socelars | 0438d9333fdb810b6ca113c17017f0051077c542bab7d34646be272f575cc5b7

Analysis

max time kernel
157s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2024 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Size

1.4MB
MD5

ef07bdb06bb72802df7cc3e7ebb13014
SHA1

efcb922f43033ea3166fc1fde3d842799faf5552
SHA256

0438d9333fdb810b6ca113c17017f0051077c542bab7d34646be272f575cc5b7
SHA512

bca9a1759192f83639a606bdd051890eb91bf75206e661a5b380d3f265dc1483c538955e26862ba874da6ae9d394e93490c5de2967ac9f84c42f1b1328bd3c67
SSDEEP

24576:eTj7ope1XnPzDuPxy3nyjmaRNKMZFHhrFCKezhDgWFdSiA993qz7ea:G7opuPXuM3nomCNnBhCnRdFdSi093qXN

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

Processes:

ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

19 iplogger.org
20 iplogger.org
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
19	iplogger.org
20	iplogger.org

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

xcopy.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

3136 taskkill.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

420 chrome.exe
420 chrome.exe
4648 chrome.exe
4648 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

420 chrome.exe
420 chrome.exe
420 chrome.exe
420 chrome.exe
420 chrome.exe

pid	process
3136	taskkill.exe

pid	process
420	chrome.exe
420	chrome.exe
4648	chrome.exe
4648	chrome.exe

pid	process
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exetaskkill.exechrome.exe

description	pid	process
Token: SeCreateTokenPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeTcbPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeSecurityPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeSystemtimePrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeBackupPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeRestorePrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeShutdownPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeDebugPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeAuditPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeUndockPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeImpersonatePrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: 31	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: 32	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: 33	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: 34	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: 35	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
Token: SeDebugPrivilege	3136	taskkill.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid process

420 chrome.exe
420 chrome.exe

pid	process
420	chrome.exe
420	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.execmd.exechrome.exe

description	pid	process	target process
PID 1372 wrote to memory of 4932	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe	cmd.exe
PID 1372 wrote to memory of 4932	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe	cmd.exe
PID 1372 wrote to memory of 4932	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe	cmd.exe
PID 4932 wrote to memory of 3136	4932	cmd.exe	taskkill.exe
PID 4932 wrote to memory of 3136	4932	cmd.exe	taskkill.exe
PID 4932 wrote to memory of 3136	4932	cmd.exe	taskkill.exe
PID 1372 wrote to memory of 1188	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe	xcopy.exe
PID 1372 wrote to memory of 1188	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe	xcopy.exe
PID 1372 wrote to memory of 1188	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe	xcopy.exe
PID 1372 wrote to memory of 420	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe	chrome.exe
PID 1372 wrote to memory of 420	1372	ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe	chrome.exe
PID 420 wrote to memory of 4284	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4284	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1532	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4932	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4932	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 2832	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 2832	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 2832	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 2832	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 2832	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 2832	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 2832	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 2832	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 2832	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 2832	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 2832	420	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ef07bdb06bb72802df7cc3e7ebb13014_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1372

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:4932

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3136

C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
2⤵
- Enumerates system info in registry
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb1dcb9758,0x7ffb1dcb9768,0x7ffb1dcb9778
3⤵
PID:4284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1892,i,9600110818532160082,14473323506366758969,131072 /prefetch:2
3⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2132 --field-trial-handle=1892,i,9600110818532160082,14473323506366758969,131072 /prefetch:8
3⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2252 --field-trial-handle=1892,i,9600110818532160082,14473323506366758969,131072 /prefetch:8
3⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1892,i,9600110818532160082,14473323506366758969,131072 /prefetch:1
3⤵
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1892,i,9600110818532160082,14473323506366758969,131072 /prefetch:1
3⤵
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3376 --field-trial-handle=1892,i,9600110818532160082,14473323506366758969,131072 /prefetch:1
3⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3384 --field-trial-handle=1892,i,9600110818532160082,14473323506366758969,131072 /prefetch:1
3⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4912 --field-trial-handle=1892,i,9600110818532160082,14473323506366758969,131072 /prefetch:1
3⤵
PID:1112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2756 --field-trial-handle=1892,i,9600110818532160082,14473323506366758969,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4648

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2968

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html
Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png
Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js
Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js
Filesize
19KB

MD5
a26769c5473b348871eeaf45fb53b0b6

SHA1
7fad68d39412aca1d841418e54925184ec86b2ba

SHA256
5192d63dd8da82f9a32545bd554e868ea9f526d76869469752a7591624641c3b

SHA512
e42f9e99c763270ec7932bf2b58634848fb3d6a7a9076cc5f205a23edf29cff8514ff76764df0b874a7159008af755bef332ab1b9f4e95c3d3e5a1ad5c86d1fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js
Filesize
19KB

MD5
28da0f1e6b11d5130baeb58ec57ebd05

SHA1
7b15ef65e44ac17d7489e096cf05e525cd88c645

SHA256
a0e6bb70b21d5d8ae18d0a29ad0273843aaeaae3d797cd70833ea8c1aeb704f0

SHA512
8633092f66e3458af09b5cec9386499f00018df403e2e35ff7acbbb7074d611ef53d7d17ac32bc4784fe2be12a0ccddf7a4a6dc903c94b816cfee64dfd0f5200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js
Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js
Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js
Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json
Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
18KB

MD5
147ac453093b8b6421c589e44f2ed32a

SHA1
515871254637c53bbc0f8c337947f7c02f88b5eb

SHA256
d112d7e4840b5d648d2af2c5ca25c3cc9f88d05c088d220c877ac15b49616277

SHA512
f5836e6a510aec72fafa20d1ba9a36b465ba22a086db002da33f506dc931d31fb77d7eef856f6cf945cfb2279d0ed792d0bd7acfed10ef24e4a2972e11b0af59

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma
Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat
Filesize
40B

MD5
b62bed683333c7edb7d5b79c0fbf60a8

SHA1
3b4e051242caf8004a764eacd9c858dc50800a71

SHA256
f432b78c2fc0866a3535b5665f40f99cbc16f7f5281806d9c341ed746b44065a

SHA512
037c581bc43bec68e622d5c82feec9594debc5cc10b6d7e3eb4c5a68a97b2b4533782a14355402d894b0d8fe9c840eb33ef786b7549cec0b30c265f29a9af9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database
Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
1f42c33b73064406d8cb5b2923f4eb72

SHA1
f379c4c6573590c64222393bfb07c2fdd7d2d330

SHA256
a007f55b0da8805395b5afb5e760e8de50ad3e481b26c5434ee1ba5db6ec14d2

SHA512
84147e1682c42044e5f23e150c2c53ad377a57c5ab4f5be874b41b80d9b4d8c62185f29cf7769da35b658c95afbf4df33ee523c017d5c4b46526125b426a359b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
b1c1769ab84b357f3d115206542878c2

SHA1
c8ff119a78f4926dd6cab700f6b3f8462ef2f018

SHA256
1dce719cf98dc495b0a5b0f2267ac8aef29db71d70a7837b281f0bb90f628969

SHA512
961d9c737df1458421494683b53482335960104d590d32554d789cec0f774c59622801b866bdeb23cfbc0ea476b01dfea7387313691111cd6db236c6feb7cd5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
1ee54f98657a71887e4ef888f33cd416

SHA1
082298ec3867bd6142a86be14e35febbb2eb73fe

SHA256
60a5ca9183ff4aad60c34eee6ffab20644f386e33d9288c502c5f405f1cfdd13

SHA512
39af19f3c0204c167e80a542ece6e8b504b4ed6bd2f575017759a5f4fb258f5d001103d480167177a98846b2e152ed65fa897f6e9f4fa7c35c607b236c0342e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003
Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004
Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000007
Filesize
55KB

MD5
bea13e54256877c9ac0974ce263cdbf4

SHA1
a730c88d83d5639dc5b1fe165650adb731960490

SHA256
979e371cefb031ccf9513e87e10a92b5d4e55ae1ec4513147689b5fa96fb4791

SHA512
3354337aeee47ca9928f4faf0aab9976889d22a32a430c0b8bc1076bc4bad097aa4c1c9ca9753b9ca55c7a5130e6cab930ba16c10b9317d42268d205644470e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008
Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000009
Filesize
49KB

MD5
55abcc758ea44e30cc6bf29a8e961169

SHA1
3b3717aeebb58d07f553c1813635eadb11fda264

SHA256
dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6

SHA512
12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000a
Filesize
46KB

MD5
beafc7738da2d4d503d2b7bdb5b5ee9b

SHA1
a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0

SHA256
bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4

SHA512
a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000b
Filesize
46KB

MD5
621714e5257f6d356c5926b13b8c2018

SHA1
95fbe9dcf1ae01e969d3178e2efd6df377f5f455

SHA256
b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800

SHA512
b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000c
Filesize
37KB

MD5
01ef159c14690afd71c42942a75d5b2d

SHA1
a38b58196f3e8c111065deb17420a06b8ff8e70f

SHA256
118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b

SHA512
12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index
Filesize
512KB

MD5
02399e3584a7bd281b6fab18248345c9

SHA1
e9df42b0c4d358dbd437018fa82db7135d4656d6

SHA256
3c77af5f0d48018a262cadf33962ede2cc49420878bfadb339b57049f9dd6b84

SHA512
d340b511bf8119186126ee6bf8769386963e4a73f88efc1595a2be0fa1eea4eb5b313cd7e08e35e1f1309965aaf636927abfd2152f64442ae40041d41cb531c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
840B

MD5
d455ad413936b0611f0f56b6a02e40bf

SHA1
33dfc7b9ccb523dba951b8a157326993b875fdf9

SHA256
442e5056dbad9548bd45057ae5468edbdb51eda63f9ce68cb302818d2829c29d

SHA512
679928a259bd66bdb87539e7acbd94282567a168db1d250ec3f0747df0c4f86bbaf4df1559aab90e293278a1906d21f5b68b1003e7cd3e9972af3c282df4e3ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe580887.TMP
Filesize
48B

MD5
568bffea4052d6c422696aaf3083bdac

SHA1
eb6ac537803f20bfed9ae24fabfab8a8921a5e96

SHA256
321cad973d47cabf9d169a0e48e719c1350f3fac1fd1da288377b1237ff60bd1

SHA512
95e4eb0a65d69926e048336dee0b5d749418b56880e7c604457d11b62d203b3975364e5b97aa18a0290bb9bafe76bc1d128cfbaafe8dcc2e6c63a2b49e744cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
0fa688f8a4f29ca05a91f80146ef8c93

SHA1
fad6375e28a7cdda8901f6d63da1806b8837dcb5

SHA256
99212fe133c36d8cbe3cdf8db98a6e022266f3f5dfb52b2aa6f6a5781e299bde

SHA512
9461420729c5b3a6202d057a64067034d514c120ab64062358cb607d3970bf09692865d2d5b85eba1a1d94f4d319cf7d4e832af45604815da0dd801c7e2dda92

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json
Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\computed_hashes.json
Filesize
3KB

MD5
02c8ed2627b526edc7d74eda75b9a924

SHA1
2984ed94ccacb55d86da2e38dbc3b6b7b3ae9a25

SHA256
c4d3d374611fdb6e970a2019cde28482f8b92230941cbca6ebf7699815c152a6

SHA512
16197b17c6e244c11d1804abc5a739eca5ec05858c9784f919acd634d72b8da2d4ba12b2e68f04145c5fb6d39bdfc187b9a5bc49c60a11435163445a04ba3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\verified_contents.json
Filesize
18KB

MD5
2f0dde11ea5a53f11a1d604363dca243

SHA1
8eef7eb2f4aa207c06bcdd315342160ebacf64e8

SHA256
5a2940c7c5adba1de5e245dbff296d8abc78b078db04988815570ce53e553b1d

SHA512
f20305a42c93bcde345ba623fef8777815c8289fe49b3ec5e0f6cf97ee0d5b824687674d05827d6c846ee899da0d742407670db22ff0d70ebee5a481ab4a0ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json
Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json
Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons
Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index
Filesize
256KB

MD5
fda2e9485ec671395db16cbb330071e7

SHA1
b4af763575a5f3f9ea0ed0c17240e66cd79370a1

SHA256
bf7f50b662d1929a2ee28d79805fb5de3bce49ded6e11ef2f6518e6650d04265

SHA512
c4e5c1caf1c04dab533f5888ef625814ea2df1754af06f806569a1fe159c64cc9f813fffe62ca0a9a821b7fe5409d29e0f1cadc11e846f0ac61a352a209e0641

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index
Filesize
256KB

MD5
3c87616385a39fede823f8f5c41d88cd

SHA1
fa0383809a5509268924579a747c71a49461e08a

SHA256
654f8681a90c1e96d0e5795515cef7cd820e2eb400191cffd4d077116262ce44

SHA512
b2a14e00ac44b03ff32f05a6b116bd1142ea2ca9d897974b163dc0d981d8ae3a73b6f8a27ef55184b2a99c2a10bebf5f70a97bdcf2b6ff3d65456d7a139ecdfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History
Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\1174b55d-e9c5-4eb1-bc15-676a56b86968.tmp
Filesize
874B

MD5
8ecfadabe6b3007449cc429df99e127c

SHA1
435f1496b0d777eab7cb0776cb0be39389e70df6

SHA256
ebe95517f34eb5248617b00cac91d594155c68d2f1aa7a4183d6535fbb5ce84b

SHA512
acba325cf7f1fb5b358a576b654ee83c9652b5c5dc3abea5e06e371be986183e1bbae22148712210c47279a4d13bc9574795e5fa8ffeffb0c94a9700f381e4a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\9650817b-8f5a-4317-9f6e-2ea905043526.tmp
Filesize
1KB

MD5
b5a4c8faf39fb0fa0ac0240e24c57eff

SHA1
1cb9a5a15da12a921629a4f17d4389d97899bbea

SHA256
1a41874c0d94d9c8b7ab6f5eaf6a43e2334aa974aba06ba9c57d1bc24b8a4c5e

SHA512
52dc5232eea40305c0d04e9f9678ecc0ed9bfeed7af3b84d19393831e0edcfbe44ca19d8c0be0edd00acfdfca424934e38e76a0fde2352080d432ff371836b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
1KB

MD5
a4213d7d36c28b048c3ba5d1e72a079a

SHA1
1e0db7948daa7e5581ac8134799268a55a200794

SHA256
e4979bdb4a263b819786d3616c627126de85700304178ce13f62348d231c19ec

SHA512
96927a5acf9013583635e6e0ff8b57e710759d41327d8be8e3959c5d3c1db5966da41500ddbe97b45b32109fa16ca4af75529849a4cbc407f08bc9f9f2fcb9ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL
Filesize
36KB

MD5
d708ccc8b40740de64e3c0df52f28e8c

SHA1
128e9bf641c059cca443e0a2477662aff93f7948

SHA256
e82c674e7d4b89efc388e663968d2939deaa4350ee8fdd888c91d71822e0b854

SHA512
306922ffe1162543b49c311a18308be1f7713ea3723886174b91957efe085540ec87e040acb9aabe585e1e02fcc48c524a4c7e8b868d1ab043b15aabe7872a28

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
874B

MD5
751c1c03ecc63eec7d65ed06462fa088

SHA1
7df44989c2102855f735893c2d26f65f9e56a345

SHA256
efbc155b09bfe562301e4f3b5e439d306f3c41b1c35d65e281d35f227f4c9d78

SHA512
85aabb105934bc5b9e4bc47580dd9eecb6faeabb89ac32b64f6b314713c9472ce924d391ee4f9ea07fa366dc4c6a6d9fd457a3ef0128a5c75a7e1167e392ce9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
371B

MD5
a78140d19c10f59dac1164a3f3ab828e

SHA1
8a3cb1fd18fd918415879b0da3e3be1befca2606

SHA256
175eeed16f95c515976dbe4a5d7514498ee5f67ec0b08156418f66179030b820

SHA512
b0fb5373cad8c3fa5a7322eaae5a03f5127c19d7304b5bc7f4fba2cb562b4445925269ff6ce767b5fed48f31bd32680f987a9a78b982bacad5aad16056436861

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
874B

MD5
dd285399e26b4a1058e1b01897b80a1d

SHA1
6fc9e10fef84543fefbc8e681e523a364c749463

SHA256
8249a9946f90505faa801d9a7e62af7793c721ad30e5c44d40a23aa09d08235c

SHA512
b290ffbcdd2897fc8e1839cfae56d2ba7de454eaa0be3facc281f322ca3a80f048524878b87c87288bffde51d088b7365a54ecdf3346632628a352939681cbc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences
Filesize
6KB

MD5
c925bd2d596b617ac50973b227f9fb7f

SHA1
bcee19caa5f8e68f5d0b24594319acb756dea2fd

SHA256
eabc71fdee4445c246c16c21bea808137ee9b1a557f305a56de3c29678ae1f7b

SHA512
ff0a40d439da2cf733c2939ff44feac3c217aee3547333c4bf6abd246743a283d43fbcddf3ceec1277f728757c065ec9bf09ce7b4a4b693d6dca4a0efc663ded

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences
Filesize
6KB

MD5
e46fd65bae6cbc5471eb93d915adc697

SHA1
27a47a3992aebf2bb7f7b8c73d731967563cf1d4

SHA256
1b286b9f02699bb835fa27598e7248b8165ad8bd9d34f30fd32db2c703fc71ce

SHA512
83479b1a0b5e1342b07018f5823aba0ade9a90292c2b4e11a0746a326fa0b789e59f117f984f7f63cd33c4c7da3a221d670e9c6eb134a38e321672b6f61bd0c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies
Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log
Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
b414b5e6f313efb41482f6043b3bb740

SHA1
84d602dff0a7e2fccf333d97a10ec0554bcfd298

SHA256
a3b6aec5a78f5eda109f24839fd6e30430702d7b5954aab74477693ae7d90dc6

SHA512
4e4877ad1825a420bcb3cbd03713cb1d783540eff268f4a142f72e6ea71629bb8329b9e5ce8bb3eacbdaf8e4f74871dada55a4c911121aeb93fdcc3792970522

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old
Filesize
305B

MD5
1532bc57104dbaabdbb3716798b36dd9

SHA1
a04c73557c2c6b4df721297f241a020927aa9700

SHA256
55cdaa2c4eb7c6eb04951ce5dd5dede703497278b1a00e66dc984ce88d85c602

SHA512
5bdd18f7b35cd287b6674cc46876676f6567adeb3ba9333e644b04931914d9167cca03e9b10ab2fe2b0191c74681b6a871a6240d46ef42447f3e1042dd69074a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log
Filesize
6KB

MD5
aa8c53d680caeecf693259d6d9ea513d

SHA1
6c9f52dfee12e3d6e8a8af29dedbd74df73fa4a0

SHA256
d5105d2ce44334659f91df98fa0a6029bcdc7ae06e4356e37f5b24a1c001bc23

SHA512
2c7b2336dcfdc3d961c62aae1b535b69b094622c1e3ad4b494c13ad35b59fd07e9b7c192ee3c5df0ae6cd4c2a63c6e5e5cc2101975efcabbe17d9d4206893f16

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG
Filesize
321B

MD5
157c223985b82a79e3690bb8c98f14c8

SHA1
740abf67710933c3274843922240471cb5c54f3b

SHA256
79f1b0e1e36867164696ce818848bb57f0cc2d0fedd2647278c3b18f2a6f873b

SHA512
46cf13f34453e89009c9686b47fea50cf3df10fbba363ebb7db394c809ae249b204b74b5e57ad98c8e376264860f6e5e3d758628c2d4033bafcc9a8bfc1a6468

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old
Filesize
281B

MD5
bd23d0db35f2683d05c74c2f6035d4da

SHA1
269c31e6c51f0e5c581480ba3dedb5fe9fdaa90b

SHA256
beeb210b24007bce39136bb500820ac490b75acc1d5ab1f1924a60d6e80f1d06

SHA512
f708ac96e6274860003f87a58aae78df8b84996d390add616ee9bcfdc6c8051ec4a9ea77b7bf2f6237fbec525252e648ee6e0bed5ddac2895359d840d1754125

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Top Sites
Filesize
20KB

MD5
f827a28f6100a85bd8217d338ccca5a4

SHA1
2a180393edd7109c3ab03db4e6edf07ddd9672eb

SHA256
82ee998a4908774d5f55d1d65c897abb5c36458bafada8dc945a09c6b9f21429

SHA512
77fc5289c9d5f954e789f2c0b908a39e8e988201b0ff89efc1002d2d5d7808a8e60e9332be4b9838490d48e4a4385d8cd9b3b18c8716ceb9d6f2117cb2e53d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault
Filesize
33B

MD5
abdd5043fd7a58e5135c70e568420939

SHA1
2a2ebc8e475c86aaffe87d56054a3e98e321b063

SHA256
0c54944daf7ac558a679ad717ba2424ac034ced9357d457c142e4d3e63449689

SHA512
6e2992c0efe219315d578bc573f0d040dd8b1a521b0fd3cb1b6a9e67640ac57b3c61f66f265e1e847adeccddc3f1e2976ecfce1b638b7e250bffa01efed577d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links
Filesize
128KB

MD5
c9e3d28fa4cea3c6c3b54cac7c2664db

SHA1
5a3e82cb45d66999aae86d510776a9a11b2d74c2

SHA256
cfd19c00d0be8c14b8e928d60b66e03661d15d8f4dabae0e26d654b1dad2201d

SHA512
c09007530b91456eaf7b67865f1fd5dfe0cae324fe166f69c9a1d4b8010b361f97b0043bc670de9be204533f08e82958b9a191a3e4bd1f311f22be2d03ab9a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data
Filesize
92KB

MD5
37192e993c137317c011d5a34ffce7de

SHA1
a8931c7e3bbcb10897a315a85e74f677de3d3f09

SHA256
8b2ec2b5cf867a930aa00d3cf5f13c2dcbf3e706de7556c8b950e7fba9762f03

SHA512
8a7f6968d86724eb0c95d3739776e8960b453ffefd90f79711ad73f3168943015ef8e5ba2b010edac9e01f161c61f25c09df39914d845c2aa45dbdd5a4eb35f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\a42eb277-32d7-4399-94d7-33ce70a84ed6.tmp
Filesize
18KB

MD5
7958c7d57e7368695cac5c786a134788

SHA1
d973bd4e3f7ac2802553596a0533bf271d67241f

SHA256
13f7cead02241305b9dc691747685a68aea87c3dfd408820e0653c5247984cc2

SHA512
3970588216903263a59510fd335b61185eeb115f5e9a174f8848313d406dea663e64411f9677666586da8e32500dbf4927344de88b252ef8ce47b60a758010a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version
Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
128KB

MD5
cdf97aeab47aeba78a9dab6f447e7a24

SHA1
89115dbf0d95e2abfb88ea366107a080d416766a

SHA256
da09cbd0089b32176b604ef39a7811090bddc2fa1126e25968d72b9dba858219

SHA512
811c13e0cbd3176f8be24827b3c5fa26e80d0ca9c1769d1ac187cf8278912af2576dfdc298349df9d2e909741872798bc9e43555a7b23538f38fbb22a7280a4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
262KB

MD5
b573945e5a50b8e9e84bcf62b00dcebc

SHA1
0189a27596a3d580e1479d64c8d8b66e47ec285c

SHA256
d42912fd3034a55cf40cce3fe056ab34ad068a9a695ee03d04d9fa42224f7d3f

SHA512
1b1b134cea539601e3735dd5b3d8b0a243cf4bc61ec4e2981c134c87e192f52967bfb3fcc142a1c670c01845165cd7a38ed10da6771c0bca7d4b9c40701f27ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index
Filesize
256KB

MD5
dbf10b45f00c16c3d73eb1f2a6291362

SHA1
e3c784eaf547555e5cc36da9bf6d175cf41f7a64

SHA256
1ee62318122319144776fa0b32d61de78210988481ab8a21a812ccb171840224

SHA512
0c804c3e457f02c20dc5639a7d802a82d98c2f6d40dde5bcb29d2bfa714431fc1523b229b7355e121d10cce79d3036b55aff6c61b6d260ce2d0d9255930707d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
\??\pipe\crashpad_420_CNKTSFHHVRSIZWWR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit