socelars | baf65a4cb3a3443c4dea37ddd9766557037a970b6c1f2376fe75e1e09997cd4c

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e5c8938ed644daec8e14035d1f13bbe.exe
Size

1.4MB
MD5

4e5c8938ed644daec8e14035d1f13bbe
SHA1

1360d8c4f029755ddc0dae7396d13d049f745602
SHA256

baf65a4cb3a3443c4dea37ddd9766557037a970b6c1f2376fe75e1e09997cd4c
SHA512

9656ba361f94253971da6b6a0f708560d3f9b2cd8961d7323a3cd67e3d5f8f550791554cef5c4d0a7b8ef22ebfdf3a087b2cba1007c0ca329dd0a8712c1ab5bb
SSDEEP

24576:zIA7opO13nWEjukQuzHVZ64lEq25RHxrFCKezViURT1jS7VQ+SB42Cf6:D7op+Weu+zHj64ENRhCHJh1jS7y+SBhT

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	4e5c8938ed644daec8e14035d1f13bbe.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
864	taskkill.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	4e5c8938ed644daec8e14035d1f13bbe.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	4e5c8938ed644daec8e14035d1f13bbe.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	4e5c8938ed644daec8e14035d1f13bbe.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\151682F5218C0A511C28F4060A73B9CA78CE9A53	4e5c8938ed644daec8e14035d1f13bbe.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\151682F5218C0A511C28F4060A73B9CA78CE9A53\Blob = 030000000100000014000000151682f5218c0a511c28f4060a73b9ca78ce9a531400000001000000140000007c4296aede4b483bfa92f89e8ccf6d8ba972379504000000010000001000000029f1c1b26d92e893b6e6852ab708cce10f00000001000000200000005aef843ffcf2ec7055f504a162f229f8391c370ff3a6163d2db3f3d604d622be19000000010000001000000070d4f0bec2078234214bd651643b02405c0000000100000004000000800100001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da62000000001000000640400003082046030820248a0030201020210079e492886376fd40848c23fc631e463300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f742058323076301006072a8648ce3d020106052b8104002203620004cd9bd59f80830aec094af3164a3e5ccf77acde67050d1d07b6dc16fb5a8b14dbe27160c4ba459511898eea06dff72a161ca4b9c5c532e003e01e8218388bd745d80a6a6ee60077fb02517d22d80a6e9a5b77dff0fa41ec39dc75ca68070c1feaa381e53081e2300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604147c4296aede4b483bfa92f89e8ccf6d8ba9723795301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b050003820201001b7f252b907a0876007718e1c32e8a364c417ebf174be330d75b0c7e9c96986f7bb068c02444cce2f2fcd1eadbd29f01f9174d0c9d55fda5ad6dd22f3f4b72c02eae73c7251657c23e15ade031d10a84846c6278423122461aed7a40bf9716814477ca6c7b5d215c07f2119121bfe12fc2ef6efd0520e4b4f779f32dbb372af0c6b1acac51f51fb35a1e66ce580718387f71a93c83bad7bc829e9a760f9eb029fdcbf38907481bfeab932e14210d5faf8eb754ab5d0ed45b4c71d092ea3da3369b7c1fe03b55b9d85353cc8366bb4adc810600188bf4b3d748b11341b9c4b69ecf2c778e42200b807e9fc5ab48dbbc6f048d6c4629020d708a1df11273b64624429e2a1718e3acc798c272cc6d2d766ddd2c2b2696a5cf21081be5da2fcbef9f7393aef8365f478f9728ceabe29826988bfdee28322229ed4c9509c420fa07e1862c44f68147c0e46232ed1dd83c488896c35e91b6af7b59a4eee3869cc78858ca282a66559b8580b91dd8402bc91c133ca9ebde99c21640f6f5a4ae2a256c52bac7044cb432bbfc385ca00c617b57ec774e50cfaf06a20f378ce10ed2d32f1abd9c713ecce1f8d1a8a3bd04f619c0f986aff50e1aaa956befca47714b631c4d96db55230a9d0f8175a0e640f56446036ecefa6a7d06eca4340674da53d8b9b8c6237da9f82a2da482a62e2d11cae6cd31587985e6721ca79fd34cd066d0a7bb	4e5c8938ed644daec8e14035d1f13bbe.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4568	chrome.exe
4568	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeAssignPrimaryTokenPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeLockMemoryPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeIncreaseQuotaPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeMachineAccountPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeTcbPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeSecurityPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeTakeOwnershipPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeLoadDriverPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeSystemProfilePrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeSystemtimePrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeProfSingleProcessPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeIncBasePriorityPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeCreatePagefilePrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeCreatePermanentPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeBackupPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeRestorePrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeShutdownPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeDebugPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeAuditPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeSystemEnvironmentPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeChangeNotifyPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeRemoteShutdownPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeUndockPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeSyncAgentPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeEnableDelegationPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeManageVolumePrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeImpersonatePrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeCreateGlobalPrivilege	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: 31	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: 32	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: 33	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: 34	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: 35	5112	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeDebugPrivilege	864	taskkill.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe
Token: SeCreatePagefilePrivilege	4208	chrome.exe
Token: SeShutdownPrivilege	4208	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4208	chrome.exe
4208	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 3796	5112	4e5c8938ed644daec8e14035d1f13bbe.exe	101
PID 5112 wrote to memory of 3796	5112	4e5c8938ed644daec8e14035d1f13bbe.exe	101
PID 5112 wrote to memory of 3796	5112	4e5c8938ed644daec8e14035d1f13bbe.exe	101
PID 3796 wrote to memory of 864	3796	cmd.exe	103
PID 3796 wrote to memory of 864	3796	cmd.exe	103
PID 3796 wrote to memory of 864	3796	cmd.exe	103
PID 5112 wrote to memory of 1920	5112	4e5c8938ed644daec8e14035d1f13bbe.exe	105
PID 5112 wrote to memory of 1920	5112	4e5c8938ed644daec8e14035d1f13bbe.exe	105
PID 5112 wrote to memory of 1920	5112	4e5c8938ed644daec8e14035d1f13bbe.exe	105
PID 5112 wrote to memory of 4208	5112	4e5c8938ed644daec8e14035d1f13bbe.exe	107
PID 5112 wrote to memory of 4208	5112	4e5c8938ed644daec8e14035d1f13bbe.exe	107
PID 4208 wrote to memory of 3212	4208	chrome.exe	106
PID 4208 wrote to memory of 3212	4208	chrome.exe	106
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 3304	4208	chrome.exe	115
PID 4208 wrote to memory of 888	4208	chrome.exe	114
PID 4208 wrote to memory of 888	4208	chrome.exe	114
PID 4208 wrote to memory of 64	4208	chrome.exe	113
PID 4208 wrote to memory of 64	4208	chrome.exe	113
PID 4208 wrote to memory of 64	4208	chrome.exe	113
PID 4208 wrote to memory of 64	4208	chrome.exe	113
PID 4208 wrote to memory of 64	4208	chrome.exe	113
PID 4208 wrote to memory of 64	4208	chrome.exe	113
PID 4208 wrote to memory of 64	4208	chrome.exe	113
PID 4208 wrote to memory of 64	4208	chrome.exe	113
PID 4208 wrote to memory of 64	4208	chrome.exe	113
PID 4208 wrote to memory of 64	4208	chrome.exe	113
PID 4208 wrote to memory of 64	4208	chrome.exe	113

C:\Users\Admin\AppData\Local\Temp\4e5c8938ed644daec8e14035d1f13bbe.exe
"C:\Users\Admin\AppData\Local\Temp\4e5c8938ed644daec8e14035d1f13bbe.exe"
1⤵
- Drops Chrome extension
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:864
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - Enumerates system info in registry
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4208
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3508 --field-trial-handle=1868,i,6683388070396828688,268413217138337666,131072 /prefetch:1
    3⤵
    PID:3036
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3368 --field-trial-handle=1868,i,6683388070396828688,268413217138337666,131072 /prefetch:1
    3⤵
    PID:3340
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1868,i,6683388070396828688,268413217138337666,131072 /prefetch:1
    3⤵
    PID:920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2840 --field-trial-handle=1868,i,6683388070396828688,268413217138337666,131072 /prefetch:1
    3⤵
    PID:1896
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2256 --field-trial-handle=1868,i,6683388070396828688,268413217138337666,131072 /prefetch:8
    3⤵
    PID:64
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2036 --field-trial-handle=1868,i,6683388070396828688,268413217138337666,131072 /prefetch:8
    3⤵
    PID:888
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1868,i,6683388070396828688,268413217138337666,131072 /prefetch:2
    3⤵
    PID:3304
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4916 --field-trial-handle=1868,i,6683388070396828688,268413217138337666,131072 /prefetch:1
    3⤵
    PID:732
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2424 --field-trial-handle=1868,i,6683388070396828688,268413217138337666,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe0,0x114,0x7ffe95ab9758,0x7ffe95ab9768,0x7ffe95ab9778
1⤵
PID:3212

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
15KB

MD5
5a81d840bf98bbdd3193c73103970ef7

SHA1
90d355804a5672deb2e47f8c91f487abf7f1f4b6

SHA256
afcf327107d7d8e26ae4fe29bcbbb788811885f58d854359a28ae757d675e627

SHA512
6d2386fd4a1dadb5e97f311c34b77041063037c764958372d7cdcf340dc7770c33aace3cb78dc816eb4ca11f556e346a05626059c09e3481cb85a356f3e63444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
13KB

MD5
5e393caed2e59f9a01199656237fb025

SHA1
7ffa7011351f64450c6ebf841b3359033fff880e

SHA256
715bc0094478551a3fc4a93358785c00c6c60ee32c668da481869937f4ffe442

SHA512
61bf05cbea3f3ef0012e87173f3c699699fdb06a52c24da1f89bb26e129f49fafbf9d6ca2fbec97e44f2e21bbd2b761eac7db8778eed59e88a3929e87ef96abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
72KB

MD5
f3730bfb21b1b23f3a04db54e5a4f48d

SHA1
cb0b2eb8a0e7e793c5268f1e3deeeebe11da2523

SHA256
24bda91e9666ff662831cab67fa16b8851060bf25b7021b5fbc1d8deff526050

SHA512
3cdd89269a673c4b5eaa50dcdb1ce8ebe9410d3535db2b22d759aa79dcebc1b6ffb0d48dc3b1b29526f205567300e17aea083d4b2281d8a444abfd6b68599225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
aeedfcd771608ca6547610145c46247f

SHA1
9410e8a6874ca06bf75b632d6603723e6ae12226

SHA256
d42cfb6cb34efd8a3cc30ba71732fed9e0a249d291a5ae6f536559ab2dc6f59a

SHA512
76871d1a23bd19e3d7f50dd60b6337f06293ea2e9bac846c51b9eff1093216ba65a219694a633485f16b70731428f4803a98defd46498375fed6c5726003e1af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
146KB

MD5
114db9706a8e728298adb5e20e5084cf

SHA1
d611f5408e38e866feba72aaa9101a2658ebc61c

SHA256
29f341c45ace172d635ce45cf4b9e4a8a679b052e9d1dc767c4d6ba9e2d5221b

SHA512
7b25f9b4195d8da30713ded129f2ca14de8734f572c9116707536aa530eaf017e2f4f188dcb9b493dab2c69c500325068c9cc6591085d7ebde055e81cf2b57fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
bc16ebe41a9fc2938c4060992a92b0af

SHA1
1719af3e339b187d984a76437eb80cae5dc50e6f

SHA256
5874dbe9583546eb24cfb2b237d58f97ef186cd72866dd224df82e62817744ae

SHA512
c78d4be86a3f35ae07375b37fd39f869d317a6ec6699d7673731e6f9b255d7bcbfacf58ca71c3f51baac1e2b2bbee7da58603efa5bd51a31162c481aab7a912c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
17KB

MD5
731ef0580e1d45887d73d38820a300d9

SHA1
a25fe024a97b64c363301bf677979c5e9c5fa720

SHA256
7482690cffb0a57cd81cc54ccc48dafe094cb34c02ea999fc5d40a29ae27bf08

SHA512
77f2b12f4be3d2a030504e7948f43e515ec2b9e48c5574b100da3ddcf566d6a51a35d99c4a46bbc79e48e58810a8fdfc17debd6005bc0043459ebb8996dc60c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
36KB

MD5
c1ed56072ee1f03fa3b0034908914b4d

SHA1
3f7426e74150d21beceef8556516c6f62c69208f

SHA256
ab6179a9e44cc3b633034a3512eebe2b0bce971c6965587ffc10583a4152b9e1

SHA512
c680a4ce5edb48140a9b3fafeb777ff9c3d990ec5759f3ca9b95d6537d805a1723453a3261547c963604ae06ea07baad43c5e17110bd0f70ba2266a23a73cf91

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
45KB

MD5
1dff0a241b2287a0643513f5327bba31

SHA1
6698a3fd8b86c548275a6c1c5b2578ce202bee6e

SHA256
31f097f79c751e3bfcda000afe2c701cef1f063f9add5bafc83a785900938c51

SHA512
b014d53186404d6b5c3510e81255af5dd5242c3551247c7cfa676f4be646d1b6b4127710294a5db0a2878e9639638b7d95b036c430dfd3049efd6e6d40a40435

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b70686a14abe490b7229a5a90c5d310a

SHA1
417a549e15646400bba39efda3d7ad05b7b75dfb

SHA256
91c655cdc5584ea1dcc455ad035f6559af6986fa9a2c41bf721cedbd846b1b08

SHA512
1b2f34d3692ca94447c6a4892c34d251083b28ace35d9d8db1287abb90dac729acdbea3c6cefed2c5a002fd20d4b6159680a3d0e641482a729f3f7e775658a6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
28KB

MD5
9da55ede52b3c9d6f740de60c1cbee51

SHA1
3f214a359f8fb3897dff266b299a49f2694d1ce5

SHA256
3a8ec09eb347f520dc19907da44f44cc247ef1eb066ac2fc7ce2e7db403fc30e

SHA512
a5ac341f45d888f6eed89f0a3f17f434a6b053f8fe287ea9a2ef0857273e7834552c7f55696706f49c41e56c584432bac9a1eb69d6ead1d125ee56cbcd5a1a4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
bbb9176e06aefe9a4bf31cd5914aa969

SHA1
6a95529ab0fe2502f328991f82c25cdaff0a372b

SHA256
c2ba9dcbd57813e01d6ffafcfc66aca1fcbdad610176851760d4d7cf1dea0fd8

SHA512
b59185d538c014490bfc5691be919803a3259d04a127a162f86ef72e8fdf8dcc13794a1d6754e54984e458ce62612f8abc7b36fb52f242dac017693f19ea19a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000005

Filesize
52KB

MD5
f0ffc2327ec360ed072bf4b6a2f94b64

SHA1
a22d2682f3a8d13591199ad886704398c5832af5

SHA256
19e2c309698d43e20c81fbfd45289a83b6015e209c5c478d87f2ff9ccab3b151

SHA512
8175116c0dddfffb7dab469eb377685c6f50e4443367b1c65b57ac0c93200859fbce861dda46d5b761c9de819e5fcdcecb39983281dc2d29c337cee1e32f9e96

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000006

Filesize
40KB

MD5
929729aa7cff46b3dad2f748a57af24c

SHA1
81aa5db7dd63c79e23ccd23bf2520ab994295f2e

SHA256
3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f

SHA512
a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000c

Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
70KB

MD5
71a80b62995a04205369e87c86f289f2

SHA1
a592fd25e66340d6c1117e4f26540a296cc7b9b6

SHA256
66dae2e25ccf794f49cf2ac2da7feeba79f2ee4412eafbe39fd561a5eb2b11d4

SHA512
3736883a94f3c3e5a7652b9d560cff4c48680bece0bfecda0c7a6557b1313114172dc2d072f0c31fd9d7d7716035bca79d80013abb4061d1fd4b0b2cbbb11c21

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
58fad28681e2d6e3e87f08b0a5836295

SHA1
e33982a88ad6f3c412bf5930a1897917b8c6b5a3

SHA256
6709a708ea2c443f4d6bf7949c03af79cb1e68a16159dd2bbddcbb125abfeb84

SHA512
c45875a3ae4e5958e5dbb44d186b2ad61cdfc28ca2d48d61f0338438626011470faefb3c63ec238b790ec2cae259abc8d884743c1ef25cf06457ab0dc93591b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
730e869f74a3c7d39de9d15a5a9cd5bf

SHA1
8c935526b837a15c948b735485fe36123db8724f

SHA256
4827fa1d9f466eb488405ea84ce2e88780c205997fe5b228ce51b540b4fe0b5e

SHA512
87a485603a837349a81d356a7b2d1df2fdd0afeb00e98829dc46315a1f4a3b95489d1226307b7590d007a89ae1bfc2c541e0309d55e1d5c5fba88a283baa97dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
157193f1e4649d9c5ce3ca427117b375

SHA1
0e38e04c5e5f67c63378d4076c57f8d6bf37aadb

SHA256
9f91960e1a6c6d0e3c4b36ffb6d88a288fe9ad1ec8b3925e98b30419d41ad82f

SHA512
dae1e186e51f54c97d3519e321be853b5b3c1a99893a87fef388960624ab4062307880a445850b78f98019c8ef217164b54c59c865232f3cfe1e8cf0be6126f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\computed_hashes.json

Filesize
3KB

MD5
02c8ed2627b526edc7d74eda75b9a924

SHA1
2984ed94ccacb55d86da2e38dbc3b6b7b3ae9a25

SHA256
c4d3d374611fdb6e970a2019cde28482f8b92230941cbca6ebf7699815c152a6

SHA512
16197b17c6e244c11d1804abc5a739eca5ec05858c9784f919acd634d72b8da2d4ba12b2e68f04145c5fb6d39bdfc187b9a5bc49c60a11435163445a04ba3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\verified_contents.json

Filesize
18KB

MD5
2f0dde11ea5a53f11a1d604363dca243

SHA1
8eef7eb2f4aa207c06bcdd315342160ebacf64e8

SHA256
5a2940c7c5adba1de5e245dbff296d8abc78b078db04988815570ce53e553b1d

SHA512
f20305a42c93bcde345ba623fef8777815c8289fe49b3ec5e0f6cf97ee0d5b824687674d05827d6c846ee899da0d742407670db22ff0d70ebee5a481ab4a0ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
18KB

MD5
de038f1f348307c25e44d854732ba085

SHA1
d9811ff8e5778401aeaf81b7bbfba129987722ff

SHA256
a817cf0c5ef55adf7935537691ac688b7a3ececb76d8e47903fe19e2a8f0aa44

SHA512
c2d336d73f365b9f57c61b7d0a8ee4e9ec6fc33638792b0f23179e615dfa0495e128814454bd20b05088b93ed44d6536b63260b16a2916e7f81e2edcf7af9a17

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
90KB

MD5
99be6184547d3df70ca047a6133ef35b

SHA1
8f99d0b63e4585c4f0fad16a3568d52032c4c387

SHA256
9e8938debeebcc782881b63be10a0d8d7a880bd141f4fa6e4243c7e164be6533

SHA512
c40fb6173df30aea42285d6d99701a583dd1b955139c4152c56e6a6b08577ac5ca77c5bd2e0f368fbe11cacd3b826489504f8f7131d5bd7c674ae6303c7c2ba5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
129KB

MD5
8bbbf6b202f9acd4f2b386fcc8abd42b

SHA1
d2569faafad505ee8c5edd19cb08d99ca2360790

SHA256
24697578e55f963c3cbe3e676754786f1bf38bc15683f8e74a17b9ce420aebee

SHA512
580ee4635e4affc2dbe951a96990d67040a02b3f221de88b19bf1a333dc229f13bf8d7e08e587b56f61224d67d41fb23b7061957ecb09d4114a72523721ea792

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
9KB

MD5
6317107d96742dc43e20e4701fa5c801

SHA1
23bfa6a674385dde02a953c371bea6363e9634ae

SHA256
73a54c51af07c46d55ec0f864311fdb5b158a11b70f0860fc8b60e238b6c3546

SHA512
49728626864b2d9b7be997ca0d632e46e5671a407ee1b6a78d6911ae13bacab03156bbf503a52eda94548dd00523ffef9e80e70ccfbcbf348506164282663d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data

Filesize
38KB

MD5
033954b35496c709a2d7454001da281c

SHA1
bb8ca83c74d4ab95ed31747c1b8e49dd71120b12

SHA256
4ea957a3f6a9e895b62a74135f73eb5d203e59157b2fb133546ed1d47d3a8ac7

SHA512
0f09922f344ef9d49a98b6501eda65a66236beeb9e5313097613e983679f959ea0215fc016eb9e0c64cc73918995dcd2b2f6828356f098476ad35c3b3660654d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
16KB

MD5
dc2c54b77438d534b6294fe965f4364f

SHA1
1b3248286ab5149c0c9f8e89b94bea3226c5588d

SHA256
cbde096314441c3652c97274e37d8055fe04ba57de79d0e49005c70bedd5e69c

SHA512
b3311f8bb31e3ad5610cedd70fe4b093629887e5515a1018ad5141fa01cfcf4164cd33387cee954ae1f58d04fe7bbc645ab6a7d62ea12e31e61425d23766bb25

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
12d3f0deabaf2a1c56b1ea44290f84bd

SHA1
f7be0405b2d2c9f1b13d1f1aad6eb2bcff05a661

SHA256
c3e62b19b9d4f0dba03fe03c60b0be299c02dd2138435b2747e9ee59442eabda

SHA512
8886e70a02e4aa0d6f19470748bf9f234805ac813bbfe5f1bb644cbf3a7590085e76ff10802cca61b357161fbed8ee315b55121b369bfc92a0c61c834a164e80

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
c8961a06c4a9e73098d26dd5ee791f2d

SHA1
455f2429554296218095530532440e3ab5d1706b

SHA256
09a057f47ec8c4083b3363ad83ae49bb1cd90159a3c7b9182ab2b2906f060968

SHA512
cef6cbb12bea51817b23a9e5b9be8fb3beb255cde511602a37d1ce15469dd6bd26dc2de748776c47b97cf259bda7a9d2975f6ced1a80749b62224fd6c7123c6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
61edffc8947c7bca1d9265410aa8f899

SHA1
f822e694d3e4e9d645cb371b7e19e35fac6085d2

SHA256
bb7fa35e1dd619138936f2054432ccb37104bfa7087a86036d1ff5674af2f981

SHA512
d3938f36a74d6233a8230498a239375965cf8e29324e2f6352169c3b9395abeec510406b1d20cc17329697fe97311edfddfe92000d498f691d5db7262dcb183c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
371B

MD5
cfdab29fbcaebd3dc7ed36112a9c191c

SHA1
47db632b1396bb70ef01ee22cb8b9c2d2f98b69e

SHA256
be68f8cbe055060bb56783d700ba02dcb49a7e4364a61b4242740201eaebe12c

SHA512
1a2f59cd99720153376c7bfb1965562aa23b5f25216a454dc92d7283cc77fb668c7338d977f2bb2cfb388587f1fdf0fef7beba38524b29af679bf9e332499023

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
d3563bed83f533044b7286c6fdd0cc4a

SHA1
eb732ff976360e07f15536675cc607953f261677

SHA256
415c23529a8d6cbdd25b886a231d1137b60aa576bddce0beecd318f266399f54

SHA512
f90b7fabbe1d44564881ce499ea93ef9b7ee8efa2ea39b44d299260e49e0acfd736793c9d047e9c89e440fbe0547a7d49df61cb0412d6d66cd354c34e7add39f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
78cf355eafb56b1b549655abeeeda416

SHA1
a10ca16f29e57eb33aeca2800aba05c56e417689

SHA256
561f68e3fb145e7a315ad48f9223af115073ca42b0a88121fcf8d2d270605e63

SHA512
74a26caa8e8387a3488023c08e094f57bd079d85811511aae1f4730eba79dabf31c936361c09065d5c9eac9024c868c46025029d1aecee46e73a889186cd201d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
a877beca9b2f03d4796a6c65fff1e745

SHA1
69dbfbf85ef35c2ad26c0fec18f0b5c06795b9cf

SHA256
3b61598533c98461669a467bfe7b262ba94feefdf7b93a817c121aba2af5750c

SHA512
c0697e3951885366a96492bf620b6cee8e8b2c5daff9e4956bf2b4a9d5adf7e36a6bf80d0c647e08d2a42f8ad2375c5a18ce7f750f6b186705cc8a6be3ba6897

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
c41d8eeba2a4628ceb342e25c67e23bf

SHA1
92a6a7459df382fef6873672ab6450d61ddecd0c

SHA256
b77b21aff602b864d7a80e28cb35770b40d5732cbf76b4b540750524a44682b2

SHA512
0bc672ec9475e0a9d8eb8888573b3173f367c6407f02e1ef89fd9ec3a016178af4a08e871513ceb12b75415ea637871db513a0fe6189fb5187caa2ef0a31ab47

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
3063a13a46dc41d813d958774e63ad73

SHA1
20cea9cd56cac362d1ac3aa2b03acfd22b061df2

SHA256
0ba92ebe39eb683892e117a011810fc50079b3c33f7788dac23e9a52f75efa5d

SHA512
6a523ce663e757f5c438a14e26ab051ecef848fed78195ad9ceba2e728836a1d2ea598878ca5a1d86a85d4af589236e49d406476d82778695937be9c370fa673

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
bdb33766e48fb967527125b87c9ff073

SHA1
6100bf17b66f669a49109e6e33d56219ef9b362f

SHA256
228d96402e4ebe75c464f2608225854bcff787e59f650d1a05451faafeb1570e

SHA512
63cd9965999a8bd91256517a60549f76a2f82d677d5bc964b47bcaf11c56ce4e6b701776904a74d1b152222fed29194b76404b6bd4c03beae89d9bd96aa7a34e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
15KB

MD5
4941838fcffb696749eff4c5e6956ff8

SHA1
8229d33c45b55e1cca61524b853737edd9f2f487

SHA256
ff2677cd4205f5a0fbbf9fc0e0aa1299d8ae5ad561f7607e298e895e3ca84d88

SHA512
77b388f6d486e5aa10b937df6676b733f38878fcd7b6b32597f742cb4c1896be161488e390c6a0404c4a1c142d3805933fb49e98e1115c590bcd39f8c41b894c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
7d3ca140c5a5aa6960f5726dd663e544

SHA1
9c25cb7bafba184e4b579372c3f6a05aaf76750b

SHA256
61ec729136cd4702969498080c252c60d26bfd4e3ff9d446041f1feccdcc137d

SHA512
43f9c2fb7359946ae29a665aec51222f0ba527fecbb5689703cf5e5e5bf5416c1c7dcd3e58131d76bfc1b1732e80d683b259ea38d791cf223f8ce4043903075d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
305B

MD5
cde36678806ec80092a1d5cfd0bdfd47

SHA1
2167b32162a0ae527a1b8d7e02f2d8322001ea8b

SHA256
063445064837cc55f9972cb9af9cdf96bb13fa279ef52bd9b891b5884b977486

SHA512
83db2f13171e30ecc2514d55fa47792f8bb1959d4ab90f4cebadd7d2964e157b84b15020e88a08388bc303b9bd6b9e21317ad4180a668cc76c23a4ce097481cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
d5b0850fbc9dfcb9efa72256380d255f

SHA1
f84f196f422a33d4926b4a036f98c9dabfcb74c9

SHA256
3704f532de113b89c66ebd4715bdafb8734c03628fbdd895e603fe485c25cd31

SHA512
4225daef868700b332ac8960c9df5b42bc6b3aefaf1813944e4a457bb95e7d6efc4212ce517bb1f215fc4191f2e0f83e46ca72dee5399778f7a35aa8555fab13

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Filesize
102KB

MD5
db6edee92a6cc04da63814c2de836998

SHA1
26033c456371cc2775c6a315291977492ab1b0a9

SHA256
ae06a3ee4b6b60a06bf99541f7f9a9542d11e19b7ef3c6c6652950c67e19393f

SHA512
26219f39d61cfd3212029f78f439a8f78985a56cf6f5b7d555f91fe1f11f37ac890c51fd0b8155e4902a587111bdc4378b18f6d36350570543a56220bec48e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
86b300021988ba7719d68756a59ab2ac

SHA1
42f23a2374f770823de782d2720e81513aa06db8

SHA256
ee9c7e4342d8f83035aa26c96422050667d2559f45533785e74138f9e1c8cdab

SHA512
4b03c878458d5dec65614afac396598df206f767ca1ba600a960b591bc94da33492e2b227f39f9a9465b6d158d7bbd1dc47da9d674d1664c5864e0a40742949a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
386d04bbb2dfc9082aaea6cab6a22523

SHA1
f3453f49311ebc398dd12175f63b5a6f8744e08d

SHA256
7eed3d9d54c0b481877b386549492f6f55233122e9e99958fc4dcf2c7a000c7d

SHA512
87c00bf5b492714679b357f830bfbd14b7f8046998c4fb23bc4cc9749cc4e52f8bcf10ff31ab1aaef701e6a282fb29de993697de539801b87d74a0a2bb63f489

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
283B

MD5
3b4ad9e996555024d504da24f582913c

SHA1
5bca1523e9d3aa8cf04573638feacb7badd43b93

SHA256
caad458365ba5574640cb0d38f89a9d1060df45d6888de2ade7680cb3516effe

SHA512
04b5fa1fcdd3b21df88f3a4978ca6f78a31b2fdb55be4337aaaa5ba7e2dfaf46547c6a5a172d94453f216e4d9efe8aeaad10d346534272cf73198e55e86e5130

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault

Filesize
33B

MD5
449ad5f292b74985edbc9fdcab9bd702

SHA1
22d07efa35e1d206341649844003949c5d674e4e

SHA256
baf08403ea0175e32437d978141ccaa408c3011034f2d00904054db01fe6b5c1

SHA512
b92963d9228f1b8589e4272c1b0d42200b781160fe3624c101f5ef541b96d8f4b0536a03d4818a346834deb95ab208ce4d882f6f45096d9b066b442cb2da1a8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
31KB

MD5
732ec43eb5f767f29f11d1efc30a6779

SHA1
1132cc41252cb539b00e1d4c58236c1288d07d0c

SHA256
dd11e345afe045f9376fcb1ef2d6b9f6971f6431dd15688dd406b4ac84d93d0a

SHA512
f90a2cfd312e349d5995644113b515000d32027ffd7d138f633d6d05e68989598c614fa3ba345bc1fd7b9dc3131ba0e6166a107e95f3a2e59462d0a835e0d29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
92KB

MD5
17a7df30f13c3da857d658cacd4d32b5

SHA1
a7263013b088e677410d35f4cc4df02514cb898c

SHA256
c44cbdf2dbfb3ea10d471fa39c9b63e6e2fc00f1add109d51419b208a426f4d0

SHA512
ea96cc3e2a44d2adeca4ecb4b8875a808ef041a6a5b4ae77b6bfd1600dd31f449b51b1a5997064c43e5111861ac4e3bc40a55db6a39d6323c0b00ff26d113b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
72KB

MD5
9743843ffc74f6e3fad90b3eeb0b425e

SHA1
1287fcd1aa1e310ace3d9fe56d522d36e06cfcab

SHA256
e13dc94cf91a14320a1802e559f1b8a960ffcc6ef7579acf2064d6178d42b05b

SHA512
128579acd6ab023bee296c2cfad74ada6a2aa8d3d6f015ecb40b8658451f3470c41b57fdc82b647e0593dcbc99f309893b79f97dc2e7da513ac3aee4a6cbb583

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
226KB

MD5
df2d525490687bea43aae4611f7a8212

SHA1
056976bb809a98051bc756e172c1be49fe2e9f87

SHA256
e0de8c6ed3dead60633e34358405517c19e0a4762e247a4a4ab54ecefa94aeb2

SHA512
0dce8048f6b533a3328a51debeeb5e87fd2191c51dfa68f684208c54afdcc9609d85ec3e5373988fa91c0652fe19bf90985a278693675ae94d250e7c71da3deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_1

Filesize
63KB

MD5
cbf6a88b03fcf54152b1660d0a246a11

SHA1
19879729730a4d536e4541ae0d23036671219634

SHA256
80b24f3b5434b25d08756564d57c83bdb1b92d975dbb1f6e88d522fc00c20dbf

SHA512
ef6eed7f714275f57efafe20d48486d2c4e26a7c554d9cc01c618591f614cc8bb4b9fff72a41069abe35a202cda7d2e71a6f67b5f6e70aa7f98e6ea542dfe861

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
51KB

MD5
5581e2600c3a219074d1aee94fd309e1

SHA1
27c1c55dca9cae9f70f9bc085db7b874d20915da

SHA256
adcaac467750bd5552a3fa5d062e8669f2228369973eb36bbcb6d4702a475f6d

SHA512
74d75b8d005c0ab87f71ebe29d555daebf22126238166ae25db4904646b557ca895a7218e0f0b624f95b562cca5ebf88a898e2a028c5170367f0ddff48f7dad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit