Malware Analysis Report

2025-01-02 06:23

Sample ID 230227-df3essbd5t
Target 1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1
SHA256 1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1
Tags
socelars spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1

Threat Level: Known bad

The file 1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1 was found to be: Known bad.

Malicious Activity Summary

socelars spyware stealer

Socelars family

Socelars payload

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Kills process with taskkill

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-02-27 02:57

Signatures

Socelars family

socelars

Socelars payload

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-27 02:57

Reported

2023-02-27 03:00

Platform

win10v2004-20230220-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133219402902218339" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1660 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe C:\Windows\SysWOW64\cmd.exe
PID 1660 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe C:\Windows\SysWOW64\cmd.exe
PID 1660 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe C:\Windows\SysWOW64\cmd.exe
PID 4704 wrote to memory of 4888 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 4704 wrote to memory of 4888 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 4704 wrote to memory of 4888 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1660 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1660 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 3712 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe

"C:\Users\Admin\AppData\Local\Temp\1a404b9c0a60fe383584cb528bc2cc9069c4a32a846d5e7a2f8e44b4b03f5bc1.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2e7d9758,0x7ffc2e7d9768,0x7ffc2e7d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3156 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3884 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4988 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 --field-trial-handle=1820,i,5280615202379875576,2068318482062548970,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.ippfinfo.top udp
DE 178.18.252.110:443 www.ippfinfo.top tcp
US 8.8.8.8:53 ocsp.trust-provider.cn udp
US 8.8.8.8:53 29.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 110.252.18.178.in-addr.arpa udp
US 8.8.8.8:53 68.32.18.104.in-addr.arpa udp
NL 47.246.48.208:80 ocsp.trust-provider.cn tcp
US 8.8.8.8:53 iplogger.org udp
DE 148.251.234.83:443 iplogger.org tcp
US 8.8.8.8:53 208.48.246.47.in-addr.arpa udp
US 8.8.8.8:53 83.234.251.148.in-addr.arpa udp
US 8.8.8.8:53 83.211.2.23.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ferramentasadicionais.s3.sa-east-1.amazonaws.com udp
US 8.8.8.8:53 m.facebook.com udp
US 157.240.5.35:443 m.facebook.com tcp
BR 52.95.163.106:443 ferramentasadicionais.s3.sa-east-1.amazonaws.com tcp
BR 52.95.163.106:443 ferramentasadicionais.s3.sa-east-1.amazonaws.com tcp
US 157.240.5.35:443 m.facebook.com udp
US 8.8.8.8:53 secure.facebook.com udp
US 157.240.5.21:443 secure.facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 106.163.95.52.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.evoori.com udp
US 188.114.96.0:80 www.evoori.com tcp
US 8.8.8.8:53 17.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 21.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 20.189.173.4:443 tcp
US 157.240.5.35:443 m.facebook.com udp
US 157.240.5.21:443 secure.facebook.com udp
NL 157.240.247.35:443 www.facebook.com udp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 209.197.3.8:80 tcp
US 157.240.5.35:443 m.facebook.com udp
US 157.240.5.21:443 secure.facebook.com udp
NL 157.240.247.35:443 www.facebook.com udp
US 8.8.8.8:53 m.facebook.com udp
US 8.8.8.8:53 www.listfcbt.top udp
US 157.240.5.35:443 m.facebook.com udp
US 8.8.8.8:53 www.typefdq.xyz udp
US 8.8.8.8:53 www.rqckdpt.top udp
US 8.8.8.8:53 secure.facebook.com udp
US 157.240.5.21:443 secure.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp

Files

memory/688-163-0x00007FFC3CC70000-0x00007FFC3CC71000-memory.dmp

\??\pipe\crashpad_4024_EIKEZXGXRWYVAHKS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 2bd089522b71dd2e6569cf4dbd69b222
SHA1 a2b4409d48376f611aa238341e60f4a19f9625f6
SHA256 147f6798ad4cbc68c2404f343db9a3cd4140c3a503233d9c5bf92be4500c6009
SHA512 359037169c91a500df98a13aae3194d1685ba503e6d9545d7473574cb38265821bb364f45b7138c1b81e087e73c8aca8b17837e6510a575571eb78735845152c

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json

MD5 05bfb082915ee2b59a7f32fa3cc79432
SHA1 c1acd799ae271bcdde50f30082d25af31c1208c3
SHA256 04392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA512 6feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js

MD5 c31f14d9b1b840e4b9c851cbe843fc8f
SHA1 205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA256 03601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA512 2c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png

MD5 362695f3dd9c02c83039898198484188
SHA1 85dcacc66a106feca7a94a42fc43e08c806a0322
SHA256 40cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512 a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js

MD5 a09e13ee94d51c524b7e2a728c7d4039
SHA1 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512 f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html

MD5 9ffe618d587a0685d80e9f8bb7d89d39
SHA1 8e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256 a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512 a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js

MD5 3740b867f06eb5cd07ac3eb8df52ccc5
SHA1 bdc81dbe700d990542004483f5ff248b78e7173a
SHA256 e02245def3e1953839100a6f82bf57178f6b3417e1608b43eed563e44b1066e5
SHA512 2bdc03bb84530d81b18ccd638edb29d4f038d0e6a679aac9bd722099d6d7c3db799a273864a7e97f932adb8c6712c622df3f151aa845f65f3f0c477bac2dd60a

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js

MD5 0f26002ee3b4b4440e5949a969ea7503
SHA1 31fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256 282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA512 4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js

MD5 23231681d1c6f85fa32e725d6d63b19b
SHA1 f69315530b49ac743b0e012652a3a5efaed94f17
SHA256 03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA512 36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js

MD5 4ff108e4584780dce15d610c142c3e62
SHA1 77e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256 fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512 d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

memory/1064-207-0x00007FFC3D050000-0x00007FFC3D051000-memory.dmp

memory/1064-208-0x00007FFC3CD40000-0x00007FFC3CD41000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fe63ab6bfd7ced2a4e1d587909625783
SHA1 f76811266362dfe78bba09db4bc377d7a3ad0822
SHA256 8b9ea695f6001602bb5aab7f2072fca4c7192edcc03ab0a7d2e90e52f764285e
SHA512 91af3deac1aa2a325dcc34ae4a2e6a107c0327cf8bbeef4fc20d25e0b732509a31399f4aedfd184cc1924f49423a72e04f624946f41f4bfe035bde8193fe3a43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\32a81b33-c298-4bc7-8b6f-192963736723.tmp

MD5 50946888df1f28e14cbd7501be8b3640
SHA1 20f08ff5e25de15c6b2c859b58086f5094bbd471
SHA256 a164bb0407892cfaf0c338fdc6b0444ecaecf26c62a6ae0550bf7ecf5c1b5547
SHA512 893c1dd7b8b5f4f2fcbdfcb1030dc5c162cdb326aad6186cb35bb602eaac7697052c13ddba9c1a5cf6f61146cc58945b6515d933f6a109254f81509d27af1201

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 15779ff1b2f10c1b90dad3d8c73e1f00
SHA1 6b4d5fc78c7362cc2e8f15df32794041757c3537
SHA256 358d58516f5f59009aa84243f804378750720933c203e0c9836bbf258c126852
SHA512 1a262bf1daeb8f4997f42cc82869cecf9e9f06d055d8c62f25f29a1486dfda2c866ec4c6b903f9d8b0839f5ed5c670bb56767f4c11bdace882f4da7eb7300579

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 89f9f64719216abde292d645f5cbd515
SHA1 04f5f1dbc9a2e7633f8ab0a462e9825e5205eca5
SHA256 a1dac4bc7d046af15a06cc7e12f1e50562cb863fa947c03705e0ea3f55aa97cf
SHA512 61a8119d525aba6ce943be06e338a55298faa539af02ae408716b9209355e73542c87e4b263f9fb4a986c104d22131e9f5e0b680713fb0bc94448b561f191a34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ead7a5ab4f4537809223329c9506512
SHA1 9c926d3f2bacc52bba171980136186cacdc459bc
SHA256 b219b0a863719d28ae2c305c34e5c48ea3a31e7936ea813f4f4efcec113250fb
SHA512 e1b81d768ccc04f19f9d1914ccdcabe353755cb04228d36f06821de28da26e670da8ae99291e5180819a2d89208f0ed64c96583dbdb83277db1e428de832f3bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e5d2665d5758be8ff367da992234aadc
SHA1 baa4bb454c59ee820dccc9e39d514cda206b8d7c
SHA256 8e35c5e396890a072133eb02a99fe67ee2d5b794232e6b068a7ea1d7e3ccd93a
SHA512 27ab1a58d1060dcd1b116c716e557aa567c631825d46367a06f547c84a91b20a554f5c8d6321afdf7d0004c0cda3788d41666d53acf9ce2470fed019e8a807dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5dc7433377d1d37e6ea23bf857d6442
SHA1 0f9e4cf4874783d401b9a1b091b3726b2ff08210
SHA256 db25d2487baa390fc9d7b6e2485dbda6dd9901a5e46ffdc16f6e38adcde57a37
SHA512 614d775528eb570491e2a8fa0ecc04b89e80191fdac3095623a5af9aef4e87e248aceba11f0587966e07f552d5a254213b6f9312016e7e2239d98090c51e4136

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5fa1f5ce5c2bbd6b5872c1664938910a
SHA1 fbd341147494345f16bb76ed7e1e2bb1aeb983a4
SHA256 b312bfa21a714d6a62a0037957fb937dc98bb1c4ab81c469a620c86c38edee53
SHA512 a6c9304c410577381689c5b5105e4672ccadea3f8013605cb329dd0a6c9683a4440392b3d8cbb4be65cf9c174c89a670caf60b19b9be9d082288455c183e6538

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2e8d8c510274e928fd772fcc1c999db3
SHA1 0df948201db3c915c1fecb4a308ad89b6e8f48b0
SHA256 862f900e7c4f38840291084e9a6c27a9a76899c460d2b06dd3fa52d52d77a9c5
SHA512 fa77414661a236dc78ffa792f32331f91c6cb910fbe253947ca8e0e39bad921f4a8999452515db3727ad6371ba30108dbe7c59e5de7f3e739f8980d2bc48e5b7

memory/1152-294-0x0000016602720000-0x0000016602721000-memory.dmp

memory/1152-293-0x0000016602720000-0x0000016602721000-memory.dmp

memory/1152-295-0x0000016602720000-0x0000016602721000-memory.dmp

memory/1152-300-0x0000016602720000-0x0000016602721000-memory.dmp

memory/1152-299-0x0000016602720000-0x0000016602721000-memory.dmp

memory/1152-302-0x0000016602720000-0x0000016602721000-memory.dmp

memory/1152-301-0x0000016602720000-0x0000016602721000-memory.dmp

memory/1152-304-0x0000016602720000-0x0000016602721000-memory.dmp

memory/1152-303-0x0000016602720000-0x0000016602721000-memory.dmp

memory/1152-305-0x0000016602720000-0x0000016602721000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 589201f314980963c587b6d548ea0017
SHA1 7ac83bd70f8b2bb954a850cfedaffd5bb3f2cb0a
SHA256 080b0852cc331f6de1d533118a7c3d16f01012173849256f5ad4835225f11a50
SHA512 9ba2a50145e15155dba94137edda2cdd0540a54bbe369580629d7094a5e0d314bef998521253fe8c2f355eb275f03e703977ee644cc76012522086e91f98afce