socelars | baf65a4cb3a3443c4dea37ddd9766557037a970b6c1f2376fe75e1e09997cd4c

Analysis

max time kernel
171s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 18:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e5c8938ed644daec8e14035d1f13bbe.exe
Size

1.4MB
MD5

4e5c8938ed644daec8e14035d1f13bbe
SHA1

1360d8c4f029755ddc0dae7396d13d049f745602
SHA256

baf65a4cb3a3443c4dea37ddd9766557037a970b6c1f2376fe75e1e09997cd4c
SHA512

9656ba361f94253971da6b6a0f708560d3f9b2cd8961d7323a3cd67e3d5f8f550791554cef5c4d0a7b8ef22ebfdf3a087b2cba1007c0ca329dd0a8712c1ab5bb
SSDEEP

24576:zIA7opO13nWEjukQuzHVZ64lEq25RHxrFCKezViURT1jS7VQ+SB42Cf6:D7op+Weu+zHj64ENRhCHJh1jS7y+SBhT

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	4e5c8938ed644daec8e14035d1f13bbe.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
1828	taskkill.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\151682F5218C0A511C28F4060A73B9CA78CE9A53	4e5c8938ed644daec8e14035d1f13bbe.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\151682F5218C0A511C28F4060A73B9CA78CE9A53\Blob = 030000000100000014000000151682f5218c0a511c28f4060a73b9ca78ce9a531400000001000000140000007c4296aede4b483bfa92f89e8ccf6d8ba972379504000000010000001000000029f1c1b26d92e893b6e6852ab708cce10f00000001000000200000005aef843ffcf2ec7055f504a162f229f8391c370ff3a6163d2db3f3d604d622be19000000010000001000000070d4f0bec2078234214bd651643b02405c0000000100000004000000800100001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da62000000001000000640400003082046030820248a0030201020210079e492886376fd40848c23fc631e463300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f742058323076301006072a8648ce3d020106052b8104002203620004cd9bd59f80830aec094af3164a3e5ccf77acde67050d1d07b6dc16fb5a8b14dbe27160c4ba459511898eea06dff72a161ca4b9c5c532e003e01e8218388bd745d80a6a6ee60077fb02517d22d80a6e9a5b77dff0fa41ec39dc75ca68070c1feaa381e53081e2300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604147c4296aede4b483bfa92f89e8ccf6d8ba9723795301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b050003820201001b7f252b907a0876007718e1c32e8a364c417ebf174be330d75b0c7e9c96986f7bb068c02444cce2f2fcd1eadbd29f01f9174d0c9d55fda5ad6dd22f3f4b72c02eae73c7251657c23e15ade031d10a84846c6278423122461aed7a40bf9716814477ca6c7b5d215c07f2119121bfe12fc2ef6efd0520e4b4f779f32dbb372af0c6b1acac51f51fb35a1e66ce580718387f71a93c83bad7bc829e9a760f9eb029fdcbf38907481bfeab932e14210d5faf8eb754ab5d0ed45b4c71d092ea3da3369b7c1fe03b55b9d85353cc8366bb4adc810600188bf4b3d748b11341b9c4b69ecf2c778e42200b807e9fc5ab48dbbc6f048d6c4629020d708a1df11273b64624429e2a1718e3acc798c272cc6d2d766ddd2c2b2696a5cf21081be5da2fcbef9f7393aef8365f478f9728ceabe29826988bfdee28322229ed4c9509c420fa07e1862c44f68147c0e46232ed1dd83c488896c35e91b6af7b59a4eee3869cc78858ca282a66559b8580b91dd8402bc91c133ca9ebde99c21640f6f5a4ae2a256c52bac7044cb432bbfc385ca00c617b57ec774e50cfaf06a20f378ce10ed2d32f1abd9c713ecce1f8d1a8a3bd04f619c0f986aff50e1aaa956befca47714b631c4d96db55230a9d0f8175a0e640f56446036ecefa6a7d06eca4340674da53d8b9b8c6237da9f82a2da482a62e2d11cae6cd31587985e6721ca79fd34cd066d0a7bb	4e5c8938ed644daec8e14035d1f13bbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	4e5c8938ed644daec8e14035d1f13bbe.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	4e5c8938ed644daec8e14035d1f13bbe.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	4e5c8938ed644daec8e14035d1f13bbe.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3396	chrome.exe
3396	chrome.exe
1712	chrome.exe
1712	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3396	chrome.exe
3396	chrome.exe
3396	chrome.exe
3396	chrome.exe
