socelars | 88fc01fd1348d9917d321c0c8732fe0e9c86786d38dcb007544759c5351aee3c

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Size

1.4MB
MD5

fde618248cf903e0c7904dc140ada26e
SHA1

e2d61fa23b0a2470f0ad56f293c046e70accee86
SHA256

88fc01fd1348d9917d321c0c8732fe0e9c86786d38dcb007544759c5351aee3c
SHA512

57d5aba029992abf2f48b0262bece32ab504f87d1f3db7bb6a9da2ad67e201a197d07722c4c4ee9de75b063b2e1a96a8eee2d8dc29deac11372f45f1ae03e58f
SSDEEP

24576:CJSLpwfVWRh0SGQ48Lm2194mKa4qrNkW9NTPjutwqBcn:Cup62ESMyjTPjuqqa

Score

10^/10

socelars discovery spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Socelars family
socelars
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
23	iplogger.org
24	iplogger.org

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
File opened for modification	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3288	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806833727011211"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeAssignPrimaryTokenPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeLockMemoryPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeIncreaseQuotaPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeMachineAccountPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeTcbPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeSecurityPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeTakeOwnershipPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeLoadDriverPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeSystemProfilePrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeSystemtimePrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeProfSingleProcessPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeIncBasePriorityPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeCreatePagefilePrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeCreatePermanentPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeBackupPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeRestorePrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeShutdownPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeDebugPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeAuditPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeSystemEnvironmentPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeChangeNotifyPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeRemoteShutdownPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeUndockPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeSyncAgentPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeEnableDelegationPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeManageVolumePrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeImpersonatePrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeCreateGlobalPrivilege	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: 31	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: 32	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: 33	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: 34	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: 35	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
Token: SeDebugPrivilege	3288	taskkill.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 772	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe	82
PID 3272 wrote to memory of 772	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe	82
PID 3272 wrote to memory of 772	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe	82
PID 772 wrote to memory of 3288	772	cmd.exe	84
PID 772 wrote to memory of 3288	772	cmd.exe	84
PID 772 wrote to memory of 3288	772	cmd.exe	84
PID 3272 wrote to memory of 4500	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe	86
PID 3272 wrote to memory of 4500	3272	2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe	86
PID 4500 wrote to memory of 1752	4500	chrome.exe	87
PID 4500 wrote to memory of 1752	4500	chrome.exe	87
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 752	4500	chrome.exe	88
PID 4500 wrote to memory of 2964	4500	chrome.exe	89
PID 4500 wrote to memory of 2964	4500	chrome.exe	89
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90
PID 4500 wrote to memory of 1048	4500	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-07_fde618248cf903e0c7904dc140ada26e_avoslocker_luca-stealer.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:772
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4500
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff81215cc40,0x7ff81215cc4c,0x7ff81215cc58
    3⤵
    PID:1752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1852 /prefetch:2
    3⤵
    PID:752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1892 /prefetch:3
    3⤵
    PID:2964
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2224 /prefetch:8
    3⤵
    PID:1048
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3144,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
    3⤵
    PID:1072
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:780
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3844,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3884 /prefetch:2
    3⤵
    PID:3104
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4708,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:1
    3⤵
    PID:3340
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:8
    3⤵
    PID:5028
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5196 /prefetch:8
    3⤵
    PID:4504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:8
    3⤵
    PID:872
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5492 /prefetch:8
    3⤵
    PID:4712
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5620 /prefetch:8
    3⤵
    PID:924
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5504,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5612 /prefetch:8
    3⤵
    PID:224
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5688,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5408 /prefetch:2
    3⤵
    PID:3776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5068,i,9208116570656469961,15186026132358557407,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1328

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js

Filesize
20KB

MD5
9293ac7b1e5a15dc900014282d288234

SHA1
84fcc797ec92f6645e33e03a46678386de9f5e40

SHA256
d9747f2ef68f58e3ffabd714484c1b05a8176cbc291a345b59881476a0799ce6

SHA512
c7308b58281945028264561a622f381f0b96c8f7aa54822fe01148c636760bb193a326162475b1046913788d96d2a055884417797dfa9e4fe74168052d86406c

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js

Filesize
3KB

MD5
f79618c53614380c5fdc545699afe890

SHA1
7804a4621cd9405b6def471f3ebedb07fb17e90a

SHA256
f3f30c5c271f80b0a3a329b11d8e72eb404d0c0dc9c66fa162ca97ccaa1e963c

SHA512
c4e0c4df6ac92351591859a7c4358b3dcd342e00051bf561e68e3fcc2c94fdd8d14bd0a042d88dca33f6c7e952938786378d804f56e84b4eab99e2a5fee96a4c

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json

Filesize
1KB

MD5
6da6b303170ccfdca9d9e75abbfb59f3

SHA1
1a8070080f50a303f73eba253ba49c1e6d400df6

SHA256
66f5620e3bfe4692b14f62baad60e3269327327565ff8b2438e98ce8ed021333

SHA512
872957b63e8a0d10791877e5d204022c08c8e8101807d7ebe6fd537d812ad09e14d8555ccf53dc00525a22c02773aa45b8fa643c05247fb0ce6012382855a89a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6811e4da79d197b52227097d6d4b90d1

SHA1
6773f776b077650179848c23a51e7021498361aa

SHA256
358dad28ad69067ae2c937a270d0511a53ad396cdec0f94cfb6a31777faf0875

SHA512
999d9f4647c6c4b18d915356d280290630baa225dd4fc0d7db4b9629c3a5d8ac3117fdc2d96d3c70e64910a45f86d76f67128a2a56af24147b43b5f4ce20fe40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4c6240119276149516e8bad1be99eb11

SHA1
2572003a315a998060bf0f3d63f31d751f63dd9b

SHA256
fba43ef316ff592b76bf5bb3f83440eb22096b1e6709954e5abb993a7cfdbed4

SHA512
4383627ad12d7fbf1b6058a84ad3d22f32e6b1237cebc5f2969f705ba52916bd5d52d13515e94ebaa78bad61867341d4dd7b806eff5d721482d372076bdf6bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fdafe6860bfda60e26ce286b9e7fde74

SHA1
73bde124ba2aca1b6806de88f668c951e434e9cb

SHA256
74dfdfb6f248644f154aa3752c3fad3897c4ab70dcdcc53f6e2c7d7b35009770

SHA512
fe7c9ce923b581ffc3c2d4dca6ab3fc933bad6ee5949163f7190b2f9bd30194950d0e6092a8a2892d42d4d480bf8bfa233c291592a060f9697eb8e7b2d7ae107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e66351f151a76ba818cfb1695aedb8bb

SHA1
a9ae7a1ce9c0480bf7c7e889132d38952ad241a5

SHA256
0fdc8843505901d9a24f864d68ec9b25a4feb80287b8c82a78302f155206ac00

SHA512
5702cc931db96d1b94d35ee7216e8ac27819a9b757c0216fc13fa92746c2293ab3434540484bae3a1491fea079d0970a755daa13cfc366cfcdea62a20628f691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa30fd34e63f4337395fc377099d681e

SHA1
fb7899b118d74261e9a6d904da6bd75e3b3375ab

SHA256
9dc2df27af373a111a35643750a4ce28d480e8988c72bfcc48582958b0fb3bb6

SHA512
1eefd2a2e1312d7c80687deb1e1e023323d8d2755739cfc3a33ae356978429c84fe042cf5d1065991eec9c2313bb861e840f98769eeb2d7e9e69e337f020e228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
88bf923a56875745855986b664804281

SHA1
f75adb90c6f46578f2284212273243780113be30

SHA256
877db49587719db2cbaaf5664b38522c86803d58563c973c0d984b71a4787713

SHA512
3ff602205a7ae5f39320927d50cec7efa0bc718537b350db63b86af5ea1aecac614d39367161ef32633aff2ba88ed0aed95f163145a8d46ba212ea50e78d75ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0411cea9d140440a5f91f95e42420bb8

SHA1
8fbfb4dcae620430b3f83a639442bf342c28c7fd

SHA256
b3198dd1bf68806ed2741690744759299285a2caac19cae029cc90b732feb107

SHA512
9bf67a64821e1926a39032bca423973ee12a97f668575e9f450225e848b65269f52c894a4947458b989ee1c130c11bd4bd6c7fc7b49ee1a650b6ce96063d2965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c4b71dfe376972540874bb288710575e

SHA1
9b5ddc025c53338b57e6211a044d5894aac9f810

SHA256
736e28d7c55b5198d03fd98b2c69ebef59fb94efc50279b144abbfdbcfd94180

SHA512
f8017e4ab0aee685c06e7f09f8cfd05da9b440bad81d22504a07d9ab9fe505bd9e2821ebd7e3461d4cf1c5108703f406d10fbac80bffd033a070a3e0f4eca757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
171cfdfbb27bcb3706d660035e8cbe65

SHA1
f3155511807dde554981aef059d390bc9ee568ce

SHA256
ee98de82b7b12d5f96549109c1928aa1e84a694441d50362f0253ea8d8e90978

SHA512
3d89ea1921822b2b25faddd476d46eae812a200859b96bb1f4c20d08290124da2d095594724eef08e8b67651f998834b1465588a41f3419348acda5e232675de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a8bb7cc595d8b194b3510ad5744b16c

SHA1
490d949fc6a3a3c4a29f9f9dee0450165a85042d

SHA256
85d7929ffb5f3cdffb1b6e6f2f028c482afc28f0cfb50a63e8c9ae47c83c7d71

SHA512
d6f090e13aebbb10dea1879797ccbeda502cebbd63ac4ecb524d5f9b4f5ed6626cab6c556de6e63c6ee57d9d08e30bde8cbc679b70531f767ec8f7526bcd4582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c86396b2ee5cb63538fb356c1c7746c2

SHA1
db862aa7fa090854ef1ac9a755e871b42ab016e6

SHA256
fdadf93ac1668a8d340e63fd7941693932ad80841168b86c48ef67486051f35e

SHA512
2d9d258bac031b42d0a6e2534f4710558835e7d76b57420402cb28c24ae1d487a89555067022f495614805ce3d066f848edd7aa2a409a762ac6cbd58db26203d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e83299dbc22fb2b8af25a058f4520336

SHA1
6925a6d1481392ab498344d9324b41a22a88fdbf

SHA256
d3d758c6d366ce9c3951d7b3ec3061ab1ec24f0a76b725da6b86642959620b4b

SHA512
012e87c1934b7662834e02bc5c4ef4161eefd3785e5f31ca25cfd1d1eb924930687619c613124ea8dcbb3ed2891019a66ad619bf6727e229aa7ad13d36608d19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1ef45d445133f868115b3e9d85a1111

SHA1
15ffa73cd891a056a96e1aa8e3026ddf2b19f329

SHA256
7bf0753feb2298a10136b84908c5e89fdc8db5a0bd1b1ba9f11db8e7a933014c

SHA512
0bee1301d0d7833fbc1333201dbc88273f454ffe00e54359c93686673c2a63a81b1a7be52d5a09d9d7e52966c2dcac2bf6efef55e2b907f4d016be9c40cf3b26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
1f29a0694a6a0242dc8a6cb7a0278206

SHA1
aadfcbe8270ee3d8405bae1b40d5928528009067

SHA256
ae654a8cae57a13098df9195299434f8be822b8d6c5847faf924563f41a5c84d

SHA512
6884314814af58559c35218b8809a4bfd6dc2dcc28a4bede87df91ad4ca7dd5cfa19996e324b8cc78238f85e6630257a7fa01ca57df63fbead9ec2744237ca88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
767bb2cc8cd740a3d0fa6f5337090be3

SHA1
0ddb242408ac3729bcf608070833d2f5543b2b81

SHA256
84a0a6ec1180de6047efc871c54b5dad14fc92a386956fa7fdf1548cda3aacf9

SHA512
78924346edf60fe7cf6d18b11ac2546eb1736424e39c3259678773eb6efd0095123c2f3da6f0257b475c9e61deffeff6a665a2d2772e78b780b2804b994a6a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d561fce9-d6e1-4861-baf8-5f9c32a0ccce.tmp

Filesize
16KB

MD5
1bca52dc2941ceb468d87aaf7f5864d6

SHA1
a46441ea479a5f1fbdc09ff205a3840dd8a0fb71

SHA256
be032c2dd4a2d37e453d4556b9dc06ed742f6388df1c6c13caae7c282c3c6453

SHA512
9de46a2af5acbda80ebecaf50e0f64d012ff5f7b4dbc72e5b3da885105bcc297f77ed769dafb18928763993d476cf910f0047db665b3c20a3f0d3de8cf1d2298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
dfa7d7302b10fc8f659523c2e0e4c262

SHA1
887376525e23cf630c0cdc1e1691d78714eaaa42

SHA256
2019c4e0c68c035afe5d9d036abbe6f43ad7f38a47212338dee05ce2732e8d5e

SHA512
0d6a25f881d1419febefa942eed6cbd53f74c7b07074954af8c6eeac332a79002cb48c2b369435a8fb6061ed77e141a0a8c56ee904e7eb3151fd84a65a2d803e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
55fa9549a6ffe289bdaad6f1d8d34787

SHA1
2733a3de8f896d83bcbab683c8648c0e368f2309

SHA256
904fff225872c9c6cc352bca00792c2c2b617336743e14ccb0189bd5a863a3c6

SHA512
f289e61aa6866f7276546181a318b4d449adab53342b8e1d72f71f64cf9638d738f85384eb983248abe97530489f317b3a56ab780f72d9bf5eace584822823aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4500_172719116\48d9a119-687b-428f-927a-0b8dbd4142a1.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4500_172719116\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit