socelars | 9389d1894d58d015aa930217beecefffc4fb10f7e277598701c09cc870f0a074

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Size

1.4MB
MD5

ffdc29b48cf5cd228193a668583fe8b3
SHA1

3e3ef5e4a4cecb91ebab9c975464b4cab7ce06fe
SHA256

9389d1894d58d015aa930217beecefffc4fb10f7e277598701c09cc870f0a074
SHA512

5504fd5502c92b6bd82e60ad3ba4c7d84749ad2c31e1a240305e0223004487c55ad5dfb3b9c6e00fbd92cbec8b24b47aedbf16968f516981df11dd112dd1938b
SSDEEP

24576:mTj7ope1XnPzDuPxy3nyjmaRNKMZ8HhrFCKezRD+iFJSiPIm9DqzZea:+7opuPXuM3nomCNCBhCnhbFJSiL9Dq9N

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

Processes:

ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

31 iplogger.org
33 iplogger.org
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
31	iplogger.org
33	iplogger.org

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exexcopy.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

5096 taskkill.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3020 chrome.exe
3020 chrome.exe
4420 chrome.exe
4420 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3020 chrome.exe
3020 chrome.exe
3020 chrome.exe
3020 chrome.exe
3020 chrome.exe

pid	process
5096	taskkill.exe

pid	process
3020	chrome.exe
3020	chrome.exe
4420	chrome.exe
4420	chrome.exe

pid	process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exetaskkill.exechrome.exe

description	pid	process
Token: SeCreateTokenPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeTcbPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeSecurityPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeSystemtimePrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeBackupPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeRestorePrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeShutdownPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeDebugPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeAuditPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeUndockPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeManageVolumePrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeImpersonatePrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: 31	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: 32	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: 33	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: 34	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: 35	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
Token: SeDebugPrivilege	5096	taskkill.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeCreatePagefilePrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid process

3020 chrome.exe
3020 chrome.exe

pid	process
3020	chrome.exe
3020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.execmd.exechrome.exe

description	pid	process	target process
PID 2488 wrote to memory of 4828	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe	cmd.exe
PID 2488 wrote to memory of 4828	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe	cmd.exe
PID 2488 wrote to memory of 4828	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe	cmd.exe
PID 4828 wrote to memory of 5096	4828	cmd.exe	taskkill.exe
PID 4828 wrote to memory of 5096	4828	cmd.exe	taskkill.exe
PID 4828 wrote to memory of 5096	4828	cmd.exe	taskkill.exe
PID 2488 wrote to memory of 1960	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe	xcopy.exe
PID 2488 wrote to memory of 1960	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe	xcopy.exe
PID 2488 wrote to memory of 1960	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe	xcopy.exe
PID 2488 wrote to memory of 3020	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe	chrome.exe
PID 2488 wrote to memory of 3020	2488	ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe	chrome.exe
PID 3020 wrote to memory of 1552	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 1552	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 444	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 736	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 736	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe
PID 3020 wrote to memory of 3664	3020	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ffdc29b48cf5cd228193a668583fe8b3_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2488

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:4828

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5096

C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
2⤵
- Enumerates system info in registry
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb6d1bab58,0x7ffb6d1bab68,0x7ffb6d1bab78
3⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1920,i,6482471299125730393,10459389224892510198,131072 /prefetch:2
3⤵
PID:444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2168 --field-trial-handle=1920,i,6482471299125730393,10459389224892510198,131072 /prefetch:8
3⤵
PID:736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2228 --field-trial-handle=1920,i,6482471299125730393,10459389224892510198,131072 /prefetch:8
3⤵
PID:3664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1920,i,6482471299125730393,10459389224892510198,131072 /prefetch:1
3⤵
PID:3652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1920,i,6482471299125730393,10459389224892510198,131072 /prefetch:1
3⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3464 --field-trial-handle=1920,i,6482471299125730393,10459389224892510198,131072 /prefetch:1
3⤵
PID:3400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3496 --field-trial-handle=1920,i,6482471299125730393,10459389224892510198,131072 /prefetch:1
3⤵
PID:1364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4596 --field-trial-handle=1920,i,6482471299125730393,10459389224892510198,131072 /prefetch:1
3⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1920,i,6482471299125730393,10459389224892510198,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4420

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1508

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html
Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png
Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js
Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js
Filesize
19KB

MD5
93f987253594b306af4242d630e8dad6

SHA1
1866caabfab029f1ed153889f638681c8f608774

SHA256
5cb93535263013cca72a5602179798bebeb99ac5d0943d11a36fec1d3965c712

SHA512
362d32e81390d72fd2cfc610d9dda383c06f695f01e5abccfd2b39360eca8605858a7883d5cda9dacbc23a6ae929685b2368883450b67843c75c5face2c226cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js
Filesize
19KB

MD5
28da0f1e6b11d5130baeb58ec57ebd05

SHA1
7b15ef65e44ac17d7489e096cf05e525cd88c645

SHA256
a0e6bb70b21d5d8ae18d0a29ad0273843aaeaae3d797cd70833ea8c1aeb704f0

SHA512
8633092f66e3458af09b5cec9386499f00018df403e2e35ff7acbbb7074d611ef53d7d17ac32bc4784fe2be12a0ccddf7a4a6dc903c94b816cfee64dfd0f5200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js
Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js
Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js
Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json
Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
19KB

MD5
810f256aca97967fb2d0eaa7c6f28c8c

SHA1
e4c1e9fb6e82a2266d82330afadf5c48705af030

SHA256
e39de60778b852863f6fa5fe9847dcbc030aabab05d7bd0bcbed080134cb7ed8

SHA512
6e48e7d5cb15fcc6c45be25a25a95e9010cd7e218ef9ac47a319b0698e5e43a910851ef57a2e74b6c18776ac2ad87d7f28916e738f6d22680adb586a583c45b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma
Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat
Filesize
40B

MD5
a251e7d8920ad0ae50087d3903f218d1

SHA1
89a40725b1fec22d61561b2286720638ac0f6625

SHA256
6045f9f01ec3f769a595569f236cec5f057170f13aa5c7f8f01df1cd687725d5

SHA512
0b3c16211e1da01608cab5853c907f5c061d22aad2f83aa990fd5e27b08cca8147c0b0f02af9c91e10b7dd8f9d658360a0d73900b0c101fd2a6758386007bc7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\5d065947-a0c0-4c65-8a2b-051bedf1e7d1.tmp
Filesize
19KB

MD5
870a600e96be305d617c086083756c83

SHA1
780609ad36ea77ae09578a5b7204ab7d4bd457a0

SHA256
99dbe406ab482bcb7e479cd9a30c76ae75a0da33da7b65612d54ed54fece8bdf

SHA512
3a2142c369bbe0510729bf9efd61aaf933ca223eda5bd4740046122c8de161dc0e3132b69448593592516d2bf1606d80710cc1de7d6e18dc72a14f2e5d1a204f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database
Filesize
36KB

MD5
1d90d8ecb26fd0fd88c42a22827269d4

SHA1
d0df9bf0e2259d8101fe84a1020b76be559bfc75

SHA256
971176b58710991ae8c338a3d0ef19a95619c63d4dc1a018767a71970ad23b2c

SHA512
5e70bb58f92d604e6a989d5b2b63e04e0277c670d115695420201368abac358670f63379739bc94fda2abe5ef0ea4ad686eba17fb0afeaed5a7dd5228d29dedd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
609f207c70a0f2b3a2adddcaf701adf0

SHA1
cb083e9e3d19648b9d99a097f15f3cde73ebd1d7

SHA256
0b73c006b379729607553a1d64511558c9a095ad0a542df07f90c37365cd89b9

SHA512
2aecab44e212d397966bc859705be978882b900f482af5c2e2754507b297cbe3c32924f509afc1d3c9cd36a90df232823e7ace455cae2e8df6fad56195fc885c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
e29077c266829c3b674c6bdca3fa75ee

SHA1
003dcc7227af488fe93c35769aee8788890a9c98

SHA256
6b04e56a1fedaa350c4bcfd3b0180e934a6c452ccac4bc11d69c6fa7ce4290c0

SHA512
1028d2f59be40ec704a142cd820dafd21dee44a03b031a0452e06d463e8db5fc41e9242172df7cc7d11bc65fc407cf356eb7ca0b3659978fa75b2273f6249bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
f4ecaf2e3a969588a5c0dd04b5d4fef6

SHA1
10bbc1d2928f179fb96ce6074deba2983777fd1b

SHA256
b84a8fef4a4d34db275bbf9111c8d7e004b95afb9bb19eab4021e57d0aae8250

SHA512
c56d6b51f1a8344f4820bc9a95720586864d35a5c4d8f3e9f838c091414f010a5ef89b577e62bfba9f091fe3159419ab244f7ca893cb06fe507132c7296efc87

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002
Filesize
58KB

MD5
07aed71557ba5e7e67c1e955093cd200

SHA1
added99a1d4ca742e536e351309d6302f5823773

SHA256
767e38bf8d440a0d42aae3a041704ce63bf307cb34f54a72f5a6c6f1d5239c69

SHA512
f0128ee66899cb0bd68af64fc3aa660c11cc2d49c4744655590e430273bcfdacc8786e78ae860d936866e15b9099049ff4be8bea803da14141825d8b519a95ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003
Filesize
40KB

MD5
0f81b6d61de3f11df96afa46fb362f45

SHA1
b73925c797fcb5e23b0e0495ebdfb629d16f26e4

SHA256
7171337d694e449b8c4923733effa4185a3eddb330b96e9fd0e4e3497faf5364

SHA512
1c97e4e7357d385613f05f7a16439c25614d553cafdbd18a197c4a369726ec28b372ec6bed8b87a968d74a2585e3c999da9799e6cf558fa9ce25f87010d0e617

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004
Filesize
36KB

MD5
b950e965e7efc7cc6e75afffa4b37096

SHA1
e313a18e32d00fa90828c269fc729413e6c0698a

SHA256
6b526473ef7afd2a121601ca241c80b29a2ccef431ca2aa1dabf54eb5917193c

SHA512
ef56034734625083d07e18b0f5ff5326e26a01e54cc8444ced8f0fda98dae09b679936ca83c31d0e4664a351c8e6acbbff6f594fa73877727ba06fc5203d54c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008
Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000a
Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000b
Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000014
Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index
Filesize
512KB

MD5
7eddd52a71ac513ce87dcd4d9e625b7d

SHA1
a8389fe5dff416101ab0fae7c3abd8fbc146ccf9

SHA256
8c3355da7fc2d26edb5ba66fc0d7bc922fdc644d782abfd78638d96098e99ffd

SHA512
660152f064fada73c2fa555dcf37e0e284e2d79fd4f3e3b5312627673427e0cfdbf0a4a0fa82bb955d95ccbd4e101c96ba4ba91743bbd95d904c2e462d7eb759

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
da5f5381b84e32eba09e103d27551dcb

SHA1
4dddf0bf02234d3c68c13b38b2af3a4e22b497b1

SHA256
da72417ab1241a87d36955259d5b05ed6c872d694fbe8bb4cfbc560357e367a6

SHA512
60733c50e2a589830b09b252caa600f24e908ee9f0914b9b9117e848c4aaaa782b8be781970a0c111a5c67edd477a980bbd7a9eba528bb733267f92df158d6fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe57c246.TMP
Filesize
48B

MD5
093da37809a00c20ea4342bc9ee6a914

SHA1
9cf1018b765afb3458901002395f5dc393bb195e

SHA256
7805e4525c6d27ddebf27492904cf85f3dc1cecfeaf269239af3031c91588577

SHA512
0f5f13824712f865cc310c0e34b9da3d6cc862b1df8e96e6af44cc7029ef0a6f4f563dcacdd4577071c759db8ba176bab4d10aa03057b1d454df78df27b7a375

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
e9069ca05790604b630d1c74884ce936

SHA1
5e25e66eaa3fc8915cf86317ecdf7045a30f3d0e

SHA256
640e2fbfb32d077e8255da4c22bd78ec26d2f0e0f396e0dba84fa86ecc636c39

SHA512
4a61065f3248acc0a3b1af305c8a84856ba25f450219738cdaa12eddbea5857f9d9e04aaa88d12d4249889d3884e8a7f8b41f2a864aa04352e3570abb71ed482

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.75.4_0\_locales\en_CA\messages.json
Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.75.4_0\_metadata\computed_hashes.json
Filesize
3KB

MD5
b79597827afca294881631ceb9eb3850

SHA1
fcde52ed800551176928fd15923eb2f2b2bff288

SHA256
6696854ce116d36725b67d8101e708412b87d4e63924634cc91f4bddbf03e21a

SHA512
2f560a0f5bc08f3c4974c70b46defc3ce34106dad232e802af64601b89ef50f4a28c5660bfcd00a9e2e7a691d9e185d9b49c9d5ec46971859c14c32a6d70f7f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.75.4_0\_metadata\verified_contents.json
Filesize
18KB

MD5
f1346f53663087a18f734b324e159f65

SHA1
a1a79c373d154e6630de9d46fd8902c0f6acb860

SHA256
8a65785deeba93a107a2fe5060305873a40379cd8b2b848607dde45ed9130e03

SHA512
fb6b92bea01bf399d981260966a419ae328cae7331970fed90dc9d158403b75f07ed1a7740771b56411e3730c946f831e2b1788b5a22e3139f17670fc9c7e48f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json
Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json
Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons
Filesize
20KB

MD5
27dcecabc8a8785776a68df13b91b678

SHA1
6c6ed1eb654aedb507c0ff846427797cb43b480f

SHA256
51030c4851498424ea353a3f5580624405e5ad7f7e0c4905de35d24dd9551a5f

SHA512
adb714a39d61afe391268750caa918e96ab2a3c4e6b7638815ef9cf170ff7a8fb6601ba4e70a428241f8059c64a1c0196b155b8c03ada9386a1980b0ad6f827f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History
Filesize
152KB

MD5
73bd1e15afb04648c24593e8ba13e983

SHA1
4dd85ca46fcdf9d93f6b324f8bb0b5bb512a1b91

SHA256
aab0b201f392fef9fdff09e56a9d0ac33d0f68be95da270e6dab89bb1f971d8b

SHA512
6eb58fb41691894045569085bd64a83acd62277575ab002cf73d729bda4b6d43c36643a5fa336342e87a493326337ed43b8e5eaeae32f53210714699cb8dfac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account
Filesize
46KB

MD5
8f5942354d3809f865f9767eddf51314

SHA1
20be11c0d42fc0cef53931ea9152b55082d1a11e

SHA256
776ecf8411b1b0167bea724409ac9d3f8479973df223ecc6e60e3302b3b2b8ea

SHA512
fde8dfae8a862cf106b0cb55e02d73e4e4c0527c744c20886681245c8160287f722612a6de9d0046ed1156b1771229c8950b9ac036b39c988d75aa20b7bac218

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
1KB

MD5
f917fa7bed022153a3afbf4918e59e4c

SHA1
ae9a00522370751968b0fc9fe02982571b5e4183

SHA256
9c985d50da5b9b5f22a37dcb3bbc1a857e7bdaae923b346e188830ba8b6dc284

SHA512
41c801664f335e8e397afc291049c926811c1759fc7d04edc2d6cae5572e0e56ab95a73a838c9f32dd59e5ecb9504d4cea034e86cfb470e223b4e5d8c8f2c9e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
2KB

MD5
d1233d769621822db02bd153edfc3327

SHA1
b11c11919acc4a6aff94ec20e2facbf0f66d4e6e

SHA256
570832bbbdf10f7cc1115fa00065498f4c294bb7b955d22fa770d1b2e6c91373

SHA512
295446c4fc9742a0dd29a55ba445ec3aecd1c3c39eb6e75ca9b5b15458ea3b2b7c4fb2ebf2e17383ec2b64cde6f3946585f36d6a06d939707d0f0952eb253341

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
2KB

MD5
95ea676679ffd46689aeb1b8a54e998b

SHA1
237349dc6e44f22e64ce4ff00d4a4a910e2e26e4

SHA256
595303ba7471511e4d12cc3fb9ec569fb4a3e451a38a96a3cf7f73ab1784e3ce

SHA512
2264ce05ff1fb216571b4ea085cae7d7f0169397b125ae86253ce2dd46c38d5b9870c38e1a7635a89ed0a80097c3748c54ad42a5a7db7b101ac75f110f52d139

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL
Filesize
36KB

MD5
0b40e9d528f9217166439bfba9d3761e

SHA1
836e2d6f3ff335d789a75ddb78101c5aa5ca16ff

SHA256
7555ad0ab60ac4d801410ba89f59e0ccd8ee75d5094f22df0ec50e551030adf8

SHA512
7901583f490c8da39c33d552ec72f772a22b94555f9b6a6e17c0d5a5db6f4c803ef8e02ea07d31f820cfafa596501e9221777ffcaf382cf6dd79310e271133b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
356B

MD5
b5ccd309a88b864b884f6deb935cad0d

SHA1
6e7f548813147307ba3f6fa2cd5c5b77b3989272

SHA256
9b29ae1694aa51b5a6944aa121ef96b4bddc14581c8f637b28ffd22c3ec07af9

SHA512
bde46152db4c2ad6adbcf6b6c5a964b7c8d8eeaa7d4c925532d4dfbe70e436fb93ba628554b99636094607f94640a0627fb92a18e214c3dd5ea67c16ae47d951

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
859B

MD5
32b590471826da63e582063248ea6d96

SHA1
74ffd94ce448afbff9a2fdfe1e6e53b92096269e

SHA256
7470e66603cb060b5add7747f2c7cc7d22436c28095251f0894d3214c5fae14d

SHA512
09ce10b3d1df62e85265e65ff5820f92ef94d94bb293b40448e3bb42435e829951ccbe3efe1de7ee3c364ecd588338364e6010c39c15514d05b19089e8c2ce5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
859B

MD5
2108e9d88fdeb1a1f63618e5af70272e

SHA1
687fb5b2d6aa868f9b3ce8485790a6109c995e97

SHA256
847ed80599f3dfa0a0519d2c127f56d337b0d7eae212f9d4d6202811ef21f643

SHA512
f07dbde7734bee6780ee88a2a7cd73e2aabc4b1c61306604413d915aadaac031ede1dc49c5cfc2c4f3aef6bf49509954d6276c3b84274a6c97d8a7dc7c33d0e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences
Filesize
6KB

MD5
02a8536388f07644b34af8ca6d28ee80

SHA1
6e0fbecd64da2277fe943e5663e8ee5a717e6748

SHA256
aee46215d8dd087504a47c7c5bf36bb3ac6e0f79809706d04b366285210abdf5

SHA512
7a110c52a56a606b1b63a1bc9cf37f656a34de2d5e6b2b7bf02c80a7aa9fd9f2851adbf4cd94b8cf1eebb5a963a9cb0062ffcc708093893fa34296d6f4a40d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences
Filesize
6KB

MD5
49a2f6a2770efb0a49699bed5094add6

SHA1
37e9bbd4ada5c01e2a88dcec7b5d0bfdd2b3945a

SHA256
6b2b22cb93b372bf5f3e38fc0dab0d08be377a9535c5338cd734ad7a952aaa2a

SHA512
a2ab2e6c7f269bab1e0b996bd2305b17a9cc787339fe8dc7bea197981f3a9595ad1b53f7f09ddd2d7207f602a5d9a0b77a8e4a02fc4f9d20863b9407ab045568

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies
Filesize
20KB

MD5
42c395b8db48b6ce3d34c301d1eba9d5

SHA1
b7cfa3de344814bec105391663c0df4a74310996

SHA256
5644546ecefc6786c7be5b1a89e935e640963ccd34b130f21baab9370cb9055d

SHA512
7b9214db96e9bec8745b4161a41c4c0520cdda9950f0cd3f12c7744227a25d639d07c0dd68b552cf1e032181c2e4f8297747f27bad6c7447b0f415a86bd82845

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log
Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
5160ba0fc06ba537c5fee071ab8481a1

SHA1
69b3384ac38bda4421d9e891c4e6a421add47255

SHA256
7ee9fae340b6456b28d89415af5dbc3cd5fb34734e39577b2e3a3f18223aea19

SHA512
cc20e0e32753d56512e55a236789fbaf3f1c4d6ce2d4d7af8f35166a2cbcff6944a1c4fd901b76b617fa95143c39177f5e8b3bb9e0dc6143385ef0a2750b642d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old
Filesize
307B

MD5
1a4f11817d29a37a3aa7a712ea48eaee

SHA1
9c5f499852996f59df1ff4feedf2b49bceea65ff

SHA256
063e2e282346b4ec674e14fa2ee89b3149cc67c1f98a8c5788ad040b307d3045

SHA512
8565f2a6d3679a8110b63032a3d7f24d8de52009c2d4401126247f68ee95e8c6b3f9faeba53bde5b412d68d196a31e3fedf5d94f468d963a6abb8c8fb0159586

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
87eb6590e75d6e50c294743f10fadb84

SHA1
c143e2c25b0cfa9ec3125440797e94ed511d62f9

SHA256
9436daf65c7ff0e488dfd9c4f96998cbbf87ded3785e21da08d88df82fa0c232

SHA512
46e436f3146ec2f59ba0455bfeb4925a35e09e37663274f6c0c08b0cc1527edb8ac5880c660cfe739bf8c6752620a41502d8ce2b0fa3b742204dddc76df2b8a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index
Filesize
256KB

MD5
c2ff42ffd60e7381197d64df532695d6

SHA1
3a1b8def1108d4b917761efc98394a9f440e28b4

SHA256
e319360e938104133186e2b717414334a411e7405abf040ab4765fd34bf92ce6

SHA512
b1efbdbfacbd70277e3f2331b0d6658e033d8ea0e189f0b5ba317a5f6d2a790d6f75c271ceb52ce9c42230f575c4f98cebe62ad66478223ca213013d02799f7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log
Filesize
10KB

MD5
31822e1c29d67a5600ea2e22f9582417

SHA1
3848af37c73c532b4b52853a25e49e5864369966

SHA256
91f94322318a801ae764225199b8cadac4288b33296a68bccf83f5f9b71ae2f7

SHA512
13d24062fb4b840322499f649837de1d879075585d7047316a7ea2e1d6e533644b254c415a268f8b18f99e6f60a297f319b796d15158d9f1e252766b4ee2464d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG
Filesize
321B

MD5
aa2845c3eb9c011a2c042c07860d1c0f

SHA1
01f01196c7c1ec99692cab8edfce8671c12a13c2

SHA256
8f73c9b2f1e6982f3763121eb01e3adbe43daca3b25888689c363195712ff4b8

SHA512
c55b79ab7ef93d16e2fc68a23fcea5572582f34733c23e7565cfc6825510b69e9c0d45da4fd86c2cb2aa7501d6d98f45653941bfd1d920df73f5bb281736301e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old
Filesize
281B

MD5
3bea3f6a7a1d80812c9b7f7318157723

SHA1
647a1b5e058b707aabddd7ee39e17a50df63a994

SHA256
032cfb4a47c9e3b9c3571665dd9b431aa4b3af787dae6d3b290ab1dcdd03c601

SHA512
9d86dacd145805836e3e45158c27b75999cdfd3e0aae20151afa6e1529da95f7192629449f78d92e36fad4e6cea4bf8097a7497428023c28d1ec4f0e61d94b50

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links
Filesize
128KB

MD5
311613a7b9b648e49bd590f977683bf0

SHA1
cf02c464d8268322c9f1478290555bd977bfc1bf

SHA256
ab80a73c99d076fb83aec6358c7899b7bc780e41e1c356614840465328fed2ad

SHA512
a22aa978a6fd0681b7510c399897332deb66ba82c2977248f308d43cbc9850a380d1235f71de163140d8a944a6bfd89737a3e324a0d42c71cfcd49170751944f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data
Filesize
100KB

MD5
b45ed8b906f7b08bc5db33091c4cbce9

SHA1
b5cb87c23cf1dc00c3384bcae0598071ca92c9d1

SHA256
0a54a476c7eaaea3111a6285d2cd1cf4b020d7de3926b6705a409f9000eab675

SHA512
a4b43bd6b1c8eae01d58cf48fd435d40d580888ad18ec3ae846305411fcff928d8c3ec98aa0b1ed5cb8004d2180c4e9b69ac2ac27fa976e1fd30012b9432f852

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\trusted_vault.pb
Filesize
38B

MD5
3433ccf3e03fc35b634cd0627833b0ad

SHA1
789a43382e88905d6eb739ada3a8ba8c479ede02

SHA256
f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d

SHA512
21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version
Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
250KB

MD5
1eb3871651aa63e2dc51815934bf78e3

SHA1
a219bd2d9dffc1a11667585eb4af031144aad6ba

SHA256
f222a3b49411109c7d47465c9f6884b026edeeb5550e50638baab46510fd67bc

SHA512
eeece1dc6bd0c1eb872f001830381a5a307e684326643c252fa27a3794c8f88b89d44d4a730c722ad79c0d980ec8ff460b48720bd5b1c18237d7ebd89a115e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
250KB

MD5
d270c372bb3ea0a29fb7d88ae94645ab

SHA1
3051665b80bcb9594fb5d8c73344830e166aed3d

SHA256
9bd3e9b086c2faaf1fa955000d75a85ce4d5715829555f88dfa37f26a3536e44

SHA512
442bbc6c256f71f2eca39bd6a1674aa0b7b851720ee030b044ead6ffabeab3482dda1612aa112f3e3369c8b5c17758a2cf2cce91523fb0c7ee246b1d602aeb08

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index
Filesize
256KB

MD5
24c7514899815caf1b63a3ada59d54a7

SHA1
a09deffe535bab4a9cbc873b5101b687706dc56c

SHA256
80c55a0b299e449e5f847b178b0064bd1484cf3561f229ed42a055d81d8a7114

SHA512
11653dca0f2ae8b4ea4c2e8ad451a63fbb4f8925beb3db2b89772459a858cdb0ef8bfce0a213f2f29aea4d2e6d033fd26d02da4972b0a72deb3ec472bc65ab01

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
\??\pipe\crashpad_3020_QRAKVLWFUONLEEGH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit