Malware Analysis Report

2024-12-08 02:02

Sample ID 230314-gmpztsfh4w
Target 871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5
SHA256 871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5
Tags
socelars spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5

Threat Level: Known bad

The file 871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5 was found to be: Known bad.

Malicious Activity Summary

socelars spyware stealer

Socelars payload

Socelars family

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies data under HKEY_USERS

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-03-14 05:55

Signatures

Socelars family

socelars

Socelars payload

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-14 05:55

Reported

2023-03-14 05:58

Platform

win10v2004-20230220-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133232505496202111" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2368 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe C:\Windows\SysWOW64\cmd.exe
PID 2368 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe C:\Windows\SysWOW64\cmd.exe
PID 2368 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe C:\Windows\SysWOW64\cmd.exe
PID 2016 wrote to memory of 4820 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2016 wrote to memory of 4820 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2016 wrote to memory of 4820 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2368 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2368 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2740 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe

"C:\Users\Admin\AppData\Local\Temp\871bbf3c3c34cc1c5f0e0623244cc3332358e4998a39028e67090d5a297efec5.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd46899758,0x7ffd46899768,0x7ffd46899778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1416 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3192 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3324 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3936 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4676 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 --field-trial-handle=1816,i,6090980638952362463,16312246739004920091,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.ippfinfo.top udp
DE 178.18.252.110:443 www.ippfinfo.top tcp
US 8.8.8.8:53 ocsp.trust-provider.cn udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 110.252.18.178.in-addr.arpa udp
US 8.8.8.8:53 188.155.64.172.in-addr.arpa udp
NL 47.246.48.208:80 ocsp.trust-provider.cn tcp
US 8.8.8.8:53 iplogger.org udp
DE 148.251.234.83:443 iplogger.org tcp
US 8.8.8.8:53 208.48.246.47.in-addr.arpa udp
US 8.8.8.8:53 35.146.190.20.in-addr.arpa udp
US 8.8.8.8:53 83.234.251.148.in-addr.arpa udp
US 8.8.8.8:53 67.55.52.23.in-addr.arpa udp
US 8.8.8.8:53 hyhjuer.s3.eu-west-3.amazonaws.com udp
US 8.8.8.8:53 m.facebook.com udp
FR 52.95.154.82:443 hyhjuer.s3.eu-west-3.amazonaws.com tcp
FR 157.240.196.35:443 m.facebook.com tcp
FR 157.240.196.35:443 m.facebook.com udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.154.95.52.in-addr.arpa udp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 112.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 secure.facebook.com udp
US 8.8.8.8:53 www.real-surfing.com udp
FR 157.240.196.16:443 secure.facebook.com tcp
US 104.21.11.17:80 www.real-surfing.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 16.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 17.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 52.152.110.14:443 tcp
US 104.208.16.88:443 tcp
US 93.184.221.240:80 tcp
FR 157.240.196.35:443 m.facebook.com udp
FR 157.240.196.16:443 secure.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
NL 173.223.113.164:443 tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
US 209.197.3.8:80 tcp
US 52.152.110.14:443 tcp
FR 157.240.196.35:443 m.facebook.com udp
FR 157.240.196.16:443 secure.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 177.238.32.23.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 www.listfcbt.top udp
US 8.8.8.8:53 m.facebook.com udp
FR 157.240.196.35:443 m.facebook.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.typefdq.xyz udp
GB 216.58.208.99:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.rqckdpt.top udp
US 8.8.8.8:53 secure.facebook.com udp
FR 157.240.196.16:443 secure.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 99.208.58.216.in-addr.arpa udp
US 52.152.110.14:443 tcp

Files

\??\pipe\crashpad_2740_EOSKMUCCNYHGWZML

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ac821ea53c1507f9d1c5ba900bda2bb0
SHA1 20180a35eb36abb179ccb205ecd4de974c7e2a91
SHA256 87dbcf25a4a3b902169a4d330e2abdd36f3c383035dc0113b5991970ca46380f
SHA512 661875f18d4ff6717828168cc8f47b203bee8aa4e1bebd401a69fb82b5c3234b27fe7365151fd36226eba42e1aad57e7322fda20192f52a1f86593f4dda6f9e1

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json

MD5 05bfb082915ee2b59a7f32fa3cc79432
SHA1 c1acd799ae271bcdde50f30082d25af31c1208c3
SHA256 04392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA512 6feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js

MD5 a09e13ee94d51c524b7e2a728c7d4039
SHA1 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512 f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js

MD5 c31f14d9b1b840e4b9c851cbe843fc8f
SHA1 205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4
SHA256 03601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54
SHA512 2c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png

MD5 362695f3dd9c02c83039898198484188
SHA1 85dcacc66a106feca7a94a42fc43e08c806a0322
SHA256 40cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512 a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html

MD5 9ffe618d587a0685d80e9f8bb7d89d39
SHA1 8e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256 a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512 a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js

MD5 0f26002ee3b4b4440e5949a969ea7503
SHA1 31fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256 282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA512 4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js

MD5 a1a17e019421061acc56eaec7bd50767
SHA1 bdb8959e336844c0a4558013003effa40f6397fe
SHA256 14664a9c1fc37670325246a6369d2eb4a12a3bab9956d4ee84601a86c4d3fe0a
SHA512 c13399ff7f2d7197498b31277e16974b09e10d235583a5cfbc2f9c6d8d5156f93ff1958823f17a9d949b15b469634a94b93457a55f1c6386c769bf4f208bde4d

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js

MD5 23231681d1c6f85fa32e725d6d63b19b
SHA1 f69315530b49ac743b0e012652a3a5efaed94f17
SHA256 03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA512 36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js

MD5 4ff108e4584780dce15d610c142c3e62
SHA1 77e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256 fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512 d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 527fd69bfcb7cadba94471890e626c97
SHA1 42b757fbfb477d572d7e831ad25b8c33ccce4e95
SHA256 19b8fd304ba57d53dfbb4e4bb1b0b37bfbd8a4cdbe9b8fc82d2c82f07be94fbf
SHA512 8dd9d1f441adbe9bb4b6d05227788ae8a81be6a4acc722e95d6144d04c63d007495e2745299022f45fdb43f447d73055cc915f4a32c3e2c0138635803e48b669

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 c00cebb4a266c744ac115331dbbc67bf
SHA1 fac4fb4874b6486aa5d35f1ba401588612eb90d8
SHA256 43eecd1ddd92c968df2ae4b57ef0da76f1e1633509eb14ff34e940772d8f05c8
SHA512 befd68efc704e68afcb3c9e7bb4d6a92ab5d0d1c627810dada113cce5d4aebe797406df594b4114f6e938dcac12e423e3534b974ab7d4d756cf1824cda03d491

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a02550617b1a4cccf26426429d666ea2
SHA1 54856fc996f5837c5e95fb6417e194a8f75e11b4
SHA256 3f760bf18209fd161cb93b3514f7775d93bba20542b153e3e1c36540c175e279
SHA512 e2b4aede0d85cd2ee315a35b245fc7c4afb72294a09ac76f6d9c2f1430af81ec3317dbf26ca8e439f6d6410d54bffe6bc70e85e1531e8553a4f5641ea5429ddb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 687080cf2b00d06f903405530ad7400d
SHA1 bb5faf6f4d28dba1dbed4940e70c3757c699f54d
SHA256 9320f15e007090978a79881abb7d81b2a2861417f2cb70a65a40f852b6024868
SHA512 da109c7f9c90958b4a357bb32dc32b98db546cd8d2d70e4d2fd41bf009abcba32f01b40760277d355b00be85d88609d3f3f487f81220f6aceca523d44b45f650

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41bdf0793688cf1a09161613f5932a40
SHA1 b58ea0f2f9c681111825282cbce9edfcdb6127d1
SHA256 073c1a5906259fa9a9115fb4ba859fa3be81a9c1cba6e6530c68a4409867b561
SHA512 d81a9c361e5de2134fa840e3a9e94f3d444f6d5457790aa116bc481526335ded8502f187e9b8bc749ec4bb623f82fbc877a3309beb973e470c4e8deec189236d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4dedaa7ec5a8c8a513dac205ba0a6dcd
SHA1 6752980cb34085c65788dfb8f3b60898ec10471b
SHA256 e1da05d81154bdb254e8a0d37882f741f0ebf55818f80a7a56e78b67cda5fcac
SHA512 3db3e5f704d17bf83942575663614c1a6570a3a8f934f7fc36ccafbddf7a6cabcc026dee04d635966407238016749f27b81171dadd3175913633c763b5f868d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64595a06e302efb4f88976a4c2dfa0c1
SHA1 7a1125f6c72352539a560877bb6309bc0262414a
SHA256 3abe40102a37147836c7523fcdfb8b9c033e9e191cd05ddef2c89583ae56f150
SHA512 ff554e134b7ac3e4a73e593da464daa40ae0cce241c7a7e52de544853bae8b885da2ef789efb8f5e9c1924b61e128a75ecf421f395df6905207d495fc54e2cb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5cc1ae3160ee7298eb04c6af076fdeba
SHA1 dc44b31e3df32286dbf660c2e3ec4d33c7c7a1ed
SHA256 d78c17599c025c106b303edda3eb42adc5e9a3eea6894e2afa42a1b3b8d457fe
SHA512 4717875e43acca4644446fe01354abc5dc5827b5f4eebe00864b3ac6f806c56f6f3f02911b94f7e9d9a30f5f8526f1f64e1f7d2416bb0012aeb2c77bdcb8f0a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5441712eb8d54de670b65500ca161b55
SHA1 05cf5d1238a4a52f654a9acb30e8d1f68be65622
SHA256 d8109581a04ccf21e3a373ca537f353e5a220b71cefdad3a1ac9d5e144ce86a5
SHA512 d0e2e2c9ed2747daa3185c344ea0a9acfa8f9828d78c061b8a971eed1e2f1d835e6e99ecf73a23044f591c6d09d7b511c0caba972774b4cf65f2573094da37ad