3396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeAssignPrimaryTokenPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeLockMemoryPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeIncreaseQuotaPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeMachineAccountPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeTcbPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeSecurityPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeTakeOwnershipPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeLoadDriverPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeSystemProfilePrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeSystemtimePrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeProfSingleProcessPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeIncBasePriorityPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeCreatePagefilePrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeCreatePermanentPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeBackupPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeRestorePrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeShutdownPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeDebugPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeAuditPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeSystemEnvironmentPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeChangeNotifyPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeRemoteShutdownPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeUndockPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeSyncAgentPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeEnableDelegationPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeManageVolumePrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeImpersonatePrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeCreateGlobalPrivilege	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: 31	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: 32	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: 33	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: 34	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: 35	5044	4e5c8938ed644daec8e14035d1f13bbe.exe
Token: SeDebugPrivilege	1828	taskkill.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe
Token: SeCreatePagefilePrivilege	3396	chrome.exe
Token: SeShutdownPrivilege	3396	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3396	chrome.exe
3396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 1900	5044	4e5c8938ed644daec8e14035d1f13bbe.exe	97
PID 5044 wrote to memory of 1900	5044	4e5c8938ed644daec8e14035d1f13bbe.exe	97
PID 5044 wrote to memory of 1900	5044	4e5c8938ed644daec8e14035d1f13bbe.exe	97
PID 1900 wrote to memory of 1828	1900	cmd.exe	99
PID 1900 wrote to memory of 1828	1900	cmd.exe	99
PID 1900 wrote to memory of 1828	1900	cmd.exe	99
PID 5044 wrote to memory of 3560	5044	4e5c8938ed644daec8e14035d1f13bbe.exe	100
PID 5044 wrote to memory of 3560	5044	4e5c8938ed644daec8e14035d1f13bbe.exe	100
PID 5044 wrote to memory of 3560	5044	4e5c8938ed644daec8e14035d1f13bbe.exe	100
PID 5044 wrote to memory of 3396	5044	4e5c8938ed644daec8e14035d1f13bbe.exe	103
PID 5044 wrote to memory of 3396	5044	4e5c8938ed644daec8e14035d1f13bbe.exe	103
PID 3396 wrote to memory of 3344	3396	chrome.exe	104
PID 3396 wrote to memory of 3344	3396	chrome.exe	104
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 3624	3396	chrome.exe	106
PID 3396 wrote to memory of 5048	3396	chrome.exe	105
PID 3396 wrote to memory of 5048	3396	chrome.exe	105
PID 3396 wrote to memory of 4748	3396	chrome.exe	107
PID 3396 wrote to memory of 4748	3396	chrome.exe	107
PID 3396 wrote to memory of 4748	3396	chrome.exe	107
PID 3396 wrote to memory of 4748	3396	chrome.exe	107
PID 3396 wrote to memory of 4748	3396	chrome.exe	107
PID 3396 wrote to memory of 4748	3396	chrome.exe	107
PID 3396 wrote to memory of 4748	3396	chrome.exe	107
PID 3396 wrote to memory of 4748	3396	chrome.exe	107
PID 3396 wrote to memory of 4748	3396	chrome.exe	107
PID 3396 wrote to memory of 4748	3396	chrome.exe	107
PID 3396 wrote to memory of 4748	3396	chrome.exe	107

C:\Users\Admin\AppData\Local\Temp\4e5c8938ed644daec8e14035d1f13bbe.exe
"C:\Users\Admin\AppData\Local\Temp\4e5c8938ed644daec8e14035d1f13bbe.exe"
1⤵
- Drops Chrome extension
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1828
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - Enumerates system info in registry
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd880b9758,0x7ffd880b9768,0x7ffd880b9778
    3⤵
    PID:3344
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2144 --field-trial-handle=1932,i,14598465806380196460,6508168797801019557,131072 /prefetch:8
    3⤵
    PID:5048
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1932,i,14598465806380196460,6508168797801019557,131072 /prefetch:2
    3⤵
    PID:3624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2256 --field-trial-handle=1932,i,14598465806380196460,6508168797801019557,131072 /prefetch:8
    3⤵
    PID:4748
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3244 --field-trial-handle=1932,i,14598465806380196460,6508168797801019557,131072 /prefetch:1
    3⤵
    PID:4772
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3544 --field-trial-handle=1932,i,14598465806380196460,6508168797801019557,131072 /prefetch:1
    3⤵
    PID:208
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3516 --field-trial-handle=1932,i,14598465806380196460,6508168797801019557,131072 /prefetch:1
    3⤵
    PID:4672
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1932,i,14598465806380196460,6508168797801019557,131072 /prefetch:1
    3⤵
    PID:3648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5060 --field-trial-handle=1932,i,14598465806380196460,6508168797801019557,131072 /prefetch:1
    3⤵
    PID:5068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5632 --field-trial-handle=1932,i,14598465806380196460,6508168797801019557,131072 /prefetch:8
    3⤵
    PID:2436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5644 --field-trial-handle=1932,i,14598465806380196460,6508168797801019557,131072 /prefetch:8
    3⤵
    PID:1252
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 --field-trial-handle=1932,i,14598465806380196460,6508168797801019557,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
15KB

MD5
929c158bb0035a38e9aedf32811bbc2a

SHA1
803148c26a94752b5fca62a19bcd1c41e549cc1f

SHA256
09f31cbc0f0d5d2d62a1add2c3e7df6420e8389b9bed9b9d3763fa381151df63

SHA512
05cbfafaa677229da9cc952877323784cd908874278d0913d28377ff5ee901aa21aa8a0e25c919fe9ea4bb1153a789a0555d098b9b2038898ba37c2d72163717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
26KB

MD5
029c53effaed86331055c63d264c3316

SHA1
859bb39d27b462a73fc9131f694b69c8c118b3cf

SHA256
3c1453cb6fe4c7ae8945d96db6c19e3eb58702df65ee0244f8f2444b20e93068

SHA512
68d115d79428c906ca377091f30c207de92ee9450e22e94a35fd7753547cb582ae36434595f1c0e444bb19d5c6dcc214fe58a9987f690486800c8ad91c9642d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
1c29aa484ef35c6ab855abc0dae9b4a6

SHA1
04edafcb1ea6ca6c6d2d6d3c4cd0bff80a097056

SHA256
d3127eac4f33ac9e8d6556af0f4af52d3439a7a8f642099504c22b67535a84dd

SHA512
c294f3427210c1d756c7f3703a036caefa9d465e47aaee61ad7648503f05f4c762e0bb5979548c3ba97321827cb3e11eb2f8c2cf640cfaba7553e8a2abddeb06

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
d998db6bb78f1336ff0e927205cd5dcd

SHA1
4d4a205d698b61b661514654b3917375f8ab644a

SHA256
32bce0ec12f35821550b935f0f9d841c1dcb83e9316c804190d0aa26881e9d9f

SHA512
c8e05fd8ab522baeab3742ceec64eea154ebb72f9408c82babec3d01ecad67886626c13a126b9290074d4149eef1be56853e9aea72c455147fe3f7039bbfe21f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
062cc84c0218b55fdd1b19857d52cc59

SHA1
e25a3051e499e2269d9e2ea0f384eaa781d3ce24

SHA256
8fe2e20bb3cf656eff404cd69a740bdbeb2abde044ac1c802270c6bb349129f0

SHA512
bac28b92d9f095b08e6b68eadc1d11814faaf8f7ce24f8da404eac4127bbc560817492ce72a681192e80605d7feedfedf20543b0503840c33488d5728afd583b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\889289fe-d048-4f7f-b142-72ceef31ad0e.tmp

Filesize
6KB

MD5
cc6462be67ef1492e6eda2766f420ba2

SHA1
80339bd5e0b3fbde1d611ff2895440438a07c2b9

SHA256
db66bf5cc331897cd65c96425c49770766aeed9b6677f662e1fc19f4ebfa81d1

SHA512
956c8e165c49bee71768bdb19f56bb382cd3f28340757a2a96a920e3064d39673b06f1f8690bb8876803a35ee8aa29815e85170588a0657add68a45ba3559180

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d4728864945000097890c56052d2ab17

SHA1
cf17f621557af533a18fd7d00d277530754ddaf2

SHA256
aae2d7b6f7e653fc2b35798e79b551df4e14f46a6aa76638db1713bcf3f337dc

SHA512
25d464e0bf8836a42d769f7d180cf1a8e485f78a748584fc6adb4d9060588ef21d8025412077f08f48388c88bc5d1579d8de14a8f6fa64f3445ba09d3cb15283

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
629ceff7d7d71f6a8b628894579a62a3

SHA1
db517b9c6379402eab7cb4488cb973c9d272df56

SHA256
e0e0f9b4cb16a0327cfdf1edca0851e54abffb2b89e884040bfda3f8481de063

SHA512
9aa5d1be0af61a8d576797ad720f46d4b90da6d2526f2613348038bfc9070176776d51841702b2b55e8f1c6c1c3d431be9bf7562dea727dfd3a46f50f6ef977a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
17f1e9918bf557f4b5d22bab8549e6ba

SHA1
a613c6f54410625f5c643ea1a3ee06b191bf209a

SHA256
2d0cb2b79694e882803246c5184ab423671be89b039bba0c3cfe6e0b1384a3dc

SHA512
19712ab9e2c7468b79346050b5bc6943a7096da17328a0202d5958721d3e38c62b2714aa21b82636667af908dbbef2c35aa1b717d8434bd9fe53110b933c1fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
cc5f25e0a3c9bb4e19f8f2f34013f8cf

SHA1
9df56fc2b00fe38c5e79d05ef278764af7ecb060

SHA256
9caad9b9d074961a688c59ec998f34adbd6e6f4c1bfbff0834a2ba87227ad7bb

SHA512
205eceaa2fd44c186f2be92814dfff4eeda374de56316e0a39a9f5acf3274ba87b2c461493e9e0733de3aab2a690467db9bba7abe8aa4d041168a656a457baaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000001

Filesize
52KB

MD5
21656a2c8c400043aa256b475d3f096b

SHA1
7d88ce9cb471d271b09d38b43705135c90b53ada

SHA256
b2ca37412dd87c58fc22126231cc140c20ebdc1cc7dd556b49f34ee855a2e222

SHA512
8f2ee1ba359ccf7fca571e37fe67ba67c28d9f7b302616c5e36d3031efd921bd0970111879e34f1d88d9515f2e271225c2291b6053c61ef0bbabc0166c278b6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
58KB

MD5
60740148e57524f98393e097189ddf07

SHA1
be4a81614a4e04f7280e87a56b2a2435cc8f990d

SHA256
8e0b9e6ab21550d38b005e289caf6642894269ddd07077ee6009d9f35414d0e9

SHA512
f23cb2f170b8084ed3e99eb28295b96ee9a049450c35233bf236fb41d2dbfd8c30c3a9538f3ce80684e486c4f3400170a8b451175229177bff77e93f45508fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
40KB

MD5
929729aa7cff46b3dad2f748a57af24c

SHA1
81aa5db7dd63c79e23ccd23bf2520ab994295f2e

SHA256
3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f

SHA512
a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000005

Filesize
36KB

MD5
645df3050a09042e0bdd5fe2556d7b57

SHA1
231e021df52f63f2d45f68bb5b7a8ea7408ab5cf

SHA256
d67a65b37c301fe12ec54f680fd2028367bcf753a8fc58cd91e5aba58754104b

SHA512
4eede4118332fd3177d2972a5829ace3da189f79332f69bf95ea7134936ad6826762e0e7713314de28d5e2be7c46ebe928233622671bfd3fd0c61127536320d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008

Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000009

Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000a

Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000b

Filesize
20KB

MD5
f001eeebfefb2ebf4a51386b0f393f78

SHA1
e97c3ad98328b7c8237358e767708731e8f1801b

SHA256
f91416ed4520e63b259813c014a97122edb87f71a2994d8bb9ad4e9b30de2607

SHA512
16903eb10eca6aa087f83c664c9ca134c991c789ab2b895d14cf2c50069a4c925a9ef797da73dfecf1d99af7fab12eca2896d1ce06455eb3fc8b848d4cf54b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000c

Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
6163c11428c0d222b4325f1f88adc3b8

SHA1
debd93aa861922972124837753653aa3d2881b75

SHA256
a1f1a1d826f41ae52175ba4414ea4ac4685e66c755ebbd5947bfc3b770ec6df5

SHA512
4df28e26019059a2938efb788c4ed39a1f851d53af458dc8448fb64ed77e3f12a86de90c91c1eafa10d9cfcabcb575a429bb57085eecf620489c2c6d2195dc79

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
6c3de86690fd5f4185070d63e0e02f6d

SHA1
18d65f54d32df7fe3aedce0ba93f97736392188c

SHA256
7e732426153c03707b182962c62f6fb31b156ebd3c48162ca274d7597749f751

SHA512
c324753bfe872b0102eaf2c6b911a0dfef6335e0f4cdc139e255af54cd0802cd5ec6836dfb86453c2cb3c65d5217d5da3a6c33d633289a48a55471e54ef916c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe590e5e.TMP

Filesize
48B

MD5
e4dbe1f963f2b30629a6a254326636d3

SHA1
b6d48f7bd9b56c4686e1eaabae51eff9d54c8d06

SHA256
ec8e3bb663b70de49eb707d28859a1b49ce1c6e82c8025f3ac840f7e46e5b5d8

SHA512
e74a2a6610d37f4aed05047eeea72183c8fc4ff1bd18e403ce9bb41f6cb89ceeea7642660f843dc759336664cfd9583cae14ebf3c7440632f29f3812561b1bb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
c0f4f1fa5ebee3ec9a9f196755ada830

SHA1
1b71f77828beaab8cd53f2246dc66513384760bc

SHA256
e6ce1d4c65eb5cf67bf5f29c4fdca2141e3d1b9469957e9e6962e399cf579bc6

SHA512
248a006c7bf8fc51106856c6d88ddad07483d38aa76e215f8faedf85f42aeb57dcf29cc13003ec3f811798dc2ad7281c382c8240fe3a392f1b7222f6f800df58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\computed_hashes.json

Filesize
3KB

MD5
02c8ed2627b526edc7d74eda75b9a924

SHA1
2984ed94ccacb55d86da2e38dbc3b6b7b3ae9a25

SHA256
c4d3d374611fdb6e970a2019cde28482f8b92230941cbca6ebf7699815c152a6

SHA512
16197b17c6e244c11d1804abc5a739eca5ec05858c9784f919acd634d72b8da2d4ba12b2e68f04145c5fb6d39bdfc187b9a5bc49c60a11435163445a04ba3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\verified_contents.json

Filesize
18KB

MD5
2f0dde11ea5a53f11a1d604363dca243

SHA1
8eef7eb2f4aa207c06bcdd315342160ebacf64e8

SHA256
5a2940c7c5adba1de5e245dbff296d8abc78b078db04988815570ce53e553b1d

SHA512
f20305a42c93bcde345ba623fef8777815c8289fe49b3ec5e0f6cf97ee0d5b824687674d05827d6c846ee899da0d742407670db22ff0d70ebee5a481ab4a0ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
39c9926bf1640ab9d98beef891db5672

SHA1
684916080ce5e20e57e38996bafd27d5342dff2e

SHA256
8ae553aeb4af01ed88b6713a37a7fb72a80eb5ca720393f172587039a45f40f4

SHA512
1fa30d5bbb236594cb4b437408c80a97508945dd6a7cfd3ac1925d2d155a7a156ecefe59198ccb549e059d501f69b406569fc3083b3cc72d72809cbfbc4fe5a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
3c01a96c3c5cd0e6fa523dca5e6543eb

SHA1
08182acc7d73c56da406ec249c4d06f036150d77

SHA256
479e8ed231e3aca07750a0a0a8dd9087efce7d01cb2b76639be0d8d4dfbdd594

SHA512
207128b9276a70c416c91fdba0966a0e7568ffa381edde25d702da5920146ae43472e3132bb607b4f89031bff6fdd43c658cebc93044a66807e10c96cb35093d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
3a59cf1c894c47c15406197022c0f47d

SHA1
ab108333a6c1ab317e51ed1a7a2e97fd540b725b

SHA256
2ff9701234e59b652933db25b45bc8713171d28518c3d3f80896d2f6dbf85f71

SHA512
b48cd14469e6124bcbbecb9c6e29efd48ff267a818529e41644617734cfbca9a560adb99b20e1e67c9cdd1d3e2961096dad9974efca6cee932949987c69c10d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
007535dadaa46d2751ee2b0bfab097a2

SHA1
3bec6ad73222a9867b85f6cfe66b7d31e9929906

SHA256
fd962297b11df86a050b116d2e22281cc5927a03027daa2e3a1d1370c11fe432

SHA512
c1ea372e8cfb3575a24ee04cb4623a68c56e9c05006564f5dc1761bb41861458bfafaf4ac78a31dc06f321c4d0b08f0eaf10a29c2abc77dcd260e324ad0f4ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
371B

MD5
5e7975fbd1499dcccb71f7472f050e23

SHA1
6740c75e9febb57305d92d141ccf2f99d04dcd2e

SHA256
7daf9a845da335da1debc40a3cef31006f3784847029561f9046267e8a4682fb

SHA512
554b5e1b118863471b41083f0e07ce0339d2c3d219fec1336789559aabe3082ad4efde3fdef38f2a4574c3cb2233eae37edf22ffaf6a688b8a70c41955103488

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
ebae7c6c8a1caee0d4f6face93574db2

SHA1
df360d023b974dfcca84be4b9e933dbd2c13fe0f

SHA256
e9781985c1c77c4a792a318d5c0294e7497ae8383169d0cd9be61498c07f1997

SHA512
cf53d814663ae6d691b74055f53e29f5d46730c1f5533e295da1f8c93d6a377e15145f0e1981a6525aaff99142714fa5fa5559556a3cc9fe7b970b224c0751c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
ed9daf0ecde59ee06e127518751a517f

SHA1
84f79d61d13404eb68e5457183c110e6c6925931

SHA256
085855399fc6bfe5a03a56b3e3d68c74c9fa1013f00d64e8682b038013cfa722

SHA512
49f6a16b3fde9abb26174a2cf6eb00492e54726bf508d14c1fcd9f6b75fee807e2791b1bb5253617d14fb51640a9629f2c4940ae47f51e69435b0a6bf776efbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
bb067107d45a35cff727fe0bbf412cfd

SHA1
6ec99154d14e37f47ec904b5c20cec2cb3b97c8e

SHA256
55a9456d5f19e10225fe3423ec1c66ec2ef2024f1bb52ec6f5b7c0d80830233f

SHA512
9b333792fd89996ecda4729ffcb6fa8748284f3e127196533422d6c9c631b8cf852e443e93d0132ea3f6331a20b80b5f60d5f45ca4faf0e089ba93be7b024134

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
65ab06aafcaffb412266fd380876a467

SHA1
97412a26a9dcde91d5c55564cacea86ba0e97fa6

SHA256
e3521641ea333f9bd98f51e5ef1c1add5cd71e2d223c1f50b425bb319be5b771

SHA512
f3d3b1c28ee91e1be37488013ad35f6833eeaa17ec2683040f2ea19073ca9ffa6e8bcef0314fb62223750d8fa0364068b08e00e17a6fb71874fe9123d8db14cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
0ec94bfec90a5520d28eb1015cb9b7c0

SHA1
2cb930c4fd8e294b4523de6154e020ea1241f3d2

SHA256
822cedbfd0d068355812af499acb4268d9e7de3cb0a39215a038d64b38826437

SHA512
6fa077ca7a0e13fa6c904c15a93c84fa3309d883be4d68a83c8d56db8fbb4d63dee5555b20700791615ee2e0d4c6c8eec3419de7bc23fbb9c6faa21ab4731f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
15KB

MD5
7cbfb377625e563069588c0fc61ae8e8

SHA1
10c4054b357aa28176633172c4bb8fc399b325be

SHA256
79ab1f8545fd995baeed3aae4e9f4a6d82eb12d4e05678c681c63dd96975bf5c

SHA512
38b84fe1fc8b2a970248677b3765a811adc1ed4f7db94a93aa2a6b2e6b1e0f37ec6f1cd230789cc3a6b38567c7eb8d0c203e3c85dfd2e24589f88910e82c654b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
229b12a56d3b2d32e0892ab8c81e3aaa

SHA1
22dcdc4f303c1c711c8ad48db380f069431c3403

SHA256
676751dc467e26f5849c82fef435ec56a97326ccda87160c3c295d106e20a19e

SHA512
9e450eced5676f8136c083736d6e6208df6982ef16dd720bb14664690a0537ec5c1880375e8884d34ce82dc3aadb678bee4cc0e856181244a9abdce0fc2f5e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
305B

MD5
ecd49160430d54dcc8bc5cc177ee3874

SHA1
b927e87a2f9eddd0153ef80e7d9c45f034540a92

SHA256
62f1b68190cb9a2703bf8806e7ae0e71dadd8e0626cd40aa068006307b2ca4d0

SHA512
646fe54f28138a84076ea674c1e6cdf3f525072f4b461bc7460a5cbf8f5c463374be228239ee17e0b9c2427b2b74108360ae5168aa0afdd69d1b4a9e4a348f95

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
6b7511c8d56dfaccb6857b238abe7d02

SHA1
74a77dc101c197fad847f4d80cea73d9ed9062ef

SHA256
e47ffc300f5050655d002ed4e8c7b576209230eb8288dbaaeca38931fe43f6bb

SHA512
ef4cc1073900e95d564519af41a84e9f17676887ab0971637399824aa51e10382466d6804c9a867a59d8144c73179fc0008fc45e423daafef8a189db3653add8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Filesize
256KB

MD5
cc8fd0a0b93c9c8c4eb49623fe1b3a41

SHA1
1d5bfdad19b00e1837081ee1654bf29afabfcc8a

SHA256
496a93e0bb936c807685a1f69eb906a0b24605e6ef2811a38cd3914355d55f1c

SHA512
21bc26e0920145ba0e78ea8851f0623224966679e8af68fa375a2f2f2744c56f8bff685a808f38bbb2e0ea04622cd6b558ac487ce5ace93d37341e39d6768729

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
ec8997e0c9a1198dd46768e3303e7743

SHA1
ce4c570399cf5dc8b9e3ae0ddfb30e4b4237f20d

SHA256
d2b0df294c65fdb031d58bc3b1f95ff706b2a04037e0c1c78d3ca01a49dbeb5d

SHA512
61ab7738f68c4c70296ba44e03e2e395d169a55b961a8fd9783fa18c508cd18cc8873edbe326be9f6d222c53066199d87ea95317c4c9288334cbe2bba459a4e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
e7bd6aa742ea3f061ae2589f55862c81

SHA1
ded031962ce12dc4439bbbc3974ecab59da6c35e

SHA256
de91fbd6b698ff193dbdfb2dd52b08c38fe907ea74855a7064bb69f8365abe92

SHA512
a65afab879b629b4987a305ce1e52deee58295242027a6b1c460066a5ca34069919323ea19a6c930bee898f54d3f299d38526f07db2fd84cb48c7afe5624cad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
281B

MD5
7fb91b6dda6c83c8aa43ed17559f339c

SHA1
a231da77f7c64ba76b29afa715e3270cecc793ae

SHA256
8c4ba02ac81be277e442c61af4d4c39afd8a3b40d0f0cd60f0f2d009ee776984

SHA512
cda345a55035069431f84641306d0a14942b1f88ac40c0dd1ec828cb71ab2217eb5d1c5be79a0bec4965401a203e9d4c18abc67c7055b5be78fb957b06c62514

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault

Filesize
33B

MD5
42dc4508e1abb162cda5265c923e82b4

SHA1
bbbcd69d7f543f2fc8da0bd3b04d3e3204f10ae0

SHA256
3d215b69f8429642480d46ff7a8510ce61e3f33713e5cdc78c7c77a894ddd9ff

SHA512
ded67a9873595beb274e0f1f28b3d71f3e06fb9488e4956add05efe2f254bd183be8567d7ffef6ebae5d230755284133aaa527e7aec0f04ce707b8586c459410

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
89d827002169523c498df8748d1ba843

SHA1
da9fd2b86f39925cf4e65161653ce56729e89310

SHA256
e93b88a12b46455df03a5ced11bf091ac310af8efc570fd6dcf320e97d528dd0

SHA512
e1cbedec7fc089028e836246a544abe52226c1a833d14cc82287c5bc45db06f0e58fe3a9601771d5bd3099313b1774ff241c4f5cc42c8fa0835007bdccc9b09c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
92KB

MD5
b90cf1a5a3c72c72847629841bd1436c

SHA1
ba20945b425a6026feb6bb52e5470d3f5fbcc867

SHA256
e9b8ea92b52b3bb5ebf786c9d348c1b88cc33daf00e4acf1e479e66f163d3d70

SHA512
0121cbe71ac505d8fd4fffbb9efebdeffa39d7b0f92a41860d9ec3a352b7ea5794817d56295b483062955e8a353988c9c1bffa59e6eff374dbcab0f8a81d7937

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
115KB

MD5
53e5df4c8aa9c5b299bcd15541d628e6

SHA1
562e56c9ac9af3d16f997d3a17f79995e9318c3c

SHA256
c598bd8255840165216dd30adcf3b50f06f406398d1a9df6d7f86e1640d611b3

SHA512
6b38789dd131f4dd18d018ab74314000b5e7dc1b41fbc1ffb37fc9f915a57ece14623f974c9ad611911943a731e4d6eb015e49b0fa2f83a3f2ea29c4a953dea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
115KB

MD5
f663bf552a3113086342ae83179424dc

SHA1
e9a275e5357082f1e8fa432894ab251cf86a03a4

SHA256
5cce69e4a9bd0f5262a893df455e198a77f4bc2b65a3e3816c376e825dd7f880

SHA512
11680da8c69a86727c5c80112acc03d0704490a16565685f19d5bce8c88d01c85023a01cf9278d914a419655fac35a639b395191c0f0c6987196812ed793e1db

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
228KB

MD5
faee287b16e8691bbdc152dbf50777ca

SHA1
2df56c005d0828089249b5824c5c3c795241a1df

SHA256
f0a3f55cc93486a0fff6f809b24400a30ef2ac86fa25a2557cfa5486492589d7

SHA512
536aa1d3d98158c52c374fca92141bf2ed6617dc50d91fcb7cf59d4a4e4f3eb1aff89acc576fc100c9f6d75a273888b3551cfe6d759d538812bf310fc1d0ecb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
227KB

MD5
8e1ebcbba9f07a42069f6d981e32f5e5

SHA1
3ce49d37ecc9c4f9c9699db83c65b570a1ced489

SHA256
b6cfb85e80ceaa9348a5a6433f6c7652dea33986e95f4423531b2a9f9f2ed988

SHA512
e0eea960390f07f009de4c5124f4b27e2e2bae6ca7cc8189c9778eb1986042ab59d025eb790992585d300be698a51604b0c9346f5547391cbd05779b83b8640f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
8848148c3e0645e753749538f4915d99

SHA1
ed9c37458bdbe3105b6cbaa196c456b9c3577739

SHA256
48338225ba790856bccfc5cf86f4b85a9e235ae88dde1d3481404096b96caf54

SHA512
a7d3c18c444007f54797a6567aa6459d7901f23789726c4d3aa981b7fff166622d211b899b983d34017aa3325ebcd74173befc37032ec77a45e761115daeb49c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit