socelars | b6083565ffaf8a2e72c17a29360fa7f75477c6b5fc123f2e5c6f1c06ad49f6cc

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07-04-2024 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Size

1.4MB
MD5

e5c146605f6db0b6e211a2d4cfd6ed98
SHA1

24e040fdef34bfdaea1ac40b001e5052fa5c6207
SHA256

b6083565ffaf8a2e72c17a29360fa7f75477c6b5fc123f2e5c6f1c06ad49f6cc
SHA512

300103548a9ac9bdf658d1e2a4e5453493d922372c4982899d1cf66bacd72e8f8b0f0e87a2d71765196b87d749fc13632f712cc1a36a8468aaf2c3e50df1417d
SSDEEP

24576:p8TJtpd95n1HCEei6gFT/L+V3F+kyRejskFL/whBZhnHo4Sad5RKrN0z/d2ew:GJtpx1iErFrLK3F7QojUnHo4Sa0rN0Zw

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

Processes:

e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

23 iplogger.org
24 iplogger.org
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
23	iplogger.org
24	iplogger.org

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

xcopy.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

4884 taskkill.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3992 chrome.exe
3992 chrome.exe
1652 chrome.exe
1652 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3992 chrome.exe
3992 chrome.exe
3992 chrome.exe
3992 chrome.exe
3992 chrome.exe

pid	process
4884	taskkill.exe

pid	process
3992	chrome.exe
3992	chrome.exe
1652	chrome.exe
1652	chrome.exe

pid	process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exetaskkill.exechrome.exe

description	pid	process
Token: SeCreateTokenPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeTcbPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeSecurityPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeSystemtimePrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeBackupPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeRestorePrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeShutdownPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeDebugPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeAuditPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeUndockPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeManageVolumePrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeImpersonatePrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: 31	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: 32	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: 33	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: 34	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: 35	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
Token: SeDebugPrivilege	4884	taskkill.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid process

3992 chrome.exe
3992 chrome.exe

pid	process
3992	chrome.exe
3992	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.execmd.exechrome.exe

description	pid	process	target process
PID 976 wrote to memory of 208	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe	cmd.exe
PID 976 wrote to memory of 208	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe	cmd.exe
PID 976 wrote to memory of 208	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe	cmd.exe
PID 208 wrote to memory of 4884	208	cmd.exe	taskkill.exe
PID 208 wrote to memory of 4884	208	cmd.exe	taskkill.exe
PID 208 wrote to memory of 4884	208	cmd.exe	taskkill.exe
PID 976 wrote to memory of 3156	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe	xcopy.exe
PID 976 wrote to memory of 3156	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe	xcopy.exe
PID 976 wrote to memory of 3156	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe	xcopy.exe
PID 976 wrote to memory of 3992	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe	chrome.exe
PID 976 wrote to memory of 3992	976	e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe	chrome.exe
PID 3992 wrote to memory of 1096	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 1096	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4284	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4960	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4960	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4496	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4496	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4496	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4496	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4496	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4496	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4496	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4496	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4496	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4496	3992	chrome.exe	chrome.exe
PID 3992 wrote to memory of 4496	3992	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e5c146605f6db0b6e211a2d4cfd6ed98_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:976

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:208

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4884

C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
2⤵
- Enumerates system info in registry
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8b7539758,0x7ff8b7539768,0x7ff8b7539778
3⤵
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1752,i,13831717511257989271,9225605599254208008,131072 /prefetch:2
3⤵
PID:4284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2136 --field-trial-handle=1752,i,13831717511257989271,9225605599254208008,131072 /prefetch:8
3⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2192 --field-trial-handle=1752,i,13831717511257989271,9225605599254208008,131072 /prefetch:8
3⤵
PID:4496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1752,i,13831717511257989271,9225605599254208008,131072 /prefetch:1
3⤵
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1752,i,13831717511257989271,9225605599254208008,131072 /prefetch:1
3⤵
PID:1072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3404 --field-trial-handle=1752,i,13831717511257989271,9225605599254208008,131072 /prefetch:1
3⤵
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3420 --field-trial-handle=1752,i,13831717511257989271,9225605599254208008,131072 /prefetch:1
3⤵
PID:4820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4992 --field-trial-handle=1752,i,13831717511257989271,9225605599254208008,131072 /prefetch:1
3⤵
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2656 --field-trial-handle=1752,i,13831717511257989271,9225605599254208008,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4856

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html
Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png
Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js
Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js
Filesize
15KB

MD5
9b1db13ba62852513c1cb415aa390cd4

SHA1
1832b2b3bd47d76e8b6d68441eed2bb4bfa22124

SHA256
7c12c4ab932c31d5075ba0b0337fd66cef28011efeca7969957173bf46c8b6d1

SHA512
7ecc16c590996ee5fd752dfcb5ad9cabb8d81c1d36aead9bbdfbed2a36bb42378593da100faf91b5330ba9c9b10f64dd3bf700b05aa67866e0a661b4e932f70a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js
Filesize
14KB

MD5
dd274022b4205b0da19d427b9ac176bf

SHA1
91ee7c40b55a1525438c2b1abe166d3cb862e5cb

SHA256
41e129bb90c2ac61da7dac92a908559448c6448ba698a450b6e7add9493739c6

SHA512
8ee074da689a7d90eca3c8242f7d16b0390b8c9b133d7bbdef77f8bf7f9a912e2d60b4a16f1c934f1bd38b380d6536c23b3a2f9939e31a8ef9f9c539573387b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js
Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js
Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js
Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json
Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
18KB

MD5
b45176f5808805fd373e2377639ce6ad

SHA1
c129c91c60b4d5152605a781f1f51e7a0a7d4889

SHA256
4f0bed0525ec72eecf94d4b5124f93226d96b3ec5309de359eae626e81e7cc0c

SHA512
594b2d0ae81714a12a10129fc0aa821a6bcc0535996d8b61b86e892874fca972457f35f95cc3c430fd8f6ff660ac9b3a50bc2446a665c53991947ce2d67976d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma
Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat
Filesize
40B

MD5
bc16ebe41a9fc2938c4060992a92b0af

SHA1
1719af3e339b187d984a76437eb80cae5dc50e6f

SHA256
5874dbe9583546eb24cfb2b237d58f97ef186cd72866dd224df82e62817744ae

SHA512
c78d4be86a3f35ae07375b37fd39f869d317a6ec6699d7673731e6f9b255d7bcbfacf58ca71c3f51baac1e2b2bbee7da58603efa5bd51a31162c481aab7a912c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database
Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
6e5c7015bd8d8e03dfa213d03f003dd2

SHA1
e4231b530d7819015867498127d46e8977be2fe1

SHA256
10e88a803f0b33c6c96e43bd023e09cc30ea13cbef66d3b0a09d7c1616500f3e

SHA512
d48f8b854d24a45f10da1e2fab6b91ae2536d8350a0229e2e436c7584410cc300b8b5047de53e4d230566f882ee5d1c3b01b4eaac34f7d60e7efc0e0fa8c539e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
372c9c9a59f2ce1522e3b5b99a48fad4

SHA1
627ed588ef3ebd67914a8b481fefc422d7063507

SHA256
a82d33848760dadab10e0695006f47172823d1cc89052677ed5c214a9c474d73

SHA512
040773d878690ac81fe53c3bf9f86313a77350c6742fa6eb8b795e878845e6703a2cf10b020bc9c121f4614802537a85bab78ba5e0a051f7b7362774b29102e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
6ecc125750ee55179576651a5ac4900e

SHA1
cbe98ec1896d68d0d114bcc3076963788d83b1b8

SHA256
09af85143f515eaa9e430bdc72c9807ebf3ffce982ad7f46d19a202d51c2e518

SHA512
02fbc9421745550b271c6b054937e6b2f4742231e750b36f0fa0266b53892e6dbb9127b27d6a0a71ea790cb4998b22a0980d0952e908c41f2c6da435c5d1e49c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002
Filesize
58KB

MD5
60740148e57524f98393e097189ddf07

SHA1
be4a81614a4e04f7280e87a56b2a2435cc8f990d

SHA256
8e0b9e6ab21550d38b005e289caf6642894269ddd07077ee6009d9f35414d0e9

SHA512
f23cb2f170b8084ed3e99eb28295b96ee9a049450c35233bf236fb41d2dbfd8c30c3a9538f3ce80684e486c4f3400170a8b451175229177bff77e93f45508fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003
Filesize
40KB

MD5
1128652e9d55dcfc30d11ce65dbfc490

SHA1
c3dc05f00453708162853a9e6083a1362cc0fc26

SHA256
b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e

SHA512
75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004
Filesize
36KB

MD5
e8097558dbbe78915224f19255f63398

SHA1
228b8dd90e6e112dc7b8b04fa929723264ff0c04

SHA256
417d648b4e36a3fe05e704b8eb97eb1c26f99c9af711180bbce5b86a635e557f

SHA512
a2336f287d98e124b437ac59acacd39d989ef7ee07737d810208ade8e7d43de44bbd6e2c329bdd2aa84894d1ff892d9cc79f1874446e95a62e8584c42f01d9b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000005
Filesize
52KB

MD5
8a1d4328a2b35de28783ef1788111aa2

SHA1
2e17518655b0443474eff26258991da74ecd680c

SHA256
6e57c8b831acfd8af87372669673cb5ad3a52885648c0dc574f2ad5175414ebe

SHA512
b32bfede617cfa4dcb207f2cb1bd6a358570e9b64b1c58d6fb4c760b5d184d0b9724028b2ab2dbe51bce9255a81157e6e3b964deb7f2253d052c8ae95e92db84

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000006
Filesize
40KB

MD5
929729aa7cff46b3dad2f748a57af24c

SHA1
81aa5db7dd63c79e23ccd23bf2520ab994295f2e

SHA256
3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f

SHA512
a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000009
Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000a
Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000b
Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000e
Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000f
Filesize
49KB

MD5
55abcc758ea44e30cc6bf29a8e961169

SHA1
3b3717aeebb58d07f553c1813635eadb11fda264

SHA256
dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6

SHA512
12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index
Filesize
512KB

MD5
c23e561efc56538e3d1d09e117fd183e

SHA1
740689651fb3bd46b1d6180ae6483aa9008e2a9c

SHA256
350c3bd722b310d8d3078a59eb8d6591accb3bbddf64444f88493bc941341bcb

SHA512
c45d08aa1fee0c126b2d94bed09a25eeb453a63d249042e81ad86faff9c590c4f52bfdb2d305a1cada9760ce0141aab77eadc42835a434a950298d1a56a762bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
9d51b14ffaa23d0be6f2aa0285b4b2d6

SHA1
b4425e3df2a1314aca48eff6736c1032c9d07aab

SHA256
70abf1c97ddb3c98b108a2a8e1f70aec5864a927d189c6d807fa7c3fc747acaa

SHA512
a9354bd6893243aceec750085097bf5824cf9ee76f907a7284e4b95865a486071f8a8bc59d40e77399d19b9a13be26e69b47170f2aabd9c5afdb081e763327bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
fc46a166743e4612989fc97d328bb866

SHA1
095dd2daa0c9e62037bc932631b1630b1711d962

SHA256
76f713671b39cda07eba01d45c334a096b2b3bf17f730ff611ba66e6d2eddf43

SHA512
e9b6a61300014fd8655ca174bab9492ed775aed7cd94b82dc3728a777f06eac17e5c4bc18fbfd47662a507f8a813decf0959aa2ba1f3dbedd008f71e71566c7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
157193f1e4649d9c5ce3ca427117b375

SHA1
0e38e04c5e5f67c63378d4076c57f8d6bf37aadb

SHA256
9f91960e1a6c6d0e3c4b36ffb6d88a288fe9ad1ec8b3925e98b30419d41ad82f

SHA512
dae1e186e51f54c97d3519e321be853b5b3c1a99893a87fef388960624ab4062307880a445850b78f98019c8ef217164b54c59c865232f3cfe1e8cf0be6126f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json
Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\computed_hashes.json
Filesize
3KB

MD5
02c8ed2627b526edc7d74eda75b9a924

SHA1
2984ed94ccacb55d86da2e38dbc3b6b7b3ae9a25

SHA256
c4d3d374611fdb6e970a2019cde28482f8b92230941cbca6ebf7699815c152a6

SHA512
16197b17c6e244c11d1804abc5a739eca5ec05858c9784f919acd634d72b8da2d4ba12b2e68f04145c5fb6d39bdfc187b9a5bc49c60a11435163445a04ba3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\verified_contents.json
Filesize
18KB

MD5
2f0dde11ea5a53f11a1d604363dca243

SHA1
8eef7eb2f4aa207c06bcdd315342160ebacf64e8

SHA256
5a2940c7c5adba1de5e245dbff296d8abc78b078db04988815570ce53e553b1d

SHA512
f20305a42c93bcde345ba623fef8777815c8289fe49b3ec5e0f6cf97ee0d5b824687674d05827d6c846ee899da0d742407670db22ff0d70ebee5a481ab4a0ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json
Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons
Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index
Filesize
256KB

MD5
5438093b640f73884113c298bef4336c

SHA1
6a68dd9907c91fc4cf960db16aa48b0ccc85bd50

SHA256
98b254f06707abe19ccd29353fb6a5bf54fabe54adcca670064845fd6436bd0d

SHA512
d3da4b0fa3b02e1915c7490add4e52bcff200e952e3062a4a0002b4d2510ea6d32359c63c290113b97075b75eb3de49809ed3206e09bd8ee10dc5e5286a52733

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History
Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
1KB

MD5
5924956ec5a9180a9c0e9c2f2ba04fe6

SHA1
45d043473b32271f583f391b0ae4e0c3287a2b4b

SHA256
7e448bfb36392f542be0e94dd8a13c88e66d7f9348490fd5013f3b1918591787

SHA512
a6725379063bfba022258faba13f113fb213abdcfd0e558560fa47ce34ad0d7dc130d491d90a6165da1ceb43e4d376f1fe017f7176e4e6c6fc41d5c9ea410fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
1KB

MD5
33940acf011e5de11c09dbc74beb068f

SHA1
ff38268a19075eed3c1ad17c40d9a6787fdf0197

SHA256
ca5fe40621e22e8673096ca93db8dd55e48a7e9525a4237ab1ab3c53ce66e45c

SHA512
1c3a3ca21e17d99f6691339df4784d5926c6f867aff1ef025a1328ce459e215422718af1a25c9c773c6926cf4898cfc8092b99c97b2b21d3a78251c1ffa2986d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL
Filesize
36KB

MD5
8cfa4caf5def7b98b47501cd43bb15b1

SHA1
2643ffad99355e2d9e358bdfd86ffce750f36f30

SHA256
3017d3737c19f597d2c2ace1bb2e63fb4e28b563525444b7593fb42659b8fd6a

SHA512
91f4afdb9699691ea82f49fb4e1a6ab81d8d46d840fa53cac60103f238d0300a5bdb5fd30329df2da9d08650cf6fefe2fef3e998fceadcdac1d8a1eba41c4959

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
872B

MD5
3e11447c575656eb1db39c110b24810e

SHA1
ee6adfaec787178a83ff37ce08eaaeee3620f566

SHA256
3e862f27ee5ff148b46352e5e421269382cbf0243977cfc724c3fcc245c8b0a0

SHA512
d3a23dcfb21351dd1b2bdb15128a36fcd9837b72dbe1995418709db9062a7ad0863b04da504ae6f86ee7446cdda694b6dcf0a07e0d9332b45bdb0e255a0bf4c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
371B

MD5
c5830cc046c2494e6e0dcd45a8a94af5

SHA1
a857ee775144893d189d9548f372f953a5938de5

SHA256
43f582e0e4be72d33c7f29680d890b522e7af52f8278f1fa1ef7ed8193244ff6

SHA512
2705d252b841b941054d99ea1ba0df6576c498ac603700b43c5f5dc2a4527f1174a5091712a3f0bc1665abb7c169822a24bdfdadc337527ca55c2b3da48df156

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
874B

MD5
967931d3b1aed74cc32ceb13a4614997

SHA1
29ce5b3eb2532cc494beef544956c8b86bf44c0e

SHA256
0515b3d27cf9440869f5078d1b208f30b41dd63c702cfdcf69e246d507a46525

SHA512
ce34e872fe46bd5ffbc40aa0a0f12d60478f4856d3955278f888e3ef7e6890f02912726b0a45f420fa8a996d68ec3431bf3296f4ca2ef426db009d25e99657b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
874B

MD5
c4879081c86572876e3c3d8868769c46

SHA1
e354284c0d189cc4aac0afa6332b4074e73d774e

SHA256
e3c88b5fd16e6abae89179345f5b465c4d5a70b61feb9ad3d0b65fd413168041

SHA512
c135be084693d725a58b0ac3cf90d3fc222a8d4ccdc561c228c5d2685854520eba9ee1c95c73eedc3b5c207af94e3f16d3053a2a77f9fe33f3d57b2cd77bf0a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences
Filesize
6KB

MD5
5f771b144d86627668c198b2bd3f877c

SHA1
f9db990e8a94671d6b845fae922715694a97ad93

SHA256
f978946ff33739fc539e660f10f93c790c08fee00ea46f3ce52f43ac662b0f30

SHA512
2c0b3ca6ad8f2616ca3341bd66faf0d10803b20819e8bd3c290a51333d9bd3f2720e15cb9381b963d5222f876d3f579b40e79d832e0ef3b1fa8166220552bc34

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences
Filesize
6KB

MD5
dff4756286112c80e1deb15787989145

SHA1
2a429ac4c4209da48c354298a87374cbef50a30b

SHA256
4386c2e63ccec8585be0c4915bf16e7f4d5ae8b2d1a2823a2841005711845036

SHA512
8d156d67ebe318f5f7b94fbd4116f1e496d574d149fe7f95e82fccf58d6d4b7237c6836f270de46fcc7b3f3539569a6e59af0c940922cc1e6ef0d21186885d0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies
Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log
Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
8ceec78f8c554f09cacfbe30cdf0cab7

SHA1
86ebc23a4cc91011af112a1fe802ea8e287a9886

SHA256
c86cae553e9d13ede558f1ed30c6ecf541754b5baaba6112af4579a85e42e7f8

SHA512
692a99773981ee914c9974fc655435d44139bcf987f75dc526368a11220dc6eb35c67522cb27de2e297d6e0c3a0d92cd2885ad4622a40f16657b0747835729fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old
Filesize
305B

MD5
cde36678806ec80092a1d5cfd0bdfd47

SHA1
2167b32162a0ae527a1b8d7e02f2d8322001ea8b

SHA256
063445064837cc55f9972cb9af9cdf96bb13fa279ef52bd9b891b5884b977486

SHA512
83db2f13171e30ecc2514d55fa47792f8bb1959d4ab90f4cebadd7d2964e157b84b15020e88a08388bc303b9bd6b9e21317ad4180a668cc76c23a4ce097481cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
d5b0850fbc9dfcb9efa72256380d255f

SHA1
f84f196f422a33d4926b4a036f98c9dabfcb74c9

SHA256
3704f532de113b89c66ebd4715bdafb8734c03628fbdd895e603fe485c25cd31

SHA512
4225daef868700b332ac8960c9df5b42bc6b3aefaf1813944e4a457bb95e7d6efc4212ce517bb1f215fc4191f2e0f83e46ca72dee5399778f7a35aa8555fab13

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index
Filesize
256KB

MD5
c5431f74fcd706083ccdefcd3158c696

SHA1
4b8a225e520f098536f7264ff13a05cfa848beb5

SHA256
c148819d682ad33e0d5ec66b14a5a8f7a4dbf8ed6b1d79356bdb506d496a7539

SHA512
8e127b2c4ef5decc300775416beb7b0cf95f2f584b1db4266fe7b00bc99d5e94a57a5924ded7a6e6399f13ef1fed5b373b43e67bc20aa04ef87136a309c7582c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log
Filesize
6KB

MD5
86b300021988ba7719d68756a59ab2ac

SHA1
42f23a2374f770823de782d2720e81513aa06db8

SHA256
ee9c7e4342d8f83035aa26c96422050667d2559f45533785e74138f9e1c8cdab

SHA512
4b03c878458d5dec65614afac396598df206f767ca1ba600a960b591bc94da33492e2b227f39f9a9465b6d158d7bbd1dc47da9d674d1664c5864e0a40742949a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG
Filesize
321B

MD5
c450db07a855e2ded700a979a4aa0b2b

SHA1
e511c0c09a7e29c2c8d9a9ae4ce7a4087e0c9414

SHA256
6d1c9fc59a49a0e6600e80b7609a8cf7bbb5f5bf0b89b9b885d37e12899272f1

SHA512
e91253c9dca7aacba7609983270ddb66ac6945adbe84ad3191054bb66d8ff409a1b2378b0677486f7ff1f17d48ae5c88369d56cf73273ef16f6dce4914426e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old
Filesize
283B

MD5
3b4ad9e996555024d504da24f582913c

SHA1
5bca1523e9d3aa8cf04573638feacb7badd43b93

SHA256
caad458365ba5574640cb0d38f89a9d1060df45d6888de2ade7680cb3516effe

SHA512
04b5fa1fcdd3b21df88f3a4978ca6f78a31b2fdb55be4337aaaa5ba7e2dfaf46547c6a5a172d94453f216e4d9efe8aeaad10d346534272cf73198e55e86e5130

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Top Sites
Filesize
20KB

MD5
f827a28f6100a85bd8217d338ccca5a4

SHA1
2a180393edd7109c3ab03db4e6edf07ddd9672eb

SHA256
82ee998a4908774d5f55d1d65c897abb5c36458bafada8dc945a09c6b9f21429

SHA512
77fc5289c9d5f954e789f2c0b908a39e8e988201b0ff89efc1002d2d5d7808a8e60e9332be4b9838490d48e4a4385d8cd9b3b18c8716ceb9d6f2117cb2e53d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault
Filesize
33B

MD5
449ad5f292b74985edbc9fdcab9bd702

SHA1
22d07efa35e1d206341649844003949c5d674e4e

SHA256
baf08403ea0175e32437d978141ccaa408c3011034f2d00904054db01fe6b5c1

SHA512
b92963d9228f1b8589e4272c1b0d42200b781160fe3624c101f5ef541b96d8f4b0536a03d4818a346834deb95ab208ce4d882f6f45096d9b066b442cb2da1a8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links
Filesize
128KB

MD5
31bfad1e0ff7c245004efadbd2f8ae51

SHA1
8d8f69fbd17a447ed3121d61dcc46ba76c52e03a

SHA256
14d598d5305ee4ef018a56c44c8173d2e418cbe17563f3b8626c9956717b10f3

SHA512
414a1b0d2fc6539bf86a614c2f67e7c3300455cf5f3e7b35cd46d021b9cefa18d9f328e4ba11e4989005e21a28cc3ceeb410ff3bd8712788d37ec495206457a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data
Filesize
92KB

MD5
17a7df30f13c3da857d658cacd4d32b5

SHA1
a7263013b088e677410d35f4cc4df02514cb898c

SHA256
c44cbdf2dbfb3ea10d471fa39c9b63e6e2fc00f1add109d51419b208a426f4d0

SHA512
ea96cc3e2a44d2adeca4ecb4b8875a808ef041a6a5b4ae77b6bfd1600dd31f449b51b1a5997064c43e5111861ac4e3bc40a55db6a39d6323c0b00ff26d113b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\a9f9befc-3362-49dd-a4cf-fa75c041e54b.tmp
Filesize
18KB

MD5
68103408d23fc2f53a7cd419dbfd4892

SHA1
ef71f6be729a987d282b0e36e841547ad526b4c1

SHA256
7f5da3be62ac94c8b2dd5a3863a78a7c9036f3150c872d6a944353d865562718

SHA512
76e44ca451058fa26a477fed911f8a45d6b01f9d6093368c4cf45d624958c44ec99fd3fd2c2e478a1316a1682d509def1a3525a54741045f9a239f1842904bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version
Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
114KB

MD5
597ac84f33b13f120f8b2348379971dc

SHA1
6677c3b08a8ef3a0e26a1e53186bb0dc211556fd

SHA256
45fd505af4bef73e4c7d46cf65c51796e4fa184820a7060ecf2c5640deaadf7f

SHA512
7556701e4af94e768f5aaa61141ca22cba44990972037ff47540e0d3e7a96ad407c6f0761590070148d4252feb6ac2caa0927de76020c458e36c30a157b9ee73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
245KB

MD5
55053f857084af5dc231f5cd8578115b

SHA1
b9282ca868d3237cda213575424372114948f9dc

SHA256
09e30911198ebf34b6b99fad0af552ba3897907268e7f8510916e2902191917a

SHA512
68d3322ebe4457f73746518de3f2364dc128bebd98706e171c53d18959fc89ff55fe6963c1666c9046cd73115e69c5d9ddb3a7e0e4405c978cf945d3ea9e53aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index
Filesize
256KB

MD5
c58362dcff6b641c60c8cd8e3c385255

SHA1
06170f6b891c1242a9573233b85abadc02990d82

SHA256
6ef0273fc0d4ad120bbee3097b28393cd4e5f65f2bc8e542cc978542adb3d93d

SHA512
e1039273635dbd551590e58c28bcc0e1210a51227d7b257dd1956ad0434018b3c64debb57e5a86814b9b62793bfc36e6d549eb232c57673f25bfd9ed8945804e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
\??\pipe\crashpad_3992_XZWTOUOLYPRNCGUB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit