23aa9a382f09acf79f246092e66

SHA256
aa6e93d42cab49b1034900ac5d7a7315400a508c30190265aeb988d13f4f971b

SHA512
55e4ebcd5dfa3e7adadf7c2c8e2d198f6c74d769b0f88a86e243d6ad3c1e2158d22792594344bd2a6455b25ebd0a0233ef7b26c7bb9a1a3bad4964ac0d60055e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
f40766798e0bd6651d10ba823ec6ebdf

SHA1
ce4f1f9fd1863d43ee89dc60f4b87367c6507c61

SHA256
d004b04c86b1ee4f78b7292b766395ff1baed26bfbb49603f728173d73686727

SHA512
35b499c51773c10e1af8dafb77fcea7be7f64a40e5217b997ac4fe22e61dd8f6e4b7c6852724b2dc444459e7e53679d331ff1cdb545fb5c16a53a92c0d74291f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
289B

MD5
541c42f1c98b3e1b011d22eba854e707

SHA1
db30188de1f22e3077e7044be1386a5d0ecaed9d

SHA256
0768e811c51ac61a8e573ac6b53f89dbb1d89eb2fcf62536a9a5f730329c584b

SHA512
47828c1b40deb8d37d6ff4fc8f7673fbb59b40e07f54f0fa4121b91941160134c251e20f7f28f7ee5185f3c8aee2b7e95a1bef573bc64c68912016accbe90604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
379f181e5616a3809b6e4c18fb364e22

SHA1
46a6bdae9cfbd6e013900990b9ea67656681bee3

SHA256
bc4cbe9d1f69275125e82ef1ccad1b45fb989ae0e658225359ee9353c8b3f83e

SHA512
62e3f09ec4acb3fa9b21eab1010cb2beffe6ec495760b31b70884db03f3ae738d9dfe80c04e37f0a3d6703a13e83411a2612797c6c4d3e7ede11468d48113ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13389108440190186

Filesize
4KB

MD5
3022b6e993b3d866eeffb62b6cfe9d6b

SHA1
156ffdbca851ccadfe596a54b3ce27eb788d6af9

SHA256
3bc56fd5f43bb84832fb7fde1f254dacff28bcb09ed19e88ea12147f213853bc

SHA512
4e088cf886fb05950a3e325347257d070902041a40720b6fd4b62370f8e5acc5bd7d7be383d1803a534fb5ccacfa558f605796a760067b1290a6c22676435949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
452a3778c9f9003b84bfaf7b640845f6

SHA1
10f4b3e99545c4dfacb07f08ad7cc74862852125

SHA256
aa866922f914ccb429404bf355c977f14214d2e6c9af3e90e6165919a7e53fe2

SHA512
55d7066debae5eeef59667c2192c43179a7e846a236978ec9d38b9760e1d7473a6af667920a79f76ec4954bf2f3bc8f056f11329bd83a2fcb2f34a4d641d5098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
994c7b59036e1450da36538cc0bedfb0

SHA1
7ba03ead296d8b55c9a895fe29ba8b000c8a4138

SHA256
a59f4453c72ba0dec1ff3db2a3a11657eb2f749117d0eefea3b92e51c2cb3811

SHA512
ac3a0829946e95b6a41c014ff5946790459d42420c0e05d8b91c392d5750e2852498f17109b3f283be5c3887e50a96ef99d08e51c3b3b42e5f2c26260ba76e83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
130KB

MD5
cd77a52163701d8dcdf4cc69a9521dc7

SHA1
d41fe3179ded153b424f44c9d101d936530df8ff

SHA256
ccb48d471e0c70c19808edb86570565b01f94d277f02ee791f636b189ca09116

SHA512
999b4526bf63bb9060430fdb3629d26db231b13aaa55f29f37bbbcaab647fd6aff758f90f38c2c19786bac64c58f7499ee7bfd6c1f5e21605a19b2f5a6595632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal

Filesize
4KB

MD5
9f455af521e153cb232a9d6be4be11c8

SHA1
495b49b5f974e512d802efbbe1cfc4d205232170

SHA256
647cfcc15b8d720af2909fd0b53e4838f4628f0ba410e3b9ddc5a34bb540e49d

SHA512
d45e06a16bf73480d85a6ce8c23ef7776e9f2a16404cce4b638390b31a4d9215df0e049b7974548fa9c0bf2b0fe9fded528686ad6f7fe32411abe0799d3694e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
12KB

MD5
23c348b896218f1f70ebf56554bf8109

SHA1
f45433ea1988eebfa4cf935cba79ba7a80c5d541

SHA256
926fd25d11a1b518f36a20f0b96d079b6277c7f3a443ac66ed6d9f4e4ee4619f

SHA512
7dfdc9659b7cc501992ba09b20e33aabf658ce45df42043ec634e5ac4d5baa9d66fb21cb0c0a78e23eb191f8bd653d3c5d921675102a926598949736b40ea575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
22KB

MD5
412cdc3885a57cae1e46da8bfc9eb34f

SHA1
4214a10419717d81722a42e3f0398a785fa39021

SHA256
d892f8614eb70d0266a7e95c5027ad289b5218ef06248ac0383f10825566e6fa

SHA512
732c8e7ddd24e71e1c88b313db2e738c9a79907fbad785a4ff770d59e807d99c9ed8f2b313107c37e6ec8d225a1d2d839f6064f454ae9e86a80188634169e861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
1e2d81108572aff05a5b0165e7597905

SHA1
d64ea5a80fbeb109ceb620cd844fc5b504d4fd68

SHA256
0e465a7374ad0431ffe9a83d31d0ba4ac0e0d97a249d2a086095208f69cc9324

SHA512
59be143f9801ea2b028bbb51629cda246656f7e7b87b1dce1cdde8d9ce81fe1ade1e4d74e12ddfd09e1c5703f980eaefe06cc34fe9e13da6a60637cfa0c8765f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
a5b7e88217bdfe7a72f33389051d8d76

SHA1
5cc82e74167ec502bee8d75c0d3d68b97747adb2

SHA256
622cfbb887bb22be2be48a5550552437d726765cb573f42fc294aa0faf70a475

SHA512
8aab39e6c2c146cc978eecd94cdcb8cd096e6450bd2bbf704d8adde2979862ce11206c1a003ad15b8f91e08db48e073c33eca9f58b414b2c9f22050bc0bd502f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
72ba63bde8e04515f9b4fdff3335cf0b

SHA1
811b3be7c2dc70f4ae1c937be55468ff6750a5c9

SHA256
2fb70d13f8433c215b649580782d2e7c4cd27b9a391ce14e70c0fa644a5ab26d

SHA512
ea5c4da886769c4ad381568e1eade940df241743f8f4f7bcc56f4aad813bb6dbe924bc52a55a27104529abfd3b78df9ad1098b7681e021c2ab5d825d4d62fab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
5a3953e7ea8591eca021af372cc5b0eb

SHA1
8289b1f47e5ef25021248881384418cb915bac20

SHA256
7271fb412455e9e4ad50230afb2cfa18eb1200dfcb728b8fb7ec5876a6c21d79

SHA512
8f7bb9d5598d9880765b0c8d1e0e4f6d6f7b6cf8e00af32b3c704128db6e287b71746bcae843b6f11d1d8ffcea30d30a71184dc28d190e0bad5e3003b673549a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
ce8fa7adfca4232c081d42f005202d49

SHA1
c381e1780212231dc8b3519351bf600052a31c30

SHA256
f8def3b45f65b7710ed0e8939ed700b9b93a0347b358406a4343245e37547604

SHA512
384b207b265adc379f7dcc83e2052dfbb938d883e814773e47782f17e75ce6609250b6afa5106e2edc45258be35062a15f3bf9ab2383b97d23dc9d633f36b426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
cc5fcf182e60ed0321e87b3b3970842e

SHA1
db9ad4dc4e7e87887fcb423a66d6258181e171ac

SHA256
f4078c938331b282157cc02b8deedf262d7d11b911efdfb18f24c57a961c0064

SHA512
eadd475de90d7fd11a8ad6880f2eb978ea1ccd3f39a6c739cfdfc6179fbad48bba266c8bd21aa804967cfe16c6294f990d3e97811a4a8d444b97e8592cda6855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000001

Filesize
16KB

MD5
127d97009f3d0e12b8324958d33478a5

SHA1
f1d097527338ff5d71f418d5774f52a074223a43

SHA256
1014a62190fb9b814052493430534bbe4665ff23846efdf17e6ab53401aa13b6

SHA512
28ca9c00d493692dd5dedf0119805b4d24861e3a3c8b3e0b1df282cad9fff4c8e86dcb31ebda2a9ffe2fdf8a5fc6512517edef8b5004d7c6f23e23e8affefa6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000002

Filesize
29KB

MD5
0ee7d8f8b4195e5933822e399c320183

SHA1
88fff3582fcd7415e9e7401e0c42e96605346cfd

SHA256
81b2c01cdd7bb076a387a4b75d78b0d612b2bb3a9c7590bdd44131ed3dbe8e50

SHA512
c0dc2be7587af35176e15bb0caec635cb4ed5ef7b90f247217208fc1f8ecb46e04d72b0040d593cf8806660ea5e8836bde03430a326ff1d72355da8c6200d33d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
7185512497e6cbe466012d2674d75779

SHA1
0bd60f275459013be2d78a495d98d343a7890e36

SHA256
37819399058e820a5f6b9a772e645e42d6c85c809d1da9aa477a53c9467b7362

SHA512
410832cf0185b008fd4c77c1c5fc1366ac53cc7c3b5201978b20ce75cd05164aed526b3cbc1a52500981c00e98ec4784a7bc6baca17aad9df209c8caaf029a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
89dbb42e8354922c5a01b0121713bbd8

SHA1
351bf0c00899c054c279873c077e6d81cdb93a91

SHA256
7648f03f31d2d919d43cc212e791ffd3f7d5d8352bd2db751877ce88fdf7de5f

SHA512
08887d71c3cc84a1acab38db88d7501e20916b19ef2c705acdbe9d912506e3d417762e7485cf029d6623efae1e325b8ab004c69a80b299737607afb55c3470e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
81b9594d02397644e10c6359fc04bfd3

SHA1
6687d13199dc625b214b29be5a0cb5d35cb15d78

SHA256
ee0f876de8a8073224474be9b9daa954ef23288871942c24b90f076a28df087b

SHA512
5c191d8e1012f441856276c039a70934d47a42e5c4a31400b13384ddacbf2d8b3b8c188628ef671352088d8022c948a7db2bbc6a433ca918b1465a8d79f6d6c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
5f93148b22922afdc32d5c9cc264a9c3

SHA1
3f2a1137445a895d69b3665445bfbf155b23d720

SHA256
b9a1d951ed826da705f52058f09fc569c8dc7a3b7c981ead6ceaf39faeeb6e10

SHA512
016c34154ef331d71ec2bbd7a087b7786455f4974fb907265037d78fcec03811b7ce7ebccc2aa4342f186318d62a776f1bb4fcc4ce14ab8ec4d3ef14c76f7ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0

Filesize
44KB

MD5
d4b0bd8a84fe917bde0b2df155d9c40e

SHA1
e65d0b97c63a383d573fb5121d0cbf1a3c494f1d

SHA256
554d0d5939a6eeee6433274c7dda7144b06d79b793d47649bdf050949486beb2

SHA512
1a4d688111f33ef7f5a07647d37e005f352e3823dddab961596ae55a5ec98997ceb8051ab49ac8ee3b2867c596e136fb107a1dde7604122c3d4365500b00158d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0168e313c8eea7c264631c8cf2c9a0c8

SHA1
6bca9c4e655c509548b62b9e94f8f361b5c3c2ab

SHA256
f4e33544758f9d0f91906a8dac8ba67f12b9418c14b271ac8b096650f78b2f72

SHA512
bafb84c886348fb69f255dd5a20309a2baf430ce524b8e62e6ec52586890e5080c9017c329ec4d737de8f83e0ebdda2e44b516e7c99d4eef7dd2e1844d1819c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2

Filesize
1.0MB

MD5
6c5201f337641cee957641132609e2e5

SHA1
2e75f95d6fad7402b6009a034217286518a83ca2

SHA256
77caf148e46bf8848d70ffdfa8a274195fd00e0262ed2dda4efa6932b5d987c3

SHA512
2329a53e0a23bbe62d772365068d1fe266e7e10fc0955036989a803f222bceb595f2383b01719fc2b47e26056a376beda0f7519ba8095b27021b7eb1622e4979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db

Filesize
48KB

MD5
850efe88508753c95f952519b15b037a

SHA1
d8939bae626035dcacde7eec17a8b30733f43998

SHA256
181200c2094846cb32d846fd1e26f3f1490c22c2358649ea39656d4a67f1916e

SHA512
2d3c8f210916257fb45756831baf335c001514d3962d0315957cf84d87c8e9dea5d6148d4501bd93c2dfb908818ad408e99a85dd36b22adcd8459be000b324a4

Download Submit
memory/4420-1485-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/4420-1484-0x0000000006900000-0x0000000006E2C000-memory.dmp

Filesize
5.2MB

Download
memory/4420-1574-0x0000000000C60000-0x0000000000C6A000-memory.dmp

Filesize
40KB

Download
memory/4420-1418-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/4420-1483-0x0000000006200000-0x00000000063C2000-memory.dmp

Filesize
1.8MB

Download
memory/4420-1419-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4420-1420-0x0000000004F00000-0x0000000004F9C000-memory.dmp

Filesize
624KB

Download
memory/4420-1421-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/4420-1495-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/5900-36-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-1417-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/5900-1413-0x00000000051A0000-0x00000000051F4000-memory.dmp

Filesize
336KB

Download
memory/5900-1412-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/5900-1392-0x0000000074BFE000-0x0000000074BFF000-memory.dmp

Filesize
4KB

Download
memory/5900-1380-0x0000000005010000-0x000000000505C000-memory.dmp

Filesize
304KB

Download
memory/5900-1379-0x0000000004FB0000-0x0000000005012000-memory.dmp

Filesize
392KB

Download
memory/5900-1378-0x0000000004EF0000-0x0000000004F54000-memory.dmp

Filesize
400KB

Download
memory/5900-1362-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/5900-1361-0x0000000074BF0000-0x00000000753A0000-memory.dmp

Filesize
7.7MB

Download
memory/5900-8-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-22-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-5-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-6-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-10-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-12-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-18-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-20-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-25-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-28-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-30-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-32-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-34-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-0-0x0000000074BFE000-0x0000000074BFF000-memory.dmp

Filesize
4KB

Download
memory/5900-38-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-60-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-40-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-42-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-44-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-46-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-48-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-50-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-52-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-54-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-56-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-58-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-62-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-68-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-64-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-66-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-26-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-14-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-16-0x0000000004B80000-0x0000000004C86000-memory.dmp

Filesize
1.0MB

Download
memory/5900-4-0x0000000004DE0000-0x0000000004E72000-memory.dmp

Filesize
584KB

Download
memory/5900-3-0x00000000052A0000-0x0000000005844000-memory.dmp

Filesize
5.6MB

Download
memory/5900-2-0x0000000004B80000-0x0000000004C8C000-memory.dmp

Filesize
1.0MB

Download
memory/5900-1-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download