socelars | 4a7bddf3e8eb19734eb18719ddd50a8b98477d24f8eb1bbdd62783c615eb6357

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Size

1.4MB
MD5

f15a8fe02aaf0c0533955fb6fc63e7d9
SHA1

f3087a29e2cefb9b91174c3459161b4407fc7e1a
SHA256

4a7bddf3e8eb19734eb18719ddd50a8b98477d24f8eb1bbdd62783c615eb6357
SHA512

c989aa633cd8c4b6d5286fede7e9d2c8470346d8be86ce29d7f89afe6a42705b69bf6dc598ff296b36dbb98ee2a509a0730986ca39b96fa43f8410d513ee2e2c
SSDEEP

24576:AjmZxpT2xecnFAaeHrTM+zNyReyAN4/FDsSl3qJbZ9GgtS/Zj83Xsg9PC6Nz:xZxp1cFA3rY+hykedwYqJygtS/R83Xj1

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

Processes:

f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

34 iplogger.org
39 iplogger.org
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
34	iplogger.org
39	iplogger.org

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

xcopy.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

404 taskkill.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3488 chrome.exe
3488 chrome.exe
1412 chrome.exe
1412 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3488 chrome.exe
3488 chrome.exe
3488 chrome.exe
3488 chrome.exe
3488 chrome.exe

pid	process
404	taskkill.exe

pid	process
3488	chrome.exe
3488	chrome.exe
1412	chrome.exe
1412	chrome.exe

pid	process
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exetaskkill.exechrome.exe

description	pid	process
Token: SeCreateTokenPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeTcbPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeSecurityPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeSystemtimePrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeBackupPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeRestorePrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeShutdownPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeDebugPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeAuditPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeUndockPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeManageVolumePrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeImpersonatePrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: 31	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: 32	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: 33	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: 34	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: 35	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
Token: SeDebugPrivilege	404	taskkill.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid process

3488 chrome.exe
3488 chrome.exe

pid	process
3488	chrome.exe
3488	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.execmd.exechrome.exe

description	pid	process	target process
PID 4844 wrote to memory of 1308	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe	cmd.exe
PID 4844 wrote to memory of 1308	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe	cmd.exe
PID 4844 wrote to memory of 1308	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe	cmd.exe
PID 1308 wrote to memory of 404	1308	cmd.exe	taskkill.exe
PID 1308 wrote to memory of 404	1308	cmd.exe	taskkill.exe
PID 1308 wrote to memory of 404	1308	cmd.exe	taskkill.exe
PID 4844 wrote to memory of 3448	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe	xcopy.exe
PID 4844 wrote to memory of 3448	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe	xcopy.exe
PID 4844 wrote to memory of 3448	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe	xcopy.exe
PID 4844 wrote to memory of 3488	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe	chrome.exe
PID 4844 wrote to memory of 3488	4844	f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe	chrome.exe
PID 3488 wrote to memory of 2688	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 2688	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 680	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4536	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4536	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe
PID 3488 wrote to memory of 4952	3488	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f15a8fe02aaf0c0533955fb6fc63e7d9_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4844

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:1308

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:404

C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
2⤵
- Enumerates system info in registry
PID:3448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff95eccab58,0x7ff95eccab68,0x7ff95eccab78
3⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1880,i,1554315376499540622,17219188172492832260,131072 /prefetch:2
3⤵
PID:680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2156 --field-trial-handle=1880,i,1554315376499540622,17219188172492832260,131072 /prefetch:8
3⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2220 --field-trial-handle=1880,i,1554315376499540622,17219188172492832260,131072 /prefetch:8
3⤵
PID:4952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1880,i,1554315376499540622,17219188172492832260,131072 /prefetch:1
3⤵
PID:2904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1880,i,1554315376499540622,17219188172492832260,131072 /prefetch:1
3⤵
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3488 --field-trial-handle=1880,i,1554315376499540622,17219188172492832260,131072 /prefetch:1
3⤵
PID:3380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3604 --field-trial-handle=1880,i,1554315376499540622,17219188172492832260,131072 /prefetch:1
3⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4640 --field-trial-handle=1880,i,1554315376499540622,17219188172492832260,131072 /prefetch:1
3⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1880,i,1554315376499540622,17219188172492832260,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1412

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5056

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html
Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png
Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js
Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js
Filesize
15KB

MD5
d4c702c93e0684cf01a71abf1f3c67a0

SHA1
2e5f9c6042ecef643c78021ae037dcbd1b025d20

SHA256
fe4a1566ad0b0d6835b137baca32471a534321604f037af607bc17ac003c13a3

SHA512
40700871bd4c95de9ac9ed7a0ebd5da0e16964a6b560954b77c2516677c335e31f35996c9352caec0bd15dc91b770a040cb39af0e4bbf3d67364966b5f7baa39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js
Filesize
14KB

MD5
dd274022b4205b0da19d427b9ac176bf

SHA1
91ee7c40b55a1525438c2b1abe166d3cb862e5cb

SHA256
41e129bb90c2ac61da7dac92a908559448c6448ba698a450b6e7add9493739c6

SHA512
8ee074da689a7d90eca3c8242f7d16b0390b8c9b133d7bbdef77f8bf7f9a912e2d60b4a16f1c934f1bd38b380d6536c23b3a2f9939e31a8ef9f9c539573387b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js
Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js
Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js
Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json
Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
19KB

MD5
3f5d3717ae32d09e51a5e367ab692fa1

SHA1
818263b5f97250518b8d3e9fabdf4b39f16b4af4

SHA256
20f84a85b1f25dd899f21a4314927ed41495770e6a85f019e8e093cb11a7753f

SHA512
e6244cd1e13ad17fe10d042ccfffd3cbe810c587ed0fc1b4a31662723c63778217d8a515521d0b6a1842527b2ac6f69bfe1d2d1cbc6012f7bd5c9d930b157dd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma
Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat
Filesize
40B

MD5
58bb95b4094ea52340b0fa368840c9a5

SHA1
03e801a2f4735f3f47b6822d4660e55210e56567

SHA256
65d15a1557409d3cb361251a31e7a620874bd504e12187d1260d9b80fbf6b235

SHA512
6931e70506a094e390cbcb45ae3bbca25ea54ab1937d6b5b3443890c5f436f5ee04dd587605ff1d7055f4f810d3ac690e1a42b39020e242389dddbce5f7b3deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database
Filesize
36KB

MD5
1d90d8ecb26fd0fd88c42a22827269d4

SHA1
d0df9bf0e2259d8101fe84a1020b76be559bfc75

SHA256
971176b58710991ae8c338a3d0ef19a95619c63d4dc1a018767a71970ad23b2c

SHA512
5e70bb58f92d604e6a989d5b2b63e04e0277c670d115695420201368abac358670f63379739bc94fda2abe5ef0ea4ad686eba17fb0afeaed5a7dd5228d29dedd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
2d5275d83c8546a36b783e3bfa5c336a

SHA1
5a1e67420f27ce5895bdcf8d71d9dec95df551a7

SHA256
8b577be8cb4f680bc6a3985c8287f537e9d575e4284f7663bae2e3147050a12a

SHA512
d4f848df7ca03ddb1d5adc3f7ed5f5c6e7fcf415e3d1a2d31351906acf67ecc9a80fe152f1f527bd3f2c7b86d0a2d74e023c7eb9b8205651778d48b3908d5115

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
6200d789a0e534cd68065b468a50f2a9

SHA1
b67c757d1b47fdde2af9e88a8113af6605955078

SHA256
9a4e51c8d0801875c4ff3411917e18c9753a4b10b7cef0199d23f0d2d2c2299c

SHA512
7dc4104c533497991d1d077bd66c4c6596fef55b671f140dbfdb45c5bbc15144544681a6d4d326460d8de325ed7f560e47521340c8137c9bcc66f10ed9c450ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
f4c542401b6d21c3d510fba4a08db574

SHA1
07b8942568be26b889ad20220464a00655314434

SHA256
de690b7ace0cd73838e3dcaebac10129780f15df7c0135e1fe0da5bba9c68e1b

SHA512
b94e6be08d1e8391a2eecaba02202488cf757e73dff3ece3d8f8baa5e030a09f3ed306e2c3efdb8ed1a2feb623cff9b82958796e919ba245ffe455d1b3a7f53d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002
Filesize
58KB

MD5
07aed71557ba5e7e67c1e955093cd200

SHA1
added99a1d4ca742e536e351309d6302f5823773

SHA256
767e38bf8d440a0d42aae3a041704ce63bf307cb34f54a72f5a6c6f1d5239c69

SHA512
f0128ee66899cb0bd68af64fc3aa660c11cc2d49c4744655590e430273bcfdacc8786e78ae860d936866e15b9099049ff4be8bea803da14141825d8b519a95ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003
Filesize
40KB

MD5
0f81b6d61de3f11df96afa46fb362f45

SHA1
b73925c797fcb5e23b0e0495ebdfb629d16f26e4

SHA256
7171337d694e449b8c4923733effa4185a3eddb330b96e9fd0e4e3497faf5364

SHA512
1c97e4e7357d385613f05f7a16439c25614d553cafdbd18a197c4a369726ec28b372ec6bed8b87a968d74a2585e3c999da9799e6cf558fa9ce25f87010d0e617

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004
Filesize
36KB

MD5
64cba5540cf66acc2a80569b9c7fd981

SHA1
2542b4595472fc0d4f49e31bfbd42d359715c1e1

SHA256
ab23f99cde0c0dc7541df62024a24785469c289514e90e9ac9b01d3573509c0f

SHA512
4028c375ea99fa52a4b52ef92be04ae6a0d2e51bfc1879d14cc893cb303577fe9ccb47b2856f8fed317ccec625c7957538d5307cdf3eaf6a387929b9d8671fee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000009
Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index
Filesize
512KB

MD5
62e70390dbf4398a4d550da7d60f697a

SHA1
5eae71814b0f2f363890cbffbacb7f498c1bb750

SHA256
229689cc03da377936f3cb3510357e51403e4dedd8fad92ac4fb42294fbedee8

SHA512
18ced25e99d46f8cbe8546c638961dc058ccb0e5982d1c4a4308bd5f406f482eb93e45b7363baf530f517a0e687459287903816d5883c372ae347462eb8bb80e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
1f8c7b75b30dcdc194ab4272b786a96a

SHA1
6f6db60bf9e6fab492223a3ceb642640ea834e16

SHA256
a05c73e963d4c114c0d10a9ccea80fa844f34b074c8d18787751a7969173b43b

SHA512
4d815adb9239aee8f26c41b63df3cc25442293d562322e431bb9d271368375b2ad56151486491c5cf2fff7658327d1a86c2c377ec761490656a24b00171b69e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
9fa2d2d26608581c5653f7ef397464db

SHA1
3f81dff710962d860493554634ab916461621ddf

SHA256
5879f83440f5de6be82e8db3854467a0cedeb3886e67f6c51c52e2734a5af51f

SHA512
4378c0dedba534fa0cac2225a976aa9830f53b55c1d40607dd68c64f88dda671dc6b3e0a104d2954c639b2387bfda8ba5453128b46d88b9fdc68b1f7d04f7588

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
4fafa2c589744ee040d0fa0fda87e17b

SHA1
6d430409e95ebecd903ae13d28d0812d0666b57c

SHA256
b910637bc5d177a933acd6485cd69354b43cbc1945a407ae57a5f6939a9b2276

SHA512
99e0aed57d2dc69c4b7f3a8da758a42e74c669e8f2ccca2c4c43d17ad1955ba081555c06439b6e51a7bab329f3fa426f96a05c8b42a14c77b4f364a38976c8cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
fc0cf7aac0c207b8feaccab995db095e

SHA1
c657107836831dce68cbe8971e82fa26e0cce220

SHA256
9537e8bfacce1d999ae41c239755d8b5c0104aa434888a92eb4d65d130cb35df

SHA512
1865366d9a23f51bead19bea78d1d7af1e1352be7a61173c54ef083c11daf4b99989e136ae067ca58b1587c80a450cea1173e7b917c99202825c8ab1205857bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.75.4_0\_locales\en_CA\messages.json
Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.75.4_0\_metadata\computed_hashes.json
Filesize
3KB

MD5
b79597827afca294881631ceb9eb3850

SHA1
fcde52ed800551176928fd15923eb2f2b2bff288

SHA256
6696854ce116d36725b67d8101e708412b87d4e63924634cc91f4bddbf03e21a

SHA512
2f560a0f5bc08f3c4974c70b46defc3ce34106dad232e802af64601b89ef50f4a28c5660bfcd00a9e2e7a691d9e185d9b49c9d5ec46971859c14c32a6d70f7f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.75.4_0\_metadata\verified_contents.json
Filesize
18KB

MD5
f1346f53663087a18f734b324e159f65

SHA1
a1a79c373d154e6630de9d46fd8902c0f6acb860

SHA256
8a65785deeba93a107a2fe5060305873a40379cd8b2b848607dde45ed9130e03

SHA512
fb6b92bea01bf399d981260966a419ae328cae7331970fed90dc9d158403b75f07ed1a7740771b56411e3730c946f831e2b1788b5a22e3139f17670fc9c7e48f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json
Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json
Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons
Filesize
20KB

MD5
27dcecabc8a8785776a68df13b91b678

SHA1
6c6ed1eb654aedb507c0ff846427797cb43b480f

SHA256
51030c4851498424ea353a3f5580624405e5ad7f7e0c4905de35d24dd9551a5f

SHA512
adb714a39d61afe391268750caa918e96ab2a3c4e6b7638815ef9cf170ff7a8fb6601ba4e70a428241f8059c64a1c0196b155b8c03ada9386a1980b0ad6f827f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History
Filesize
152KB

MD5
73bd1e15afb04648c24593e8ba13e983

SHA1
4dd85ca46fcdf9d93f6b324f8bb0b5bb512a1b91

SHA256
aab0b201f392fef9fdff09e56a9d0ac33d0f68be95da270e6dab89bb1f971d8b

SHA512
6eb58fb41691894045569085bd64a83acd62277575ab002cf73d729bda4b6d43c36643a5fa336342e87a493326337ed43b8e5eaeae32f53210714699cb8dfac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account
Filesize
46KB

MD5
8f5942354d3809f865f9767eddf51314

SHA1
20be11c0d42fc0cef53931ea9152b55082d1a11e

SHA256
776ecf8411b1b0167bea724409ac9d3f8479973df223ecc6e60e3302b3b2b8ea

SHA512
fde8dfae8a862cf106b0cb55e02d73e4e4c0527c744c20886681245c8160287f722612a6de9d0046ed1156b1771229c8950b9ac036b39c988d75aa20b7bac218

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
1KB

MD5
bd1d567c590920436b1cd9b992291fad

SHA1
bb9b3fe624f913d10a48bc5d387550d3b824b13b

SHA256
ed213e761a8babc1c529632d1bb1d616fcece61827ca1860239306c564a9458b

SHA512
36b33664d10942acc535869eac1ec43af7871f200b2d36f3860d3a2a7ae7278fd5c9476e623d7afe0c87bf4f5683eebdf27c5dbe19c849dff6f8330a38611ded

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
2KB

MD5
4c14edc45c590b931c4169d83ce9d29a

SHA1
a8ee1870697cd2edc608da5d192096421cfe040b

SHA256
476949437f279c8df351c72c173f0902c27fb349cec5dacc2ee0f7fc4d113677

SHA512
1636de31c973c7f22c782264b8cb1b2bcf719d5b5f6dadc995770d173d983421e9c37fffed69a916a2b727d0aadf63803d42202192faa69ce81cbcdef97295ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL
Filesize
36KB

MD5
b7c8c6b4e8f88cbdd778e5d261e23b0b

SHA1
2206c8bc1be3649b31ed96c2df5dc4ec8d2b2738

SHA256
3631566017840b5c0e90b86a66eedc8b6028934cd7ff610acf49166f3c9f2c79

SHA512
c21d39334b47769d9b9bf839f9afb2476b96a1dcb4ba6aa53f7ddfab607d37247bf24a3a2984bc41b150f966ba37525023e57fcd0eb52eea54cd29384e5625f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
356B

MD5
4dfbd0e754a71543d1c43ddc00e7fe25

SHA1
20e1e2edded1b12b1a17308e5e57c1ce2af84c7b

SHA256
df2dcbd0e0142c6d87c8b151db7ce6db3538d94f6e58b0f46a580ddae416cad7

SHA512
47c2b2f130c31a8f5c81a87fb3dd5de55dbc563ae586e8fe0bb830b3d599d41e3679c398c77e417495bd5fa40ebfdcf8010c65e3ad0724a19e8ea6c207841594

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
859B

MD5
e4164bddb9f63a50ea2a918cf2a9702d

SHA1
ce0bc8d6c459a2d407f289381a5e44549ff66d03

SHA256
45048cd4acd25791cd80c21db8fe5ebd1e5cde7a6317487a3ca2773d497b45ba

SHA512
fa486bfc94ec95687fc0f63b24acee6d21bf093fa86e72ef2f4c3949c12ae8e51f37033550c307a5c949de9152b4d3a49cfe8c7e3abbe69e7ac0656e97762efd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
859B

MD5
7961d2c512ff7785705722558f0484d3

SHA1
c8994091751745b78e09463ac16a9cef819933b9

SHA256
7316fe3a174151a31002c4ea4cc859cdd77841a0c502aed6659322630797f661

SHA512
b93982d90ca1a847714667289175a90f1f06a7e1a9d8064ffde00efffe61604345e8d8b41b47620d0114ed6caf2a3f1860b380b32599fcdd4d94157c889bd339

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences
Filesize
6KB

MD5
f3f8b023c42ca91908287ea799c26500

SHA1
3d303f240b90477d05025cad2a9bae3da127c4b2

SHA256
59fa7772dd36f3a9d838061ecf10f1efb416a222b4026b9905f376c285ab7772

SHA512
b5b7e7099c107beec6d1ed331c116eef3f98317695a7e41ddecc873408509042a8e667fccf6e6c3998b0bcec5ad111f90af363d02452692aea7c61233c3a6d7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences
Filesize
6KB

MD5
6f31c6fe6f0d126bd01e74259e7e150b

SHA1
b45e578a2c6b274a74478844a2efe1c27ec8a2b5

SHA256
c33c03bd9879d52e6ce4e46dce7a7c4769002d76c89c801f81d01e8ef930fcfe

SHA512
cdf32488bab20970ea1ccd4ed8c1e8b8cd065473ea9a5489052b0a3c8a380ac78d9ce4ec3c0d0f624c7cc8a429523ee58619ecf1ccd681dad6dc27c15bf47f9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies
Filesize
20KB

MD5
42c395b8db48b6ce3d34c301d1eba9d5

SHA1
b7cfa3de344814bec105391663c0df4a74310996

SHA256
5644546ecefc6786c7be5b1a89e935e640963ccd34b130f21baab9370cb9055d

SHA512
7b9214db96e9bec8745b4161a41c4c0520cdda9950f0cd3f12c7744227a25d639d07c0dd68b552cf1e032181c2e4f8297747f27bad6c7447b0f415a86bd82845

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log
Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
07ff4a1248f6acabadab181b189b6ae2

SHA1
676dbf2b1f202b5a058c453d35303debbbeac6ae

SHA256
088de6c7668817935fd8b77bd37a5ef6eb76eb8ef68aa05efff1bd3e5f5077cd

SHA512
15adceb86383a5445629849865a8185133a6033c86c5b201db951acaaabba0a4cf9d213bf2d4cd9bff4a00023232aa3544ac8e5d0aca2eada51d25243569fdfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old
Filesize
305B

MD5
7d6242a33c1d18a21166bc13bc9753c1

SHA1
87d7586a13a04f7c58943f305c6f7cfaf70fa93b

SHA256
49cbfed27b6c6b08d133bb66a61c53d0bbcc28ee09a789c15ed920810ba56d03

SHA512
362ff5cb5ca11689f6782aa8383edd11fa56ee05e699e86862476f484d2f43cadb236f14bb7313d379ef90da2640f87c049fc330148cfb72415aad0292d8739e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
887c830a3db437372b4722f62fad9e12

SHA1
84220d86b1cbc6bf3524b5a2fe5bd6a3f34d6546

SHA256
e7b000c800cd99f9bda97aacc350b909d7e62c69f66fc9b417a841277ebac366

SHA512
e54416f76e97251ef3f8905da9512ab3feff1daf3180fc231f6eb3cc34d3c02f004651db24dd03b968fe522918002ff628f49bbb0b69de380ce37c3536b72dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index
Filesize
256KB

MD5
c0e9cc7a912dc41289d9afe25a58c7f7

SHA1
2d705ff8cbdc9f189fdf252b5e8a06d63eb82203

SHA256
8f8c3e2800a900eea84fba0d176514a7e5406899b4e1ea368e33631c0be5b2c2

SHA512
7afe731e9acdee0db0760cdb232ee372657b60f927c06c577a36338660ceb3c7c55a1357736dfa965824b8081dc84eb01775d348f7873d794177ff06accfed6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log
Filesize
10KB

MD5
bf5c91ad643bc069ee01d52f04e0c04a

SHA1
2b9d4d5c5600619ccc5d8775a78e2e256e8a7a9a

SHA256
8f0cee83314b2465816cbd561f2d46898a4211ff28e43cab5cb39319b5bd857e

SHA512
b8f09ae0ea0cd5ba1e198336f3383ff93eb6b4e59499e386384dd5f71d4b0b179c21c233d82e5d973b1f600f8a89f65af063f4959c1edc604937dde8735f73c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG
Filesize
321B

MD5
ade29920527f5dcfd92f38b6c1423a54

SHA1
47c579eeef41ea1c41434a3261f7f3b0138c28e5

SHA256
63294644108d4229bb42c9066313e70c5ed4a310a4baa568c85ecf6746078c09

SHA512
c7a2c6eb89c9b9f97f6946560f5e3fa5b86e4ff83ecb1e943b295c3ed636ee49742744a3c2229f4f35a1d6a5803c23ac343ca7d5c70ceeb0f775a7e645ab0bb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old
Filesize
281B

MD5
8b4bc06e173e32be0bee75bca9c4e9d0

SHA1
7f6545381b17c357a4edfa106b89b49ad1be6eee

SHA256
8b9ca25196e924d985122b7a21d8b859e242ae32d633b0bf2287abc642bcac7e

SHA512
48bd9a7ef4deb4018a83af3bc05af50951fd22b3fc891c7600bc507746431a0ba9a86e95e105ace857fcb67c8e382a6e6344f965103d409a6f225f28a4f8e713

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links
Filesize
128KB

MD5
f89c71eee250dfa274feb139ec060b0c

SHA1
6437685b567979bc9e2ec58c479057d6c090c5d1

SHA256
515ebc2dabbc5ecc71ea9aed02168bf9e33f7bd81732bb3fde5a4d3807b6cc2f

SHA512
b1ebeca885ecf046a54acd11b3c5b1a98872a22e58c9b2a99e8b7da92670328e9dd4db51e5c38b88133848c6e4ccbfb6d05485dea1937390461ae65dd8ac30d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data
Filesize
100KB

MD5
c047f1fe245aab1f4163469ef1a7b14b

SHA1
09ead482c13baf87b2e54414a7262c9bf2c3bd55

SHA256
98392395ead47c8be3c881d93a07b2258ba3c96c686c6521cd1e338d0dd70090

SHA512
03db202539b8656e6a31de00fb9778507dde8641f5f079c810ca1e1c24ee032fc1530dedc18c4da3c34d20a119c8208dbd4b1f3fc250a217fd0d6a38d795178d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\f87f606d-f77c-4a34-8b99-0ae878e09563.tmp
Filesize
19KB

MD5
d5c6c6057b0821a8e0a9ffdb9805c4cc

SHA1
33a031a01b3f64cbc260ceb5f4680f26b157d505

SHA256
a80da63149d5d7b876004bde7b8ff43ba22ed4c757297d4a139aba3b66ba6c6b

SHA512
e3c0239ba535ee74c2ede825af1a2dcb91341a92b174092031e86628f5a6bbd6beebd72bf0d1ac602a0e98ee564725195c12c66b4f68ddbcca87eda6cae9d699

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\trusted_vault.pb
Filesize
38B

MD5
3433ccf3e03fc35b634cd0627833b0ad

SHA1
789a43382e88905d6eb739ada3a8ba8c479ede02

SHA256
f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d

SHA512
21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version
Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
250KB

MD5
298afb9079c32f18eaedd5773e565232

SHA1
d3fcb0d53e8974c806ca5d276d2c7d146c9079e7

SHA256
c4d5a3246062546401b4ddf43c68098e1ab5f2de08372876e225ea69d732d4db

SHA512
015a5389032ba5902b45001bfb19b5a28ecb6ebbe6e8909146dd30862d1427cd1ed58abdfdb164630dfe59987cd7af737a69a9f566c6d983fbc1cb1a56034ad9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
250KB

MD5
96485a8c5c456002d3c4f4c95e05e7e2

SHA1
dbd5f6c805c93de9baf7c9204d0738a31a48c857

SHA256
c52f932b55db68a9ee2d8164794ef1fdeaa24acdb770f43debe58af6cdc2cf78

SHA512
ce56585d1307a19f6d80e294183d8d8d36dacc7b8911a3e185008886cb15a5abcaf630f28f42d0a4112628fb1afd5836e2e2b3342f694af7e6e286e9e6e6537e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index
Filesize
256KB

MD5
428ffd46b5679ac053e97be2430c091b

SHA1
c8fe724debbad5a13125c1b40748321038ac8fb0

SHA256
912a4cdda2cba4f6f227ac01284dc6d74446d3ff1851da3b22f112a7e747d6e4

SHA512
bddb0ce249a87a1e9c0d2ede15d6e7c51d2a8181997aa076e33195543963401beda7f13f465de9988b495a1a183cadd7652fdc15a96eaf8b632070a27f5c95ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
\??\pipe\crashpad_3488_GPFKDBXLVAEIVBAM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit