socelars | 95405f49fbdcd011e42d383d8f25af072519c384fa83de4bc2ffdcd73ba731fc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-04-2024 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Size

1.4MB
MD5

e53d8b8f8aebcd44b5cc9226e42e9f27
SHA1

989daf2057ffd51cdb3ad6df01178bbdd7864839
SHA256

95405f49fbdcd011e42d383d8f25af072519c384fa83de4bc2ffdcd73ba731fc
SHA512

a6965e16389cf7f5a993947617fe0523e9d9ad5c9ec4928db569b1b9394995a9420772299bf934c19c7b549814a0766fd557d69b9d30bcd00c230a0c444396b3
SSDEEP

24576:3IVFA1pqtg/TnMbX0lwyh0FVmEByA1swFYyOsdwsuQOSIt21QRYfNowP:WFA1pvTMbOwa0TmUqMYEOFQOSIsQRYlB

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

Processes:

e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

14 iplogger.org
15 iplogger.org
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
14	iplogger.org
15	iplogger.org

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exexcopy.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

2004 taskkill.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4484 chrome.exe
4484 chrome.exe
2656 chrome.exe
2656 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4484 chrome.exe
4484 chrome.exe
4484 chrome.exe
4484 chrome.exe
4484 chrome.exe

pid	process
2004	taskkill.exe

pid	process
4484	chrome.exe
4484	chrome.exe
2656	chrome.exe
2656	chrome.exe

pid	process
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exetaskkill.exechrome.exe

description	pid	process
Token: SeCreateTokenPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeTcbPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeSecurityPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeSystemtimePrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeBackupPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeRestorePrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeShutdownPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeDebugPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeAuditPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeUndockPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeImpersonatePrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: 31	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: 32	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: 33	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: 34	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: 35	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
Token: SeDebugPrivilege	2004	taskkill.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid process

4484 chrome.exe
4484 chrome.exe

pid	process
4484	chrome.exe
4484	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.execmd.exechrome.exe

description	pid	process	target process
PID 1016 wrote to memory of 4904	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe	cmd.exe
PID 1016 wrote to memory of 4904	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe	cmd.exe
PID 1016 wrote to memory of 4904	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe	cmd.exe
PID 4904 wrote to memory of 2004	4904	cmd.exe	taskkill.exe
PID 4904 wrote to memory of 2004	4904	cmd.exe	taskkill.exe
PID 4904 wrote to memory of 2004	4904	cmd.exe	taskkill.exe
PID 1016 wrote to memory of 4876	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe	xcopy.exe
PID 1016 wrote to memory of 4876	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe	xcopy.exe
PID 1016 wrote to memory of 4876	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe	xcopy.exe
PID 1016 wrote to memory of 4484	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe	chrome.exe
PID 1016 wrote to memory of 4484	1016	e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe	chrome.exe
PID 4484 wrote to memory of 4944	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 4944	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 1060	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 4880	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 4880	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 2420	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 2420	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 2420	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 2420	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 2420	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 2420	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 2420	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 2420	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 2420	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 2420	4484	chrome.exe	chrome.exe
PID 4484 wrote to memory of 2420	4484	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e53d8b8f8aebcd44b5cc9226e42e9f27_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1016

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:4904

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2004

C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
2⤵
- Enumerates system info in registry
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffed3549758,0x7ffed3549768,0x7ffed3549778
3⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=368,i,4759872381064604806,12031318034879603304,131072 /prefetch:2
3⤵
PID:1060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=1956 --field-trial-handle=368,i,4759872381064604806,12031318034879603304,131072 /prefetch:8
3⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2244 --field-trial-handle=368,i,4759872381064604806,12031318034879603304,131072 /prefetch:8
3⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=368,i,4759872381064604806,12031318034879603304,131072 /prefetch:1
3⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=368,i,4759872381064604806,12031318034879603304,131072 /prefetch:1
3⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3456 --field-trial-handle=368,i,4759872381064604806,12031318034879603304,131072 /prefetch:1
3⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3576 --field-trial-handle=368,i,4759872381064604806,12031318034879603304,131072 /prefetch:1
3⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4892 --field-trial-handle=368,i,4759872381064604806,12031318034879603304,131072 /prefetch:1
3⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5436 --field-trial-handle=368,i,4759872381064604806,12031318034879603304,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2656

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js

Filesize
15KB

MD5
3a05d53e4596f59d0d73f4dbc1aba91b

SHA1
cf8b5d79b8b8746a838ff6aeb54ee32d75fa9727

SHA256
d02d5bc850e478e2c84e56a86c2bd9b1e03e838c55d8ac70cf838c668a4201e3

SHA512
a4f740970f10933634ff7de313ff36c339434e63ea2794814b9ae0f65f42733f58de21f2c6ee64e73aea04ef1a8d7600a054891c4c6becdee77cc392fe58c3f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js

Filesize
14KB

MD5
dd274022b4205b0da19d427b9ac176bf

SHA1
91ee7c40b55a1525438c2b1abe166d3cb862e5cb

SHA256
41e129bb90c2ac61da7dac92a908559448c6448ba698a450b6e7add9493739c6

SHA512
8ee074da689a7d90eca3c8242f7d16b0390b8c9b133d7bbdef77f8bf7f9a912e2d60b4a16f1c934f1bd38b380d6536c23b3a2f9939e31a8ef9f9c539573387b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json

Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
2737db11afa692843bfdf32a5cfd4d15

SHA1
3bc2d2a84ea04410f9a7a9aee3ed24df5346a35d

SHA256
ae2f49558ba2e7920b65a11b0f85330ea26491285afa052d95eb2c3eed078b93

SHA512
83fee1cb84f015ebecab5c0ece709d961a074491d2a613c8ce2c8a83338b82e6ada71d7451793d98ba157a3b6766259e2d5c3af69b9785b0824ad50f5999419e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
d98a862745da89fffa1a305d578048b9

SHA1
59c750081af110ad27f4a360bef4ef689b0fa519

SHA256
2d1a2162f435610d5e0dd4650a8e71211f1a25d879a94d11fc06c111c69a23ef

SHA512
d7885a29a75646721b631f736bab26191a0c79f7b32b1e2c7d1cc79507ba80a598d9bb9e967a10cb522d6f8c65c1a8eddfd96d75ccb0914947c09566c7642dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\4c56b927-49d2-4b62-818c-06b1f0008d79.tmp

Filesize
18KB

MD5
fc80ee9f51804b4b055c793ed49408c1

SHA1
329755dac1901f287c95dd7016af03a6189d8689

SHA256
7f16bb02062c53ee5a98a93fd43ba24b59cf9f6c0ea26e59acda28152324eaa0

SHA512
153b6b66292ebc97934fb1afb3a74ba5ad88356ccb39b1b20afa01c82f1aba91522790304ee0d43d271d7a2b7b5d9c0c6405737a2a2e2ff524042b8f27228011

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
b679f4d43fd3a83a8fcb311836fd67dd

SHA1
ccb9021a455988c1cc2b3336fe0a7d5496b40e73

SHA256
4e43dba4f5798f228d3514a8d5e8e5da592e066813503641335e481dd8028b72

SHA512
63b609dba743e2c92e2b6bf48720bb8580794511d53788a5bbf7d1d89d2f40e528f4d659a9f49d63167b86566eb2c3d2086a742ae1beb15aa136079451eb675b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
7991abcacf66d2fef510dc9fabf323a9

SHA1
89de2cc99aa8b976fd7d5dac9bb5f9f663b91570

SHA256
7117eb595463a3df30eee75ef75d76f8b319c8a25a059fd0588f5e5e11333664

SHA512
702e0e2e073304198b8d1e9d6a447674d7709a9f7c02fc9781ca93d83be3054608c3e832fe19f7fc0880a9c0937f1a63091436ecc9f0728e410bfcd3f287b817

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
f1242b06de602bf6e771f21a255e5a91

SHA1
245fb5972ff225dbc7cccf1735d73368a158c1e0

SHA256
170823ea896d26a74c4a67cbdd8d3ab4579eaf1784f3708941fbd309f1854c1d

SHA512
211808503315919a71dbe95d32f4b488d7e0fa16066a185531381fbdd33e59218c8b2b2b030bb55c8699421e17133a964fc1edbc3a42dc693f4ffa67d70517e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000007

Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008

Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000009

Filesize
49KB

MD5
55abcc758ea44e30cc6bf29a8e961169

SHA1
3b3717aeebb58d07f553c1813635eadb11fda264

SHA256
dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6

SHA512
12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000a

Filesize
46KB

MD5
beafc7738da2d4d503d2b7bdb5b5ee9b

SHA1
a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0

SHA256
bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4

SHA512
a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000b

Filesize
46KB

MD5
621714e5257f6d356c5926b13b8c2018

SHA1
95fbe9dcf1ae01e969d3178e2efd6df377f5f455

SHA256
b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800

SHA512
b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
61a54335bd34b6d93b8fd2f47e866537

SHA1
d035f5dd8a4699fb02c4e1673c91ac812e052a05

SHA256
d9f62d71da16bff7b8dbc531367677a218c90f6129edf99433a5db593fa5a734

SHA512
bf4d927c50d10498634fa955bf89de4f26e14b08310f18fd021d451d0b2560cfc3c0e562b7d72106196c51064998ea770ee95eee1a4c270f05ec36a482ab6c00

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
388bf1f5d3f33467aa0723e5ea08610f

SHA1
6f88ed2a66d8f8437baad77b20bed63aaff55fdf

SHA256
fd17bf7e85b431ce570675032163a29518010648271c6b5a4d2f9a1f4e9d1f65

SHA512
ab66155365953058d394ebb1160765b69525fe9131df72a1bc58a6c48b4aa181d203bb84bbfc64b5efc694606190084f3e889b619b32d45bddb92789337a9bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
5e3eca7b843063e3fdf6881995cd2c46

SHA1
8edc7ad0211653064ef4a526168627e8af457326

SHA256
b03764fefd78a388bf69697505dbabbf79813d07c66d96e9aa0755bb4dd3f787

SHA512
9518be7ff9aa847355d7c1e135fb07351c35a0b199ce9577f402ef92294c29f8d3bbf51bf6b9805accee22532a4e60b1af600244a24b580c9e81f8f5dc64cfd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
fc9eb0694c75ef3ebc53ef3a5cd8af32

SHA1
634f73dd57e3e5ce5d2dad8cbe2e35444d22896c

SHA256
3757c021042364b0c59f4a682f4f4bee445cf9e1ac11ecfda1569730ec46eb00

SHA512
5fe9d0fe1a11f6aaeb4e988106921f5195a67a0313f5e284eb1124d08dec8c6020f751e2a708f131265382d8acb335aa109368257f9fe325d7df830db8d27601

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\computed_hashes.json

Filesize
3KB

MD5
02c8ed2627b526edc7d74eda75b9a924

SHA1
2984ed94ccacb55d86da2e38dbc3b6b7b3ae9a25

SHA256
c4d3d374611fdb6e970a2019cde28482f8b92230941cbca6ebf7699815c152a6

SHA512
16197b17c6e244c11d1804abc5a739eca5ec05858c9784f919acd634d72b8da2d4ba12b2e68f04145c5fb6d39bdfc187b9a5bc49c60a11435163445a04ba3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\verified_contents.json

Filesize
18KB

MD5
2f0dde11ea5a53f11a1d604363dca243

SHA1
8eef7eb2f4aa207c06bcdd315342160ebacf64e8

SHA256
5a2940c7c5adba1de5e245dbff296d8abc78b078db04988815570ce53e553b1d

SHA512
f20305a42c93bcde345ba623fef8777815c8289fe49b3ec5e0f6cf97ee0d5b824687674d05827d6c846ee899da0d742407670db22ff0d70ebee5a481ab4a0ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
ba0297be38494f177de8c0fee6b310b6

SHA1
b9db7d491233100d1f6f7065ff8691e6cc475e4c

SHA256
c2367ff31e81bd2bb01f06fda35825789ba020f60a5bcb88910f152fff902161

SHA512
bde2ac1223101e335a841862bf0218ef537c2bcd5c1f1967dac191a0df125a6f1ebcbf34229afc4b7718e262bafe6dcc8fab89954a63b280297445b1334b857a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
ce2b6e6fdcebd5744c5e8fccfce248af

SHA1
b7dfb5df9c7a3d85579556182e7dbee29cb493bc

SHA256
be508b8ac1b10120830da959da64c45850b270fd301b32afbe61915182ea46f5

SHA512
dd5e0deb712064c509783d76c470265e407f0f3c2c4eb318a9a18de7bef4fc5f765cbef975cc6ecd27c9479eb49883f510d102f0399572e5c15c8dbc1667dc10

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
295b9a19a98c9a03ddd43c1460af622d

SHA1
67436ff030343e636253aabf8f7a8dfa59345cd0

SHA256
aedd4ab5e030527bf3429fc5cef75fcc52423962ce3d0b59e8340ac89a952af4

SHA512
657be4f0bd023a34ae3d635fa2f06cd9cc198f22c13a5955b0518d9a53a13ab34b4224e134d9b4b50c61598622dae418d87e8dedf214e130f9fc35209ff73397

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
64e830e3a046fcc359a533bab2f5af09

SHA1
9045aeb4d9f0de5d77a7bfb2522a4ed4f393088c

SHA256
dcd7768fe116203f4f5c6351ec4e849218eee7a2eefea1244c1904d19d1747d9

SHA512
a57b2b2007b4cd9670e8643c22de1ebf0b13adb435ef00d5b79a2fb0ec2433d5379e28a2357de054cbdbd6c06fa7ba11edd02cfecb048df271dfd3f3b070a365

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
3760720e7cc6b7310347b94cf22aa1fd

SHA1
2ff5ae0f1f655176c0bebafd47f7ecf91cb72b8b

SHA256
f882757d5e2fe13f51e07eb7dbdbe078fbe48652e7438d4f3f02231f17108e8f

SHA512
c4a5c3f9749ec93b978df82840be1ae11f370346984951483f905d29009fec8ba4103346851f4a82e890117bd68b3e41c7e5b4fb50fed3f1f3139f3e9a7f1162

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
d7479af4465242dae8650376720807f0

SHA1
d4ab55a3ec88f72352972b369d32fa8fa040bbcc

SHA256
28d160b03284da464cc765ff91d90b178fa23f57d8c8b60af59775a2548e32e5

SHA512
96b01d238c10c12e008802942c9ea2828e330c9ef09ac07c0acae24a2880f59451c991295338a2d6e895ee3944ad7d8466843b3095e3a9be0bb58c752f77a408

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
371B

MD5
8c4c19bf11eca4af2cdaf9fb7966ad56

SHA1
7fd13d96b921c9ac962ddf8efb4bc83cbaece6c4

SHA256
650167609c656f0127fcf870a084d7d84fb234d9b203312f597ecdd1faeb1ade

SHA512
0c8cb0b90c3b2ac57cbd1c89eb09f16de07cf5da74988b3932af93266c446f7e030c021db7264365eed4f2c919bc582612c95223c820686dfe27508b03bbaf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
cfc06d08250c747e3850301e74cf828e

SHA1
e8ecdd33bb293bee2ae255c682af6157eacb03e5

SHA256
3963d42daa82512230fde490c84ed3554e014280ee35581c29f02cc8289361fb

SHA512
0b8db810b472f40324f4c1bc79b5ecc7006ed0a563de41caa79f101abd47415bafed0938feeadb36217543ca947a587e2f4c7bacc9013b39851121e3019eef6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
13c2b8603d82944275c1bc39c31f3e29

SHA1
d9225783ba3188a9a1c889ac002efab12ed0c7f4

SHA256
c194e218a68376a1153d00169e53effe9ea47f5969ee4d78def89bdb61e3a9cd

SHA512
d3e2c685fde812b1a082943bc1b5fad21cae0c79e560b74cee31bbf9398aaa8d995cdbaa4acb7860d5bf21f66bd4348cf4f6926ff46b8a489b82713a4e969166

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
a98b57251cce401fbb0a793170916b3f

SHA1
68dc97ccd16acc755e08a68e363146cba8ea7046

SHA256
35416959e551d9595309b35f7fbbc6b95187c060459a5a5b9ff08e5bb1a5efed

SHA512
d4a291614eb8517e3d0559cd0f1e9ca57a54d757a0a381a528c3e7b3f135ca1c839182cfde9f5b719a6b95505a804ba3027a698510e148069f79c14106980187

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
f93e640d5516957b6dc45abcaffc4332

SHA1
f895e8d6578366088aa736849d368b0da394ce22

SHA256
1d934843ade152af96a07e2c6367cfc0f672a87e5c72f27a461405c786de5ea6

SHA512
cd0f5ff45e0af480ed5d170aab0be3cb938baf058fe8c9a2b3e5d7cdd3fbfc780025fb622e1871b05a098f6f16bef1c466802c5196f5a8e1e5447b421024934e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
9723e38da6760cb798fac19162494b55

SHA1
863571bf26b3782430375475ded71fdffb0c8e56

SHA256
f659f2e216d51322817229be3f3e38681f7f094390f99352e678da0318781558

SHA512
e5e28ed5c2e510430d1c4a3ce1517bc36ed18ba461c148d2ddea87e1aa6edf254483c15c6d6f1dc66067b2589d6b2121daaec6d9dbc69548c429c764a02cf5e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
307B

MD5
7e458d4b3fb040c1cb8b8d276a25cf09

SHA1
bac138df524ae7ff3fa8f8cc8a6828368447d8d2

SHA256
9b1135cf207df285e440507cc7fc7138d9e69cc5b862bc8da0e64c0bf4acede5

SHA512
9db26674d4751b4acac6d14f2cd0a3e6e529bb7758120b6fabde31f770a339be78fe929d23c9621062d763b8c319b87c04d71427351b30d7a0c9e4c23090ff57

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
89049e2037f0c5ae662955169833b5a0

SHA1
6b53bf57d9dc3a590d1230d1bb7370fee5f5b9ea

SHA256
4c11685b49d2af0b5629737d0cc139d6b2d5780354ab89b7708429cf8f09155b

SHA512
70bf56d0213534bfed084e0b3a2a0c5b8bc0f0c69d79e1316acfcea2b171611ee3e80319d51570a910fa8325f59f5ffb3ce28e5b04a48f378ba29e5267ea1a43

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Filesize
256KB

MD5
5ae04a075776f4977ee509c38d36072b

SHA1
37679200cac6dc2524b28c0f4cfce887b5876d5d

SHA256
256a92699f2545bafd10e1e5e91725e75cff66f4c0f30cd3eaea0bf936ba215f

SHA512
44a0c1df8d9194b7b2baf67de386fd07e384fbd67a6919425adaef2e63e4282a40873500797e6ade4cd433f9e4bc34a0d37a8128c6a5ed874722096e484448ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
429068e6025cf20b9a3900871d74700d

SHA1
d429e013c873e7d84ae09fd522fd6d36603fd03d

SHA256
6083ac7732796ea2e0544886adb701203dc67ef3c03410054e5802fc4ef67be8

SHA512
ae4f63010ffc6f63ce8c37a3bb84ff2afe6430d34095d59820a39c17e2a88c5fc4ead47b5427629174490bd769755c78540cb3da56047ff78a8aa09c439af9f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
1313d95fa5a52da059b088e7aadfde72

SHA1
492693cd92f5f71e488d18c10efa5e98e8918c6f

SHA256
3519dff125a782eff6377751bb5c0ce937f5484fc86b8e22dfb284d16caa380e

SHA512
65e3d32029ab9977a945ab5dc30717bbc44c14b34c1181318442a3d6db5272d8f24c39582247e4feb76e84ec76ac7aaa62e51074cf1886f014fa80a67f5749aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
281B

MD5
795ced0052ef23311a8248c746230891

SHA1
738c5e09dc02414382d045e43a0c3f74de1f66ac

SHA256
fe8caa3dcf1147f9f00229116d4c3a98bbc8ed28d2dcd8307f42b5abb8b3eef4

SHA512
e407cdd37060cc3f658353e83451cc2cfa350bf96c07ade6598c0a8e2374b0073f767af5c7084e6c2ccd511eed0bed8b9b3e4caf450d68fc0c27ba06dff459ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Top Sites

Filesize
20KB

MD5
f827a28f6100a85bd8217d338ccca5a4

SHA1
2a180393edd7109c3ab03db4e6edf07ddd9672eb

SHA256
82ee998a4908774d5f55d1d65c897abb5c36458bafada8dc945a09c6b9f21429

SHA512
77fc5289c9d5f954e789f2c0b908a39e8e988201b0ff89efc1002d2d5d7808a8e60e9332be4b9838490d48e4a4385d8cd9b3b18c8716ceb9d6f2117cb2e53d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault

Filesize
33B

MD5
7b53a31cb8a00ed719d9a091198c40dd

SHA1
3af64265d973d57e7092e97a92da263d504aede0

SHA256
8f8cc26bba97de70aeba90e052ef57d0c232ad32b9588d57073fe151080d39ef

SHA512
af267fe4ddcc6b1f9fdced3634a3c1fadd700b0eb0eed84ccabb4c483071aaf670272a43ad8a7812f40800cb815b007b3d93511e4d9d902ae1fcd9ea07919808

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
06e5a257af3468d24d5d332c4fb03ea5

SHA1
2f438bc16c9a1d2ee720074fac96459508341ea5

SHA256
b15477591653512454c669050e6f3f8cc69ddf36bfa3199234647a738ecb0e3d

SHA512
e8849ff80afbda864ffb6a661557d3894ef95c92ead697e9565a426ec716a0ad84f98e67dfbda154f8dd5bc6b084889ae40004443af22fe61d44e8219982e47a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
92KB

MD5
8dd2f8cec583412974b6b5673303b60c

SHA1
54814e5b8a92746836b3ed7010b1113cb9ed3edd

SHA256
be219751e702f0f66a289e86c706a3503170dbba121ffb3517bff25006d8f8a1

SHA512
b8bcf923163d5a855163778dc7027bb2cb625883d34badd40231c6e03dda4992ac851cad72c956c758887446faa0664a0bf9410731d1aabd0b89c9f9b0fa3899

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
128KB

MD5
52eb1229f896f5658e43362469bbce5d

SHA1
fc3648040aa2311c9e5e800062365df8d7277cf9

SHA256
c33292b35d448056a2ad7806f3f2b68d183e1244fc676e531d214cbaae4de0fd

SHA512
9b9ca85c9f3cace3311ac80176947346311c772e38b300b01f1abc660926b0a2924a2c2d4a9ad62ee97c764db79ddbfec8589df1d5260b15c842873c5994d419

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
260KB

MD5
1d1374f3e93161923892a56dbb9b86d3

SHA1
49b3f8729581cc792edfdefc622b8c462ab9aef6

SHA256
009233b77317028dffd96eb0ff44132da141d6d67f029011feaa4769b4be2b26

SHA512
ca6f4b3cd940825e32906cd3c3af35548732c50cc0a69f466553424736144f29ee6a82be5d20209017f7f9b9ca633e1e696546323c4769f19e12498f84ac5c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
f5a866ada4b3866398f90e1e1088fe20

SHA1
4595f8910050b6d05e94c57d31e007ca2218d03b

SHA256
82aef2cef3b1b4e74e7ddbd420f3e7927015844969624b40f04517a406a3a0b3

SHA512
0f0ba6762c23ad59e420875a101349181261048c28b7eb606df9668c4738f3246e0b35786a353072fe16f9239b892b6dcc08684d89967c26dda33e2877dde3b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
\??\pipe\crashpad_4484_MPVTACAZUWDQEEOJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit