socelars | 8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea

Analysis

max time kernel
162s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2023 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Size

1.4MB
MD5

e415ffc957f15dd2b4de302e02150a41
SHA1

2a6b974e4453cc771cbe27c1b77cb2dbe220822a
SHA256

8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea
SHA512

7b2a2a582422b2836fcce48319467f93c032966111f7e3de3e85df7c2653bfcd0cca0920d7b3d6df432d5c00f97b2d642202023d95186d4fb19a6bb8869caf94
SSDEEP

24576:A9z7hp10GnN4BhDEYsN4OikFDEQ/lbCFjWlqIgV0edASvoxygyjTYofy:i7hpVNwh/s6OjFpF2jlJNdASvFgyjE5

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

Processes:

8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

xcopy.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

2476 taskkill.exe

pid	process
2476	taskkill.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\151682F5218C0A511C28F4060A73B9CA78CE9A53	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\151682F5218C0A511C28F4060A73B9CA78CE9A53\Blob = 030000000100000014000000151682f5218c0a511c28f4060a73b9ca78ce9a531400000001000000140000007c4296aede4b483bfa92f89e8ccf6d8ba972379504000000010000001000000029f1c1b26d92e893b6e6852ab708cce10f00000001000000200000005aef843ffcf2ec7055f504a162f229f8391c370ff3a6163d2db3f3d604d622be19000000010000001000000070d4f0bec2078234214bd651643b02405c0000000100000004000000800100001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da62000000001000000640400003082046030820248a0030201020210079e492886376fd40848c23fc631e463300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f742058323076301006072a8648ce3d020106052b8104002203620004cd9bd59f80830aec094af3164a3e5ccf77acde67050d1d07b6dc16fb5a8b14dbe27160c4ba459511898eea06dff72a161ca4b9c5c532e003e01e8218388bd745d80a6a6ee60077fb02517d22d80a6e9a5b77dff0fa41ec39dc75ca68070c1feaa381e53081e2300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604147c4296aede4b483bfa92f89e8ccf6d8ba9723795301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b050003820201001b7f252b907a0876007718e1c32e8a364c417ebf174be330d75b0c7e9c96986f7bb068c02444cce2f2fcd1eadbd29f01f9174d0c9d55fda5ad6dd22f3f4b72c02eae73c7251657c23e15ade031d10a84846c6278423122461aed7a40bf9716814477ca6c7b5d215c07f2119121bfe12fc2ef6efd0520e4b4f779f32dbb372af0c6b1acac51f51fb35a1e66ce580718387f71a93c83bad7bc829e9a760f9eb029fdcbf38907481bfeab932e14210d5faf8eb754ab5d0ed45b4c71d092ea3da3369b7c1fe03b55b9d85353cc8366bb4adc810600188bf4b3d748b11341b9c4b69ecf2c778e42200b807e9fc5ab48dbbc6f048d6c4629020d708a1df11273b64624429e2a1718e3acc798c272cc6d2d766ddd2c2b2696a5cf21081be5da2fcbef9f7393aef8365f478f9728ceabe29826988bfdee28322229ed4c9509c420fa07e1862c44f68147c0e46232ed1dd83c488896c35e91b6af7b59a4eee3869cc78858ca282a66559b8580b91dd8402bc91c133ca9ebde99c21640f6f5a4ae2a256c52bac7044cb432bbfc385ca00c617b57ec774e50cfaf06a20f378ce10ed2d32f1abd9c713ecce1f8d1a8a3bd04f619c0f986aff50e1aaa956befca47714b631c4d96db55230a9d0f8175a0e640f56446036ecefa6a7d06eca4340674da53d8b9b8c6237da9f82a2da482a62e2d11cae6cd31587985e6721ca79fd34cd066d0a7bb	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3064 chrome.exe
3064 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3064 chrome.exe
3064 chrome.exe
3064 chrome.exe
3064 chrome.exe
3064 chrome.exe

pid	process
3064	chrome.exe
3064	chrome.exe

pid	process
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exetaskkill.exechrome.exe

description	pid	process
Token: SeCreateTokenPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeAssignPrimaryTokenPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeLockMemoryPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeIncreaseQuotaPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeMachineAccountPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeTcbPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeSecurityPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeTakeOwnershipPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeLoadDriverPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeSystemProfilePrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeSystemtimePrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeProfSingleProcessPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeIncBasePriorityPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeCreatePagefilePrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeCreatePermanentPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeBackupPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeRestorePrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeShutdownPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeDebugPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeAuditPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeSystemEnvironmentPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeChangeNotifyPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeRemoteShutdownPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeUndockPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeSyncAgentPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeEnableDelegationPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeManageVolumePrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeImpersonatePrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeCreateGlobalPrivilege	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: 31	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: 32	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: 33	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: 34	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: 35	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
Token: SeDebugPrivilege	2476	taskkill.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid process

3064 chrome.exe
3064 chrome.exe

pid	process
3064	chrome.exe
3064	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.execmd.exechrome.exe

description	pid	process	target process
PID 492 wrote to memory of 3556	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe	cmd.exe
PID 492 wrote to memory of 3556	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe	cmd.exe
PID 492 wrote to memory of 3556	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe	cmd.exe
PID 3556 wrote to memory of 2476	3556	cmd.exe	taskkill.exe
PID 3556 wrote to memory of 2476	3556	cmd.exe	taskkill.exe
PID 3556 wrote to memory of 2476	3556	cmd.exe	taskkill.exe
PID 492 wrote to memory of 3536	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe	xcopy.exe
PID 492 wrote to memory of 3536	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe	xcopy.exe
PID 492 wrote to memory of 3536	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe	xcopy.exe
PID 492 wrote to memory of 3064	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe	chrome.exe
PID 492 wrote to memory of 3064	492	8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe	chrome.exe
PID 3064 wrote to memory of 1444	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1444	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 1028	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 3600	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 3600	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 316	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 316	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 316	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 316	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 316	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 316	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 316	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 316	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 316	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 316	3064	chrome.exe	chrome.exe
PID 3064 wrote to memory of 316	3064	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe
"C:\Users\Admin\AppData\Local\Temp\8aeb5943e50f456fa19f2832535643e60fbb9aa55afb588e79b77b3e09ae9cea.exe"
1⤵
- Drops Chrome extension
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:492

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:3556

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2476

C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
2⤵
- Enumerates system info in registry
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff905eb9758,0x7ff905eb9768,0x7ff905eb9778
3⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1896,i,4344684898642018432,1102525677649787602,131072 /prefetch:2
3⤵
PID:1028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2136 --field-trial-handle=1896,i,4344684898642018432,1102525677649787602,131072 /prefetch:8
3⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2204 --field-trial-handle=1896,i,4344684898642018432,1102525677649787602,131072 /prefetch:8
3⤵
PID:316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1896,i,4344684898642018432,1102525677649787602,131072 /prefetch:1
3⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2792 --field-trial-handle=1896,i,4344684898642018432,1102525677649787602,131072 /prefetch:1
3⤵
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3528 --field-trial-handle=1896,i,4344684898642018432,1102525677649787602,131072 /prefetch:1
3⤵
PID:2392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1896,i,4344684898642018432,1102525677649787602,131072 /prefetch:1
3⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4932 --field-trial-handle=1896,i,4344684898642018432,1102525677649787602,131072 /prefetch:1
3⤵
PID:4232

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2584

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html
Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png
Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js
Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js
Filesize
15KB

MD5
29bdd8e754afc95196775df7917894bb

SHA1
f4004f2b770559cafb9bda7dce26609325c8f38b

SHA256
dd5439bcf09d24d888a5e2d2c76370d9d3a2201ef73eae51ecdc98fce97b9fae

SHA512
b09cd14f678d4699869405a9fd657404c185dbcca2e7683791f096460c3d0558a20fe61eb2fca9af52a94dbcadc83c3e3e2159b41e45d0f222bbe76a7417331e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js
Filesize
26KB

MD5
029c53effaed86331055c63d264c3316

SHA1
859bb39d27b462a73fc9131f694b69c8c118b3cf

SHA256
3c1453cb6fe4c7ae8945d96db6c19e3eb58702df65ee0244f8f2444b20e93068

SHA512
68d115d79428c906ca377091f30c207de92ee9450e22e94a35fd7753547cb582ae36434595f1c0e444bb19d5c6dcc214fe58a9987f690486800c8ad91c9642d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js
Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js
Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js
Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json
Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
18KB

MD5
6e56d5fe8ee5e43679a3d07de261df8e

SHA1
4fe389c8c433ef8d62b3b386d2cf83dfaa982419

SHA256
5e59a8b30562fe1fc33afc1227627a6bec5b4ece7c2ebe20895f1ce7757bb61e

SHA512
7fda79b906a82fe80ba57609b3868d3a6fee45687e045dd0571d81c2daad0b3170998234989a9edb70535224d7ee469b052c098b1305cc198d2854fbd09f4940

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma
Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat
Filesize
40B

MD5
226222977c175456a902b4b1963b2e0e

SHA1
6e6763fecc7e711768fafdbcfbc05a03ade9f65a

SHA256
43b4790ced93864ac2b364e312bed86e23e7d0e2015b65ec2544d94d1e11f728

SHA512
bc864ffd482b4bb0d49d3ecd0b69580c8faec638ab8eb918467548f97e8d7425298270597ff642559f8991b50ed3495373e4da19e67bc194aeed01aaede2f4d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat
Filesize
40B

MD5
226222977c175456a902b4b1963b2e0e

SHA1
6e6763fecc7e711768fafdbcfbc05a03ade9f65a

SHA256
43b4790ced93864ac2b364e312bed86e23e7d0e2015b65ec2544d94d1e11f728

SHA512
bc864ffd482b4bb0d49d3ecd0b69580c8faec638ab8eb918467548f97e8d7425298270597ff642559f8991b50ed3495373e4da19e67bc194aeed01aaede2f4d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database
Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
36fb3ca287ddcee8fdc69d0b0867ccf9

SHA1
56512158969639d6e7a3cac43340f4dade59c4ab

SHA256
1eee4085ba2a9d868d45231df7490053b106778adfd45add3ea93072bc513d8b

SHA512
be883e4cff8a9d2dbc42b2b5708a13500fbf9d71a7e86189cc195a1963d50379ce61a6080f9d0f2a2e0ca505a23b9b3fedee378d81f5b6f71e96cbf10c26e4a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
763a9506ad87e83f82a6921b9e5b8c51

SHA1
a840f3dc701c759a27fa555d5f3dd4982d582dea

SHA256
c9dc1a4ac260b9044c486f2274470208e6877b62fc0b06640e4b445807efdc3b

SHA512
060384f770d90078b62c477083a36764f63ff296c69bbd9bf856b44f4521049681dc99d5f19a5d5c6b8a00edb4ec22431294b98337e1babd9deac56a0bec7d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2
Filesize
1.0MB

MD5
636138aa0f934b16858731201f34b618

SHA1
b58f44e488b990b60003dff1ac43586184222b65

SHA256
9e6f458fe6fb478a12ede5f2c365a1cb5581f92bfa252793c766b1b4153c5ad2

SHA512
d68a19a4e0f6cfe44161c53dc287404ccfdeec61117e2c16253d26fbf3957537c0c6d0760a7a2d82caed20998c30add8f932131949cc2b2545769ef01eeb6488

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
ad2e487e0487185e763cf49f247e373c

SHA1
2c2e1a49d56ef9f1ef64292fbd88e5cc29e8c626

SHA256
054ea02a8861b1ebe5ea68dcdf9fc04649cfc55ddde8164f974681b6281872b5

SHA512
0d7ff440b91fefcddaa2c91919b8b1df8e2c5b0f8f596a595104781bf3e9e10b8fc14dde0aed2ce38c56cf2071cf008cbcbd96f50a81268ea8123f451b63c7c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002
Filesize
40KB

MD5
6dd9bb6bfc631c1e7e1182c57379cf54

SHA1
96f67d6b09b97e14bea3d98b5ac4b58ef7fc3315

SHA256
63388c926ebb64b2f6bd21dffc116d5291f1f2807aef9cd7656b1b581e10adf7

SHA512
e367167498d4861f7de0fe953efefb39b13749172f8e7c23fbc7179c7d6e19ecd45e6b67d46b81b57b8aae7ce077b929a5c57596be98ef9d174a1a14d3356e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003
Filesize
56KB

MD5
0fa9c6312c3b1393e32abec19d7eba95

SHA1
c1fd12d4e0fe4c58b74d792ed998ddb186cfcb0f

SHA256
2f3e2ef489a2687f28a1bbd4fc118016b5a6b5e27ef546cec83652e993fd4894

SHA512
1957c67d021f287746667b3361c2e130f9c802a4484bef6723bb73392f5c82cc7f70519fad0555937868bb796d4897b7fbb90bcfa55bb3c0679ad9380913ee78

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004
Filesize
39KB

MD5
17b9bb9509fa8aa6e3ef890dc6cb9917

SHA1
81d4f55fe01ad0a40d0d798b102ca826e97c0de1

SHA256
b1e8315c3e639293576ca2ff44b6374643ec3d70faad0b74972bd3d0183d1efe

SHA512
0a22b4d514642116d483d522bf3a86ac3fa4ed7e9931a67e401cb98ced433316711416f49682ba3014dc0249356a65122e09465d84331574c59e62c293b0344c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000005
Filesize
37KB

MD5
f5e8db83d62fbe411c5284a04b8e054e

SHA1
4ec0420f5a971401d4632f470af8ed9e0453eb70

SHA256
927f9e7b1eab07da216f6680322dd2e8c47c186513ab0b788ddfe613de1bb2c6

SHA512
84d93f2a05e78f22585a5241015dcc159311ff5de5acefb64f65e9414d508722a6b2ac02a925f53e1ffd0ff96d7827c13cd6d2e3b3d201a55397cf8eee3fefa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000007
Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008
Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index
Filesize
512KB

MD5
afb615143a92262c1d5969415838c1ea

SHA1
93b173ed4f8a0ba8b6963048dab75ddcd131744f

SHA256
545e493373359fc773af7017bcde4fc5e835899c4290af03be5a30f654aca38a

SHA512
e755742ce745cfc7b60aa53380325f6a74d8c0ac1d2f3e001048f3933a5f90bc89aa9483b391b7a76ad228e413ae6656ad6f336bd0cf4b5ab3bd1ca0300d07b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
dee7b4e7d2b2b65f1d49e9c129ed8ea1

SHA1
3229145cc4f1074da9237b56625376c952e9b65f

SHA256
b024cf37d5deb4171c6e440a56139fb5b39600c750babbc540d8d57bbb822891

SHA512
97a5baba41a54c15b81f0cffa16c80805f95bf832479bb58dda07992020e65dc9d6ce9cb7ed66bfe42e6505411b952c42c0fd4a9f3230b5c2090cb4c56aeb38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
912B

MD5
40316a6f3b1bdb91d18fd84c8662c4e8

SHA1
5dfe3f004034d4ef863349cc75e3600b215c0495

SHA256
26d2a77e4220da1c437b9b7854b543bf7adc94e5900ab7ad0b38033beba5c5af

SHA512
b2ab732ea382e5f6e47f76eb74445c6b21844da6586baf937b266e1b8092399f12baf1d1f8f61520bcb375e907f9731a591be1293f75b722e50fb5841f003729

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
cbfce6e4653a3801b965b31b5fb91308

SHA1
a15654b3fcc2435246c47c640092c7eeed90a2af

SHA256
06f0e314a2e5da2f777ebdb31fbde8f02816e50ed028010ee7e83ea5ec7d8091

SHA512
0d875268be1f5d69a0d47cc5d844f544b5cd0c7ebfc61bdd2367bef37034f9d58d486cff352fd6457ed99b4bb0f54b2a009cfde7d6cbff881d1b273def7e66c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
4952b184f647d3859ca57834c3cb71e6

SHA1
356f9a657b14e7ff2c52be38e90b46f92536d46e

SHA256
7c2d70fe4b7cf8c1e62707176520387b5bcb669d969a0cc0bb4484aee8c392b3

SHA512
11c7c0f2b8ecb95f2ccb20a5ed8ee7047936bf460489f8ae4c893329a051461888f1b407f823282601a822b8bee08dfcc52ee811ec18c4730d275f781222880f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json
Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\computed_hashes.json
Filesize
3KB

MD5
02c8ed2627b526edc7d74eda75b9a924

SHA1
2984ed94ccacb55d86da2e38dbc3b6b7b3ae9a25

SHA256
c4d3d374611fdb6e970a2019cde28482f8b92230941cbca6ebf7699815c152a6

SHA512
16197b17c6e244c11d1804abc5a739eca5ec05858c9784f919acd634d72b8da2d4ba12b2e68f04145c5fb6d39bdfc187b9a5bc49c60a11435163445a04ba3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\verified_contents.json
Filesize
18KB

MD5
2f0dde11ea5a53f11a1d604363dca243

SHA1
8eef7eb2f4aa207c06bcdd315342160ebacf64e8

SHA256
5a2940c7c5adba1de5e245dbff296d8abc78b078db04988815570ce53e553b1d

SHA512
f20305a42c93bcde345ba623fef8777815c8289fe49b3ec5e0f6cf97ee0d5b824687674d05827d6c846ee899da0d742407670db22ff0d70ebee5a481ab4a0ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json
Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json
Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons
Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index
Filesize
256KB

MD5
92ccde014df2fd964969d08f452fb78d

SHA1
4b9f16278eb3a0b138a833147de370d9db5478d0

SHA256
ffb6ed660b387350a6c8b4604d6ec1b78bed9bd578fa859ce93c5ca3780c0ad9

SHA512
db99365cc5962ba8fcbac61c9051150a4b2e29b1d8fecccc1afc5019be350f369936268d6a2645a75613669e39e04a65e2d6853a68c478a4a8d4df4e2b292eeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History
Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
2KB

MD5
82dad21c34c3054e3c5ead96f1fddd0d

SHA1
6bf66d4dff30689c240be9fa71532d0585ae8692

SHA256
ecf9e62ec29d44ac161512fd5b78d7857335aacc8ba865eaa477235f9549ad2c

SHA512
a149e5e6599dd88bcd7d3c6941e0c4af5d8634f5774740a837989a0e118661a1b042c633c795bb2ef8de315054ef213dcffd221685fd88724949eef2599e49c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
705B

MD5
78e6a35b895c00a266966ed49a9f99e2

SHA1
2a5669fd74a1e3b8403559397a90926cfcc4590d

SHA256
6123d37b162412fd24913211d24a26cb6787493b71b4c5933d9f3b81ac696549

SHA512
04d19e7718bf01349eff0d5027bc8fc517158f603d2524198ed38ec3f83db9715e4869a0dc9f83e288e95206eadd3b4cba34fc7e088a31ab8eab0550d7fc0b6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
872B

MD5
dc41cfc70e18d40d5269eff9380e4385

SHA1
a91d58f3a535bfc10e5b08115308e96865407373

SHA256
338031ca2bb6aed3e37ef8112840602113eee313e0efeda0538da9c227575162

SHA512
91334efddc749fffffb2dc2d9d5e28f0bdf536f0d2dfe9a38dbe1910758ebbe2e876379d7bc21529aa58a2e862480a813253332e2fa5e6e46d97158bc1d7fe80

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
872B

MD5
debeab6e0954f18779355b8d502c2876

SHA1
a8bc25c569c4f7132ed30bc29019a5bf915bb8ed

SHA256
6a57c6b7e79d725a1b79e607f48c17d6b9067d6e1a10b042233e1584a123de0d

SHA512
e64a81b307e35bd53af3dabff18cddc8d33bed28aaa8560bf37abc115a11238421699cbb6d4dc822f30f60d6ca97cd2297481f24880932ecee08a88768ca9ca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
872B

MD5
b1542cc6962e2aff4a75cb8a1eaadfb1

SHA1
10551d29d418a5caabd000f399cb8ace6fd74175

SHA256
11c60538260275c5ec624a3ab0146e418c0f30b4c0868b0ee038138f8b75b9aa

SHA512
220ef7bf2a6141fb9fddf0628d6b08e05d6cd9743f287a02bdf494e12acd72becfaefbeae5825f27ed687a12703e4dadf2da711e54dd8c01d3e5bb97a0a7f3e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences
Filesize
6KB

MD5
29cb66251a001c011dbe0eddc0d71d36

SHA1
23eb3e26dae4b7265f6c6bdc4c76b788d4b3fb05

SHA256
fc3cc06f7b4176fea6d80e69f4813d01db4667915c24d8aa3cb4eb73f0e4a64c

SHA512
bbc0cd382c91db01f46b52c9a1ba7253f67896e1bcdcba42df6abc73ba05b62a0333a78d0e70b522f3f85fe4060c6fff320e9dbf4ba18ab5705ab6be08886446

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences
Filesize
6KB

MD5
fa6198e8d74f78756f9bae02a2eca1eb

SHA1
1033b2fa1c775719fa0fb7016d510d24490b22a0

SHA256
a657ff4724b0ab503628d4261df34326f1e5f150ba3b1ec4cb68fb1d9291c44e

SHA512
634bba91ed0172bd50616b51c88a0cb42d9cd8be8b5976b2e46a2530434f261d48dbe92a03f1a1ef908cfbac0f7ea1e51bdc441c652ed0fd004af943deb28a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies
Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies
Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Search Logos\logo
Filesize
38KB

MD5
9935107f6818ceadbb2ed2683f12a7a5

SHA1
d9d2383575d3c5848d07ab2262b373851209b00c

SHA256
c7fe5f0e14d3f468ba3cc004e83f003cebd327568dc1891965d7e02f2d1ef433

SHA512
545848d40d66c8cec890f7bbe0b6c79e8329aae66399801e4951f9f555ec8076c838fe5857a68a28dab462e316d92a8c62665d6f5091d38cf8b33d0c0831de5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences
Filesize
18KB

MD5
6e56d5fe8ee5e43679a3d07de261df8e

SHA1
4fe389c8c433ef8d62b3b386d2cf83dfaa982419

SHA256
5e59a8b30562fe1fc33afc1227627a6bec5b4ece7c2ebe20895f1ce7757bb61e

SHA512
7fda79b906a82fe80ba57609b3868d3a6fee45687e045dd0571d81c2daad0b3170998234989a9edb70535224d7ee469b052c098b1305cc198d2854fbd09f4940

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences
Filesize
15KB

MD5
0139ee40d9a36964100a548ee3fc9964

SHA1
8a8c621ba28f3f348907d98d5b4ca4fabc0051b6

SHA256
8c724286285965e433c74cfb7e7571418ce3870ab57faf2ad58d99c09fb20599

SHA512
83fabc04ad808affbb5de2d96eccb5161a7742323b2fd5c9a43c3087c23e925e632ca3f7160d76f07be5980382dab05d57369f04477f38cd4278414218b66fee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log
Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG
Filesize
348B

MD5
2a9c100280f2193b714094839486e37f

SHA1
926841dd215ead13f73c3fb492468b8992bb27aa

SHA256
080a913588e487d7605d1ca0e906e72fd0c7d4438996def2e2cd49b924882072

SHA512
88aa06d6523aa6ab6ee3fd055b38e70c50eb280c10eccb2f7d244018aee53894746f6fc380a2ddeadbc0bfe74466b23ea12af18608cb93f4a337c342746f6b47

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old
Filesize
305B

MD5
4388909b0a0d2a7eabf0cd5dccb0694c

SHA1
7cf8a409ce17f04f521eb08934df5e1bc4db203d

SHA256
dc9f78683af1a822e6ac410f654c805c1010dfe5ca066009579d0cde6de439ed

SHA512
d0d5e61680717e46abd821af50003da25e808c51ac09bdf1b09dc3a825b73c6248298939f24f1f8fddf13304904b792efc3faff42a8d4c016434e30de6a4b373

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
9342d84b1b2d18ce5b414eaabaa340cb

SHA1
9efc3551a4d8cedaa4912a7e23b9d7a135001027

SHA256
bf3cf15bf219ec653a16475c99de01d556a8c996b957053c6623d9eeb432c195

SHA512
8d1736f115b085e71cfb970d20eb79f44c42c60728becc695300cf74c10d341dc34371a4196e80c7cf3af4e92f050a7704b3c04c7c28f554cce1f7746c24fcb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log
Filesize
6KB

MD5
0f5c5d9eb2dcab773b0d30729dee45b3

SHA1
d4861e8cfcbaf9848fb75f6e43c5847539e646af

SHA256
4c97e32661b7ac9b9141592eb4255af3dcbac3a129cde2a98a7c17b99d7fca21

SHA512
d96230114e862ce19f0de8969cb3904a1f787615106ca5e3a9a67ca813fcaba583415d7523a66455c6413da23e39decd8f017192e8d482730025efc082e68df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG
Filesize
324B

MD5
5bbf42cbbd58a28d31f9a62d7f82e981

SHA1
215b140315935ee743df7500e8ee426f56b81469

SHA256
63c40a5167f272464e517deec8a495a6dc983b1e9bbb9618d931605777f3f951

SHA512
8b02b923d8afe88e2ae6ea8b987311c4a7f6a1197225ed190ae30253414b6a96184a72067d2a307662f42b988d275b17d8b47577f19370175671716d927ff1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old
Filesize
283B

MD5
2160af18822b39bcdb6f978f3e94ee9b

SHA1
98e7eebc382bddd7fb1cf9083a60c15af23603c6

SHA256
287c1a198fdcc4697be982bc2fc06f71a22e952cb0984eb487beeeda416ef9fc

SHA512
49c9715fa1827edb705b2b9af3823172631c33d88a229607a5717f33dcf9750fc9afbcac02980ccf005d624dbfbeef783add4208de7527f37edc0528d565f64f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Top Sites
Filesize
20KB

MD5
f827a28f6100a85bd8217d338ccca5a4

SHA1
2a180393edd7109c3ab03db4e6edf07ddd9672eb

SHA256
82ee998a4908774d5f55d1d65c897abb5c36458bafada8dc945a09c6b9f21429

SHA512
77fc5289c9d5f954e789f2c0b908a39e8e988201b0ff89efc1002d2d5d7808a8e60e9332be4b9838490d48e4a4385d8cd9b3b18c8716ceb9d6f2117cb2e53d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault
Filesize
33B

MD5
25a1bf9a67b6463534d1b2c225bc5462

SHA1
a022f3dca24540ac4d1b3d87c930c5a116ba885c

SHA256
1ef4c6dfca8d067afb95cad1ebd9646c9524b831b1cb610c69c85be52f084f40

SHA512
f1390162afa41eee03059457a94af9b9976b555f5dfe57a3deed0e8642cc5f899640af35b55733226337d7987b7aa68d6cf3c3e85b3215696962031663eef888

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links
Filesize
128KB

MD5
d99f7ceef71c34b55b5b5d54fdc7bd17

SHA1
9d831e5a3d7bb55f08c53f499a32555006c49772

SHA256
ac1ca4d6e76d879c9ae54348d02597dd4df65934c7963bbaa7e08667349ce545

SHA512
374f1152bfa4d4abd955a0c53fe6e334f83442e113564117359e59285727f35c1613e372c82bacc988e5d98213ee1c46232c66f0ce1e24f90f17ca10f3523e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data
Filesize
92KB

MD5
aeb9754f2b16a25ed0bd9742f00cddf5

SHA1
ef96e9173c3f742c4efbc3d77605b85470115e65

SHA256
df20bc98e43d13f417cd68d31d7550a1febdeaf335230b8a6a91669d3e69d005

SHA512
725662143a3ef985f28e43cc2775e798c8420a6d115fb9506fdfcc283fc67054149e22c6bc0470d1627426c9a33c7174cefd8dc9756bf2f5fc37734d5fcecc75

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version
Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
109KB

MD5
1d0b17a23b90113f799fdeda3d433c61

SHA1
9a345c499b32e48a22311fdc72720422e7e731e8

SHA256
9190a9205412734e80f70375b8428a7f0e3992a1f1335f52c343fc48d0c023ea

SHA512
3c91f9f30c5c9cce80dc4bf332b76ef56fc7d927f75708e50f8616376bdd7bb1901a79cd9fe11127ca03962f8e36e08b309a61b672f687f3fa37256f7c358e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
219KB

MD5
1a5e261f750e3ddf5d6120f95885add9

SHA1
da404875ccf9fe8bc04732a37312f7a3ff91ed7f

SHA256
425f1fe389d1bbdf76c7b684157ecd0bf2fe698cbc22c589d13cde43f2203217

SHA512
fd0a0d105ce1b1f393d1acdeb70d350074a81c05aca750b3617e1c5571cb2ca04aa062ff2000da29cd90bc78e2131cc412e59281307b3aa466b986bd760019fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index
Filesize
256KB

MD5
4c4b14630058c342b2cf9370d5f6cd81

SHA1
7700796d6a18c90b7b1b891bcfcc25cd8e5d6b07

SHA256
c9ce8b906a39397e6d3c44c65ed1b488ab0b0da7b69c2540dd73352eca8806c4

SHA512
b5325b9fd14144baaacb5cc20fa13545abf71b5b0a1452f255017b0eede715edcdd42d5b544d33137ff87caaeaff8d5a5b8491882f199973cbb46c35f9bacd6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
\??\pipe\crashpad_3064_CXBXFXHFRCCPNJIF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit