socelars | 69a72e21fee186b463e8482284f561e68939e0376d1670838b28f092388322d4

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

533fa0fc69c4a516d19c15cfb3490732.exe
Size

1.4MB
MD5

533fa0fc69c4a516d19c15cfb3490732
SHA1

795de8ad6c4363c6e21a5df0dc619e6173cd73b1
SHA256

69a72e21fee186b463e8482284f561e68939e0376d1670838b28f092388322d4
SHA512

9af2503285cca92524c9c00ec9e5547dcbd78087cf37e4af48e0e7f328aa3f619637c21b780fcd73a5055ae1a535cdbca04165686780b573c75badad22e7383c
SSDEEP

24576:yIA7opO13nWEjukQuzHVZ64lEq25RHxrFCKezViURT1jS7VQ+IB41Cf6:27op+Weu+zHj64ENRhCHJh1jS7y+IBOT

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	533fa0fc69c4a516d19c15cfb3490732.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3820	taskkill.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	533fa0fc69c4a516d19c15cfb3490732.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	533fa0fc69c4a516d19c15cfb3490732.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	533fa0fc69c4a516d19c15cfb3490732.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\151682F5218C0A511C28F4060A73B9CA78CE9A53	533fa0fc69c4a516d19c15cfb3490732.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\151682F5218C0A511C28F4060A73B9CA78CE9A53\Blob = 030000000100000014000000151682f5218c0a511c28f4060a73b9ca78ce9a531400000001000000140000007c4296aede4b483bfa92f89e8ccf6d8ba972379504000000010000001000000029f1c1b26d92e893b6e6852ab708cce10f00000001000000200000005aef843ffcf2ec7055f504a162f229f8391c370ff3a6163d2db3f3d604d622be19000000010000001000000070d4f0bec2078234214bd651643b02405c0000000100000004000000800100001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da62000000001000000640400003082046030820248a0030201020210079e492886376fd40848c23fc631e463300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f742058323076301006072a8648ce3d020106052b8104002203620004cd9bd59f80830aec094af3164a3e5ccf77acde67050d1d07b6dc16fb5a8b14dbe27160c4ba459511898eea06dff72a161ca4b9c5c532e003e01e8218388bd745d80a6a6ee60077fb02517d22d80a6e9a5b77dff0fa41ec39dc75ca68070c1feaa381e53081e2300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604147c4296aede4b483bfa92f89e8ccf6d8ba9723795301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b050003820201001b7f252b907a0876007718e1c32e8a364c417ebf174be330d75b0c7e9c96986f7bb068c02444cce2f2fcd1eadbd29f01f9174d0c9d55fda5ad6dd22f3f4b72c02eae73c7251657c23e15ade031d10a84846c6278423122461aed7a40bf9716814477ca6c7b5d215c07f2119121bfe12fc2ef6efd0520e4b4f779f32dbb372af0c6b1acac51f51fb35a1e66ce580718387f71a93c83bad7bc829e9a760f9eb029fdcbf38907481bfeab932e14210d5faf8eb754ab5d0ed45b4c71d092ea3da3369b7c1fe03b55b9d85353cc8366bb4adc810600188bf4b3d748b11341b9c4b69ecf2c778e42200b807e9fc5ab48dbbc6f048d6c4629020d708a1df11273b64624429e2a1718e3acc798c272cc6d2d766ddd2c2b2696a5cf21081be5da2fcbef9f7393aef8365f478f9728ceabe29826988bfdee28322229ed4c9509c420fa07e1862c44f68147c0e46232ed1dd83c488896c35e91b6af7b59a4eee3869cc78858ca282a66559b8580b91dd8402bc91c133ca9ebde99c21640f6f5a4ae2a256c52bac7044cb432bbfc385ca00c617b57ec774e50cfaf06a20f378ce10ed2d32f1abd9c713ecce1f8d1a8a3bd04f619c0f986aff50e1aaa956befca47714b631c4d96db55230a9d0f8175a0e640f56446036ecefa6a7d06eca4340674da53d8b9b8c6237da9f82a2da482a62e2d11cae6cd31587985e6721ca79fd34cd066d0a7bb	533fa0fc69c4a516d19c15cfb3490732.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
5112	chrome.exe
5112	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeAssignPrimaryTokenPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeLockMemoryPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeIncreaseQuotaPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeMachineAccountPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeTcbPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeSecurityPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeTakeOwnershipPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeLoadDriverPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeSystemProfilePrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeSystemtimePrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeProfSingleProcessPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeIncBasePriorityPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeCreatePagefilePrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeCreatePermanentPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeBackupPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeRestorePrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeShutdownPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeDebugPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeAuditPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeSystemEnvironmentPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeChangeNotifyPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeRemoteShutdownPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeUndockPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeSyncAgentPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeEnableDelegationPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeManageVolumePrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeImpersonatePrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeCreateGlobalPrivilege	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: 31	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: 32	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: 33	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: 34	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: 35	4832	533fa0fc69c4a516d19c15cfb3490732.exe
Token: SeDebugPrivilege	3820	taskkill.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 4284	4832	533fa0fc69c4a516d19c15cfb3490732.exe	92
PID 4832 wrote to memory of 4284	4832	533fa0fc69c4a516d19c15cfb3490732.exe	92
PID 4832 wrote to memory of 4284	4832	533fa0fc69c4a516d19c15cfb3490732.exe	92
PID 4284 wrote to memory of 3820	4284	cmd.exe	94
PID 4284 wrote to memory of 3820	4284	cmd.exe	94
PID 4284 wrote to memory of 3820	4284	cmd.exe	94
PID 4832 wrote to memory of 2320	4832	533fa0fc69c4a516d19c15cfb3490732.exe	97
PID 4832 wrote to memory of 2320	4832	533fa0fc69c4a516d19c15cfb3490732.exe	97
PID 4832 wrote to memory of 2320	4832	533fa0fc69c4a516d19c15cfb3490732.exe	97
PID 4832 wrote to memory of 4068	4832	533fa0fc69c4a516d19c15cfb3490732.exe	101
PID 4832 wrote to memory of 4068	4832	533fa0fc69c4a516d19c15cfb3490732.exe	101
PID 4068 wrote to memory of 4908	4068	chrome.exe	100
PID 4068 wrote to memory of 4908	4068	chrome.exe	100
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 4768	4068	chrome.exe	111
PID 4068 wrote to memory of 2052	4068	chrome.exe	110
PID 4068 wrote to memory of 2052	4068	chrome.exe	110
PID 4068 wrote to memory of 4216	4068	chrome.exe	109
PID 4068 wrote to memory of 4216	4068	chrome.exe	109
PID 4068 wrote to memory of 4216	4068	chrome.exe	109
PID 4068 wrote to memory of 4216	4068	chrome.exe	109
PID 4068 wrote to memory of 4216	4068	chrome.exe	109
PID 4068 wrote to memory of 4216	4068	chrome.exe	109
PID 4068 wrote to memory of 4216	4068	chrome.exe	109
PID 4068 wrote to memory of 4216	4068	chrome.exe	109
PID 4068 wrote to memory of 4216	4068	chrome.exe	109
PID 4068 wrote to memory of 4216	4068	chrome.exe	109
PID 4068 wrote to memory of 4216	4068	chrome.exe	109

C:\Users\Admin\AppData\Local\Temp\533fa0fc69c4a516d19c15cfb3490732.exe
"C:\Users\Admin\AppData\Local\Temp\533fa0fc69c4a516d19c15cfb3490732.exe"
1⤵
- Drops Chrome extension
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4832
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4284
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3820
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - Enumerates system info in registry
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3548 --field-trial-handle=1940,i,4622027012385297213,5543082416732555030,131072 /prefetch:1
    3⤵
    PID:4488
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3504 --field-trial-handle=1940,i,4622027012385297213,5543082416732555030,131072 /prefetch:1
    3⤵
    PID:3260
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4940 --field-trial-handle=1940,i,4622027012385297213,5543082416732555030,131072 /prefetch:1
    3⤵
    PID:2056
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1940,i,4622027012385297213,5543082416732555030,131072 /prefetch:1
    3⤵
    PID:4252
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1940,i,4622027012385297213,5543082416732555030,131072 /prefetch:1
    3⤵
    PID:4392
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2236 --field-trial-handle=1940,i,4622027012385297213,5543082416732555030,131072 /prefetch:8
    3⤵
    PID:4216
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,4622027012385297213,5543082416732555030,131072 /prefetch:8
    3⤵
    PID:2052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1940,i,4622027012385297213,5543082416732555030,131072 /prefetch:2
    3⤵
    PID:4768
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5488 --field-trial-handle=1940,i,4622027012385297213,5543082416732555030,131072 /prefetch:8
    3⤵
    PID:4596
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5500 --field-trial-handle=1940,i,4622027012385297213,5543082416732555030,131072 /prefetch:8
    3⤵
    PID:3148
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3208 --field-trial-handle=1940,i,4622027012385297213,5543082416732555030,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe4,0x110,0x7ff844a29758,0x7ff844a29768,0x7ff844a29778
1⤵
PID:4908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
15KB

MD5
b6757753a648a32a1780c0b50344e2ad

SHA1
8ff59d46048ee1f461f52f3cf911406102fbf991

SHA256
fa511edb6af731dfc12a69a27557b3cc01c9330c58364b90a08b019199846399

SHA512
b1057098d900d144ceae8ab1bf8b719a000efaf011796688aa51ce765a4f76320974aca13651451b16979bd5040ca8d2471a50c012033633d16b158c3a13c2d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
26KB

MD5
029c53effaed86331055c63d264c3316

SHA1
859bb39d27b462a73fc9131f694b69c8c118b3cf

SHA256
3c1453cb6fe4c7ae8945d96db6c19e3eb58702df65ee0244f8f2444b20e93068

SHA512
68d115d79428c906ca377091f30c207de92ee9450e22e94a35fd7753547cb582ae36434595f1c0e444bb19d5c6dcc214fe58a9987f690486800c8ad91c9642d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
0052525dfbcb0d10ea29e0e60e75e101

SHA1
930ceebaa2002592dadbf7f71edc6724da9954c2

SHA256
5dc9bf3b5c8a9c25a3e01e6bca19f7e3cb44e2928d26bc58faac9904eb1162de

SHA512
bdac56ac6441ddee0737e4aa46e86c6de16a53889a230b77c40bf1de0d54732e0a533f9b27b58c956ed880b4307e608a35eb40ef2a483f029a5198c5fc793ebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
425KB

MD5
3236c0949905cca7d02a5b9a34dd0f15

SHA1
68cb499267f750c2263b56383482fb3d0bd5ca95

SHA256
0af9979c7f7ac5b7e8d23462274d639d647e57aa67be8dce71fd83caa6e572ca

SHA512
983bab14032adaca37e3930ba478e8da9096bc2fd544d35b033ec39fd035eec5cbec854e7764b6754dadf172855a6f4352accafbac8498f63770dbcf0eddc4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
da720017583df8212fd69f8fcd7b6b6e

SHA1
0ea9e35cd6c6dd27a9601b0ec3a30cc8283dd738

SHA256
7ae143ff4808674a468026efd4944dc2007b3f6424ad789d88c0a3d31a625e1a

SHA512
4f526d979a5e772bc7cc8692fec922332ab8aa932573f93225dcb7908b55f42daeddf3f9d4b54ee47b042843d82483caee91a0273bdded58dc2a41b60b4ce0d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
976e779b9660a4543c0c0c4d153435e8

SHA1
3807d50f1204a305e4cb79946bc48bf40ba05366

SHA256
23d5b7f89996092a67216864318b0f34f9c361860e6715112dacd534a3d62b36

SHA512
c3411233cbc3d601e300f4f7d8e4d8bbf989d781dfa4ac2fc0378b0aa1c17e80af871bfe81790514b5041e6c937e82963a9ae6289f7fe1f4e8a9e0069efb8a6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d72febf0fdbde424b28bca648839be1a

SHA1
c8807f3f370cb03c21aec83ebd3dac11472043bd

SHA256
64cc63130cf878b51eaec3a72fcafa0a1478fd1e184494cfb53a139079551ee1

SHA512
2e945de7180ba5c8e985d3db10fa88daead6d2c6edfa53f59192bad83f7c008ca8f1078d99fd0d6a613c317830e9354c3d74e92c6545035e7c1ac8d6cb9bda1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
1.4MB

MD5
0d18786c30e0804fb114a2724e7669df

SHA1
24e70a56ca6c8d003f517dcca2ce12d77390aa3b

SHA256
df8bd4a453beb33247f5773a480f6a41e59a75527d08b43b0325590b87e5a38d

SHA512
3a291b75300031d04d794bfc0b4d6ae2fecd42bd200a618eac137a1a751b4dafa2a372e099f29e4519e169d448e5b38b581a9daa4a0aa575038edb98dec54905

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
58KB

MD5
60740148e57524f98393e097189ddf07

SHA1
be4a81614a4e04f7280e87a56b2a2435cc8f990d

SHA256
8e0b9e6ab21550d38b005e289caf6642894269ddd07077ee6009d9f35414d0e9

SHA512
f23cb2f170b8084ed3e99eb28295b96ee9a049450c35233bf236fb41d2dbfd8c30c3a9538f3ce80684e486c4f3400170a8b451175229177bff77e93f45508fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
40KB

MD5
929729aa7cff46b3dad2f748a57af24c

SHA1
81aa5db7dd63c79e23ccd23bf2520ab994295f2e

SHA256
3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f

SHA512
a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
6d874eb8f3c2b2a14dd4fb378cc597e1

SHA1
ecf45d5d64b69f6fb07b963dc6ab05a1c58f6fbd

SHA256
213b5a42810fa1449e3bc9e6aebd4a3c868d9ccb9ee40e9f59ac21b85c0b3654

SHA512
bcf5cfab88460514830fe99a8174a21702e220cd020b96ef65b5d7a0577c0e4b26f5c9b2de08d495e36d042278037ff0fc963da20242d6b22bb706f4bf735e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000005

Filesize
52KB

MD5
f0ffc2327ec360ed072bf4b6a2f94b64

SHA1
a22d2682f3a8d13591199ad886704398c5832af5

SHA256
19e2c309698d43e20c81fbfd45289a83b6015e209c5c478d87f2ff9ccab3b151

SHA512
8175116c0dddfffb7dab469eb377685c6f50e4443367b1c65b57ac0c93200859fbce861dda46d5b761c9de819e5fcdcecb39983281dc2d29c337cee1e32f9e96

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
f001eeebfefb2ebf4a51386b0f393f78

SHA1
e97c3ad98328b7c8237358e767708731e8f1801b

SHA256
f91416ed4520e63b259813c014a97122edb87f71a2994d8bb9ad4e9b30de2607

SHA512
16903eb10eca6aa087f83c664c9ca134c991c789ab2b895d14cf2c50069a4c925a9ef797da73dfecf1d99af7fab12eca2896d1ce06455eb3fc8b848d4cf54b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000b

Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
77472c1e8c28542b5d89a25acb59280c

SHA1
360c4e0934d328c3669817e9edb728d2f80f219b

SHA256
07153f92700a35a4bbd0e96fc59c91af4871eb004dab1ddcc97595275ed73504

SHA512
ec4e12c322c04e4f1e44bf9b08cc3a487a8b036146ff129993a9b77a87046a62c30fd62beb78d3f9426d82847edbd5ceb3d97fe64ec692e446d279c4c8608aa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
535da28fd86930b8b76166f6ae6910fa

SHA1
b82a80fb2f6ddab970b4a5f3edcd7c233323e7d7

SHA256
d81340a999a2f5437a4957a9d5e256ba1329f22acb0ffca45deffd863c346d70

SHA512
2c6979495e2afa80bba86d6c1e7b25d9b5dad274d6f5c1aa5c926b7d53615d84590c76a0efc9bdacdbf7435c606868d9ba6de07ff0b119e0fa7b3c5373634bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
e653f61334a91805bc215fa0a06dac63

SHA1
831d67842eb7d00fcaffedf53fb86aa469b6fe3b

SHA256
c05938f7642725678327a00a6580bc90e751fb4730477cfe9b000a2d54e330db

SHA512
b205543e60eb4245a32c6e6bff854efb377b1b1c60cb234665258f727114cfbf084130d8cc1a235b324fda5be245eda7ace19b6d04e9907d2fd80e34bc765446

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
a29f0289c0fb47314196695dd5e6bc3c

SHA1
36d4fd07632f711dd0622592fafb9b77742efb99

SHA256
28a636b40bb0ea9c5672c2627510c4f0ec70cfc52befbad083d605e86db8cc41

SHA512
9d252ce9bfdb35646e7f6a2b56a5d62f1a4ec69640d83d23cd7d3f78b1f64840ab8e56c198aadb14467b5a3ef6ffdf046f8a82529d35f5141410c12cda51ce26

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
a18bd98a2e94c7a206622106214916f4

SHA1
6674ab4fe4cd9a239c4b725aad8b37813a174c1d

SHA256
ad03d51fb8449de8e21532e08b59f48ac2eb8690ec37a1f716e4d945a8478ecd

SHA512
3c809a3c8c3fae1c6070632ad1d4405e95a671bca46b133cfdcd6de1bfc836590d8935eda858d3727947a48baa6740b53b369b4ebd59fa3d9c87650aaeb2c859

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\computed_hashes.json

Filesize
3KB

MD5
02c8ed2627b526edc7d74eda75b9a924

SHA1
2984ed94ccacb55d86da2e38dbc3b6b7b3ae9a25

SHA256
c4d3d374611fdb6e970a2019cde28482f8b92230941cbca6ebf7699815c152a6

SHA512
16197b17c6e244c11d1804abc5a739eca5ec05858c9784f919acd634d72b8da2d4ba12b2e68f04145c5fb6d39bdfc187b9a5bc49c60a11435163445a04ba3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\verified_contents.json

Filesize
18KB

MD5
2f0dde11ea5a53f11a1d604363dca243

SHA1
8eef7eb2f4aa207c06bcdd315342160ebacf64e8

SHA256
5a2940c7c5adba1de5e245dbff296d8abc78b078db04988815570ce53e553b1d

SHA512
f20305a42c93bcde345ba623fef8777815c8289fe49b3ec5e0f6cf97ee0d5b824687674d05827d6c846ee899da0d742407670db22ff0d70ebee5a481ab4a0ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
a4918eebfdac07f665ad47603e523fd4

SHA1
f20a6ef984c248c436b6fbb9d13ba07329783029

SHA256
e6e62308ec4aba3f45942e3a16ebb0eefa2bccbc7c0d284acd4dd2193aca1002

SHA512
1e9559766dadd3e99ac5936881c7ab0433d3f882ea01f8f13134d1056b90fb847d29538bcc1e4e0269b7fcb43dc02d6925ad4e4aadf8ae299ad6ec7c36f1923d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
ebd33a2576063e013c47b375451c6f4f

SHA1
b8d986b5bf1dfb851c75be947ea6206e09549b1d

SHA256
d159aa4862a2f9166ecdaf20e5574ea7b5b12b3474d007bdb58d8b78e33b75e8

SHA512
80d66922c5616c64f999fd16004c6e33aca2f7f4405f11dc4fa5b9cf885d1b39f3e40eb868836d7bea6a5c501f2f839dc93d3d5efa1dcfa34dabce449d978f8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
733acd8eadd89dec5772c77be96b8ccc

SHA1
2896105f55f770d414dd2daffd67e6b36e2c6e68

SHA256
e2e91684b56cd4716c02c71dcfe79d9f175454db9e40cc0bbf6aae594c026581

SHA512
c70f1f415a8d21087bd713dc717e483f86a1fec38b452c55ff4de9656fa44cc053a2da7cac05c93420771303cdab6583b1310808ae9721810ebdef828dc2dfe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
371B

MD5
9673787bf81087b06bfafe0785fd31bd

SHA1
0ce3d911a048b867a67912ca8adde656e27bb2b6

SHA256
e64c885676853f7bffc2ef64b63bc14129e0bf1bbb6e63ec6fb1eb48eeaa197b

SHA512
b6a7ddb4e455bdfd2cacf32b3f27d8fa8b6c5934bb4dc4d31d160aebcf81eed7904dab8c1c21ad8c3270e8adc3de1eee451b65c783c687ce4806733c8aad6d19

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
16b6106241216f4d723c316bcd3c07be

SHA1
e36483ae0584ff93fb20b7b898d40dd42feccf87

SHA256
e2014a7a6ff147ed1d97f16dd8e2bb92eb7bb9e14d4d30957308cbf6e83f0c72

SHA512
4496993c78283f8b0ffad451c4610935668d13c46dc1b6fc78c77395c24f427ca7a7a4bb9c1ec404c17fbaec094a293705d6172f4c437853e6da0cc53ca60541

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
2bf3a0dd4d83bfd26f1ba55d350c8810

SHA1
a8fd1776a95262f427f206342263ea5328784c23

SHA256
a619bfd0efee9a7e4e4afd11b2b487df7031de0c176b805e3461f1900b834dd0

SHA512
3a46f1df18e418ee54be5168be5289637d1d46ed6d14f04092dc1f52dd912a2118bc2975cc7b59710b2e6d9d7cc1953c9d26cd456e29522bb2dcaff31d06833c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
594e2a49aac0665166d26cfe9f08ef1a

SHA1
c9fec16ba4d2e15ac62015ff82f80dd7e5e4efc9

SHA256
5ecbb694e78678cc64c5e222857ee2ce81402346bfe21bd278a3a75594d44d5a

SHA512
7a8cad2a10e60c5159bbd1181256b03bcd531cf03449c26607ef986582edda82f4c2b1dc3f37a7b0976966b0a3984b931a2dfc94eb4ee290ee3f9ebef52af4b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
abec0d12b885271ec55c39ae22d01df2

SHA1
60e5ef5443f628ffe2cdd6de94ae4bece983ec89

SHA256
992d9a7b555c21baeed99f186b15eee53b7da214de38ebba560a7aae45ef8124

SHA512
cb77fa90095d96a956c7c98ecccc587283892d3bbd8e9317aa39e22477c405f741824ee0f01e086f0389d33b6e1f992ba7a7995370378634704f4282ee8aa853

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
a26b77eb5ce720727e00d7f713541143

SHA1
a2f2ce7cf7a1841ca1083b9d7cea9804ed5dbb0b

SHA256
8eed0559fd0196773fe03881a1ab3488f92b0e8cc70cf2e6e5f2c789aff442e2

SHA512
4e35ca587c2fbed68335dc89fd37a21afc3766769c9dc98546251a7952db4630d6238d2076d2f90acebe3016a0fea86200ab4c4310325a9b1e8b2944988a49c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
15KB

MD5
8e6044c561e9832afb42687d0c4404f5

SHA1
543bbf8e89b839f3cb7f30183d6ea4a4d531370d

SHA256
28676f8b79e1d2b86dc768ef0e77f48539319f0e940ecc7a8cfced043854e9e3

SHA512
9a8671dc8238741766e6a7c0b182a5141ce87830b9f3e70b954d7649f82b8376bb67bf543fcef91377e18534942844eef06c72e325535a53e09d040e78f847b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
2a48a2464edad37778fababb3dc93b16

SHA1
591ffb363fc9194f51c55f82492b294be54e1811

SHA256
84459333cd0b77bc5ba2e3a85d783d1c514201a1ba142ff61c6c3438b46cbfd3

SHA512
79a557097c347543e2b9546acd86bacac99a90e43d2d115a9305c8a0ff10a438bf064f11d6728c0e8b2b179d52e23503f5e64548f8b89290f83250edb181d775

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
307B

MD5
73a53cc502bb72c375b22b28b38cfafc

SHA1
6db6a23d70ce9b2a27688dc08634c0a2dc220426

SHA256
38e6beb2b55a33aefd597a8ee227c51d7863559664a184765a09ad015d8071ff

SHA512
dcbb04132f074b8f0ab77cd92ccb8757449cc5ef0503fd25e5e227e8d9e3fe03a7af698d986806931affe3febd4861f9db0027d80339ec31fc2d49c9ffd11539

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
def058a314fa36d27843b140e34f2ec6

SHA1
063302951a381495d0412c8d901071fb982da118

SHA256
8db8ead272487072b8cef7a9f6d7c3cc093ecbec66868ae5522a53c588d44a95

SHA512
e5dd7983cefb29f7d9304f8fce0403d479a59d3c9dd8e1d7c922b8cc20471fbefb999674144f2fea5186ed89006ddc553e7db1a50a54b9ebe57a8acb68307d7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Filesize
256KB

MD5
cb9d9ac445525fdf076233561a9db38d

SHA1
470059349e6ed0aa9106f173fc48584edb5461b1

SHA256
8493854ef94891652253663e90460877424ad7b19a10db7d784a6735a8dad072

SHA512
50b59eed74ad771111c523f908a86f96e2ba2a57c77710a9be642faa752656019c56ff5cdd7efa34fa9dde1db1688c18313c1bdb4d192739abb76ff6897d57ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
b44ea23ba249d0e1b658ec841d30fc1f

SHA1
156e952d24a89bbe93368865e7e050319db1239b

SHA256
6242e92909207d6fb71f71849a91798d70738f9bd64b0bcbdb9210eeddaeae3a

SHA512
4b0880f647f81bb28ceb798c70c0082dcae72c35ea939abe02297899811faae083401c2d1a69c0201c5af57ba8184bba552d3afa4dc4a7a49fc187b9385ef7c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
829dec784af62a5a69475fbd847ffecd

SHA1
826606489f960819daf23a4348218631862c444b

SHA256
c17b62f80d8c42cf3fe736d9d8ec1733bed0a65d27820979d407b36ff4c0ab41

SHA512
aff3071c8f3a209533b77f095280dc2d7bdebc780b8794a8e45a7a52177b95206ee1b77ed1fbf9f42c1d3217ddc1ee4102a3bb24ff740022bcf08a170d086dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
281B

MD5
143c5907be3561abb4429e99dc89b89a

SHA1
ca5c8441b232713e89f54d0391456271db90239a

SHA256
e442f80fa1a411d2e7f0bb8edbcb4969e51ff535e8455d294de0842baf53ba48

SHA512
4772860448dd38c693d1b65a8c9f5a10a9bbad222e3b51b80e5382080470c13af50d864986d80ac85e7ca76fe2091efea961ff4e55defacab7be5cc1487c2cb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Top Sites

Filesize
20KB

MD5
f827a28f6100a85bd8217d338ccca5a4

SHA1
2a180393edd7109c3ab03db4e6edf07ddd9672eb

SHA256
82ee998a4908774d5f55d1d65c897abb5c36458bafada8dc945a09c6b9f21429

SHA512
77fc5289c9d5f954e789f2c0b908a39e8e988201b0ff89efc1002d2d5d7808a8e60e9332be4b9838490d48e4a4385d8cd9b3b18c8716ceb9d6f2117cb2e53d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault

Filesize
33B

MD5
0eb688ed3c33185c5db541d2865d1357

SHA1
ffd05eead2cdce576b7f372675edde51f4976497

SHA256
1a8e49a32c7e32e616d9c7a9731b06148fb187bb5e4d99c6fed4c4fb38e4e4f2

SHA512
c18410a5c34f892919b057ab608ea46625e8701e9650e3861e41f56fbe8f4a34bdecb06b7ae875da706e00d3d07a52ea344ed6278ae099d3a8dcc5594d939373

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
101KB

MD5
4a7b945b83e04933f59f99c006ea798d

SHA1
ffeef669615fe073d4a01dd692785e313b4d6d21

SHA256
00d8591df5d78b9198e58c75a8f65a479bfb1321c8069d1a925b020a866a4c25

SHA512
a6462b5d79f8f4c43ea98da3e5b98b44cc6a4fc62ada3ad233261e3fcd0b33ac31809fe91d5fbb7151f1a857be83d81c54de0c42a76d8b56c6cf3512190cfec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
92KB

MD5
02687bdd724237480b7a9065aa27a3ce

SHA1
585f0b1772fdab19ff1c669ff71cb33ed4e5589c

SHA256
9a535a05e405b789e9fdaf7eaf38e8673e4d0a8bd83768e72992282a69327d89

SHA512
f8ce4f6ad7211cbd17ba0cb574ac8f292727709479e059f4429a818d3b74dbe75d6e6f8cb5576b6bc7e3c1bd0b471127f0ddb38e816fad8aa44a77c15de7e6df

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
115KB

MD5
ade0bfd62f85f6bf2cf2011929917391

SHA1
7cdb8308de2c5313a51278794c351352afd51233

SHA256
dd83aed655ee3f293eba491f21be58893967973f48b3553d3c2866e3507d2890

SHA512
19469d3ec003fbbff3d91396eb27249c393e0ff45e79a104d576d533815f928f7c89b43872c17c16c889b19614771057d822921d35289c3f290b69c07e19921e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
115KB

MD5
4fe9c59dd9e3f8d6e386571d07884d47

SHA1
feb0d31642ccbe17a9345b7ee3e1661bdec52cc1

SHA256
78b04c344b016cc7da2231276a0d7a5df03abdb2fec25f48d0612d87a3f5e349

SHA512
c8252d75ac4d2f1b63d25837ccc5fc8d6f26f9be4078ba7a3aa6defb1f82d452cbdf87df2bc53129ae2af289ccc3a9177593f1c59b45211e910b4bbbe1aa09b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
229KB

MD5
b7a34c0ccf8f678b217265ae12c1535c

SHA1
cc3fdd7b464ce156f061a145c09943bbdad7e72c

SHA256
2f76480454980da62b9a0a5e5ce660a2249619efd2ae10c1d155940ec9d7eed3

SHA512
9e4914245e36577f24c4a3baf992c0180380c8a8b44c233a11cb5b3cb974cbfc86e1986e1ff68194895f4e71d1bc4a41ab641cdd4b7e9388bc0f92d55fbb5778

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
227KB

MD5
9c040a7d11088e241aae7825e2d77997

SHA1
d21219d2aefa4193c6172f0a528c526fad31dcf6

SHA256
fdee187eb5f74fe142a93cfd2c6442e082e88e3145be81ad6671006b2c643ca0

SHA512
594ac0ba79f85cdb84d98fa00a191333335a19c33acc7060ac5da3d6fbfbb37eb72af121f27a8995273a57f7e062a51da71a3b77322ce18830ac440714b34470

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
82baf7e8459c09018e2445bc08f459cd

SHA1
a6ffd27186501c3d529777c29969af48360f3f29

SHA256
928ef9616ffaf14d3abd2dd0df9c6d9b4d2913d14f37f628c3d89e8ba993c475

SHA512
76c694ff090e8d10fc268f63209e9b25e825e75492a6949d9db89f5060f3c1f47c0332b326022bafea8d223d90af8578143682a1a387b9ed522f0f8918a79893

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit