socelars | b1d992ba280619d4f092c9acc790d996282f5d358ce30361ad60d10744fa3751

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2024 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7db9f5cba6ec01f82b98790b80cd36bb.exe
Size

1.4MB
MD5

7db9f5cba6ec01f82b98790b80cd36bb
SHA1

66bb70a3a0ac7884f267dd55541e757e1ac8bb82
SHA256

b1d992ba280619d4f092c9acc790d996282f5d358ce30361ad60d10744fa3751
SHA512

f9fb149f389bd9ec221624547bd4478f5aac7871109ddf55eb5d75126728d337ea362234e89c7cf2fff186dc2ff292415705ac0fa7c3f01cf4a1ca6659cbca10
SSDEEP

24576:VjmZxpT2xecnFAaeHrTM+zNyReyAN4/FDsSl3qJbZ9GgtS/Zj8oXsc9PC6Nz:wZxp1cFA3rY+hykedwYqJygtS/R8oX31

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	7db9f5cba6ec01f82b98790b80cd36bb.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
34	iplogger.org
35	iplogger.org

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3772	taskkill.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	7db9f5cba6ec01f82b98790b80cd36bb.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	7db9f5cba6ec01f82b98790b80cd36bb.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	7db9f5cba6ec01f82b98790b80cd36bb.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\151682F5218C0A511C28F4060A73B9CA78CE9A53	7db9f5cba6ec01f82b98790b80cd36bb.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\151682F5218C0A511C28F4060A73B9CA78CE9A53\Blob = 030000000100000014000000151682f5218c0a511c28f4060a73b9ca78ce9a531400000001000000140000007c4296aede4b483bfa92f89e8ccf6d8ba972379504000000010000001000000029f1c1b26d92e893b6e6852ab708cce10f00000001000000200000005aef843ffcf2ec7055f504a162f229f8391c370ff3a6163d2db3f3d604d622be19000000010000001000000070d4f0bec2078234214bd651643b02405c0000000100000004000000800100001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da62000000001000000640400003082046030820248a0030201020210079e492886376fd40848c23fc631e463300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3230303930343030303030305a170d3235303931353136303030305a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f742058323076301006072a8648ce3d020106052b8104002203620004cd9bd59f80830aec094af3164a3e5ccf77acde67050d1d07b6dc16fb5a8b14dbe27160c4ba459511898eea06dff72a161ca4b9c5c532e003e01e8218388bd745d80a6a6ee60077fb02517d22d80a6e9a5b77dff0fa41ec39dc75ca68070c1feaa381e53081e2300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604147c4296aede4b483bfa92f89e8ccf6d8ba9723795301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f30220603551d20041b30193008060667810c010201300d060b2b0601040182df13010101300d06092a864886f70d01010b050003820201001b7f252b907a0876007718e1c32e8a364c417ebf174be330d75b0c7e9c96986f7bb068c02444cce2f2fcd1eadbd29f01f9174d0c9d55fda5ad6dd22f3f4b72c02eae73c7251657c23e15ade031d10a84846c6278423122461aed7a40bf9716814477ca6c7b5d215c07f2119121bfe12fc2ef6efd0520e4b4f779f32dbb372af0c6b1acac51f51fb35a1e66ce580718387f71a93c83bad7bc829e9a760f9eb029fdcbf38907481bfeab932e14210d5faf8eb754ab5d0ed45b4c71d092ea3da3369b7c1fe03b55b9d85353cc8366bb4adc810600188bf4b3d748b11341b9c4b69ecf2c778e42200b807e9fc5ab48dbbc6f048d6c4629020d708a1df11273b64624429e2a1718e3acc798c272cc6d2d766ddd2c2b2696a5cf21081be5da2fcbef9f7393aef8365f478f9728ceabe29826988bfdee28322229ed4c9509c420fa07e1862c44f68147c0e46232ed1dd83c488896c35e91b6af7b59a4eee3869cc78858ca282a66559b8580b91dd8402bc91c133ca9ebde99c21640f6f5a4ae2a256c52bac7044cb432bbfc385ca00c617b57ec774e50cfaf06a20f378ce10ed2d32f1abd9c713ecce1f8d1a8a3bd04f619c0f986aff50e1aaa956befca47714b631c4d96db55230a9d0f8175a0e640f56446036ecefa6a7d06eca4340674da53d8b9b8c6237da9f82a2da482a62e2d11cae6cd31587985e6721ca79fd34cd066d0a7bb	7db9f5cba6ec01f82b98790b80cd36bb.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeAssignPrimaryTokenPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeLockMemoryPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeIncreaseQuotaPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeMachineAccountPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeTcbPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeSecurityPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeTakeOwnershipPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeLoadDriverPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeSystemProfilePrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeSystemtimePrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeProfSingleProcessPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeIncBasePriorityPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeCreatePagefilePrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeCreatePermanentPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeBackupPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeRestorePrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeShutdownPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeDebugPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeAuditPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeSystemEnvironmentPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeChangeNotifyPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeRemoteShutdownPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeUndockPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeSyncAgentPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeEnableDelegationPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeManageVolumePrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeImpersonatePrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeCreateGlobalPrivilege	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: 31	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: 32	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: 33	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: 34	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: 35	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe
Token: SeDebugPrivilege	3772	taskkill.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 1388	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe	87
PID 4528 wrote to memory of 1388	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe	87
PID 4528 wrote to memory of 1388	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe	87
PID 1388 wrote to memory of 3772	1388	cmd.exe	89
PID 1388 wrote to memory of 3772	1388	cmd.exe	89
PID 1388 wrote to memory of 3772	1388	cmd.exe	89
PID 4528 wrote to memory of 4400	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe	93
PID 4528 wrote to memory of 4400	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe	93
PID 4528 wrote to memory of 4400	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe	93
PID 4528 wrote to memory of 4868	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe	95
PID 4528 wrote to memory of 4868	4528	7db9f5cba6ec01f82b98790b80cd36bb.exe	95
PID 4868 wrote to memory of 3616	4868	chrome.exe	96
PID 4868 wrote to memory of 3616	4868	chrome.exe	96
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 1076	4868	chrome.exe	97
PID 4868 wrote to memory of 4852	4868	chrome.exe	104
PID 4868 wrote to memory of 4852	4868	chrome.exe	104
PID 4868 wrote to memory of 3076	4868	chrome.exe	98
PID 4868 wrote to memory of 3076	4868	chrome.exe	98
PID 4868 wrote to memory of 3076	4868	chrome.exe	98
PID 4868 wrote to memory of 3076	4868	chrome.exe	98
PID 4868 wrote to memory of 3076	4868	chrome.exe	98
PID 4868 wrote to memory of 3076	4868	chrome.exe	98
PID 4868 wrote to memory of 3076	4868	chrome.exe	98
PID 4868 wrote to memory of 3076	4868	chrome.exe	98
PID 4868 wrote to memory of 3076	4868	chrome.exe	98
PID 4868 wrote to memory of 3076	4868	chrome.exe	98
PID 4868 wrote to memory of 3076	4868	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\7db9f5cba6ec01f82b98790b80cd36bb.exe
"C:\Users\Admin\AppData\Local\Temp\7db9f5cba6ec01f82b98790b80cd36bb.exe"
1⤵
- Drops Chrome extension
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1388
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3772
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - Enumerates system info in registry
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd466b9758,0x7ffd466b9768,0x7ffd466b9778
    3⤵
    PID:3616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1880,i,7096864147387043936,14886805083550204190,131072 /prefetch:2
    3⤵
    PID:1076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2256 --field-trial-handle=1880,i,7096864147387043936,14886805083550204190,131072 /prefetch:8
    3⤵
    PID:3076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3464 --field-trial-handle=1880,i,7096864147387043936,14886805083550204190,131072 /prefetch:1
    3⤵
    PID:4192
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3456 --field-trial-handle=1880,i,7096864147387043936,14886805083550204190,131072 /prefetch:1
    3⤵
    PID:1844
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1880,i,7096864147387043936,14886805083550204190,131072 /prefetch:1
    3⤵
    PID:4832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1880,i,7096864147387043936,14886805083550204190,131072 /prefetch:1
    3⤵
    PID:4796
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2176 --field-trial-handle=1880,i,7096864147387043936,14886805083550204190,131072 /prefetch:8
    3⤵
    PID:4852
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4916 --field-trial-handle=1880,i,7096864147387043936,14886805083550204190,131072 /prefetch:1
    3⤵
    PID:4712
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1880,i,7096864147387043936,14886805083550204190,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js

Filesize
15KB

MD5
190e0bf24f91d02b9a19c7e1dffe56cd

SHA1
328883487655408607403516959e30cad52e2d23

SHA256
6c6254972c33e1dc56bd0f408b27614c1b3275d207ec07e6d953f60de85c029a

SHA512
90ad0cc18e70d2eacae3bce546c52362ad6cfa5f3f1677ca8698ac11103615917aa9713b936c51765680cc2eb55068f6b1b5e25f7d724ce00700c03efad98544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js

Filesize
14KB

MD5
dd274022b4205b0da19d427b9ac176bf

SHA1
91ee7c40b55a1525438c2b1abe166d3cb862e5cb

SHA256
41e129bb90c2ac61da7dac92a908559448c6448ba698a450b6e7add9493739c6

SHA512
8ee074da689a7d90eca3c8242f7d16b0390b8c9b133d7bbdef77f8bf7f9a912e2d60b4a16f1c934f1bd38b380d6536c23b3a2f9939e31a8ef9f9c539573387b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json

Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
289e19b223607adf79470203e9b228bb

SHA1
33f4d93cb3c34d82441a5f4344641c40f7ae6619

SHA256
1a20e94d8bf391fb36b0f1ae2d67fd83bb8e8a5a5b111421bdab42f64f62ee01

SHA512
81fe15ecec48196a15eb9ef2e0de7efbdc2b1a06448e7fbad7e7dfc3c34bac8b3c0ba23847669056d64f665d5b431f4b6f4829a7295c8b00c429cb0595105277

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
7957c66bdba98a350cd77b04b045590a

SHA1
3b6bfb96b57abe1f6fa83bfe75a211cb7ec2f1bd

SHA256
c00f162d6e8de9236ba690d4fb66e0582397bf9d86764460eb96a1164f2d19a4

SHA512
9a7920ab954e5ab5b02679dce5874cac51702f4322c5c2e132119d7315f32b069d5d483bcb28d8a5757713aa2ff0d8eb664bc9461a11cced037ab1a8cf6e757f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8534c9a8bf2e38f14b5fa684688d56f4

SHA1
6fb9004c15f26f56349f7fd6c298011a7dbd62e1

SHA256
6a436ed4af5e78ec13fb72334447ed09ac025b3c73869a50c48f8fdee3be3ae3

SHA512
26e768ed1a40c64648083fc29b8fe984fd164d35a498521ee05898746a7a9a81c40665af52e998b6800f816e377871ac04f998c590b6b0b3472dfde41f20cbbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
80f472ca2492d17b44231bf6bc4f2c87

SHA1
ed3f21ab25598b267ea3cdc3e89d237d0eff2814

SHA256
3947bc5c910a8a243bbd113a4cb02a6b0a2c55ca861effd99471898f95da862a

SHA512
0fe966d95b2f48ea04ce136f13b3d3f6dfffc1c3d20ef1bd3117f292ff7309d06519797aeb9eb229b612e484b53b46c28cc20b1b4aeb899b534cbee054dcedc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
eac38efa3ea985294bd93398173e4a46

SHA1
71e4f7c4322116c902e49dfa9fdec33d011d1a29

SHA256
199cd2f655e76138a296f8485182644ac1fc07621884d6044dd731ed77a759cb

SHA512
e09a9a34cb1e127e5f794c83eddf2b83ffdfddaf20f0b8f0b81af95c38d87f8ac0696a4f80d80e6112e1a261899e9f24715147c4804b605eb264e680a9bc1af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
58KB

MD5
60740148e57524f98393e097189ddf07

SHA1
be4a81614a4e04f7280e87a56b2a2435cc8f990d

SHA256
8e0b9e6ab21550d38b005e289caf6642894269ddd07077ee6009d9f35414d0e9

SHA512
f23cb2f170b8084ed3e99eb28295b96ee9a049450c35233bf236fb41d2dbfd8c30c3a9538f3ce80684e486c4f3400170a8b451175229177bff77e93f45508fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
40KB

MD5
929729aa7cff46b3dad2f748a57af24c

SHA1
81aa5db7dd63c79e23ccd23bf2520ab994295f2e

SHA256
3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f

SHA512
a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
52KB

MD5
911869eec16da7431ff123679797408e

SHA1
e9dad444a0be1ade96cc8f36176bb0ab0cac74d2

SHA256
5f61ea018aea96441b67be3f6389243387d054547a195126190750d0500a6a99

SHA512
abd1d202c98c85397f4ccb6de6f6d57d7ff86297eb8776e5cc625ce707e291f4d650fcf9aab276c720e8daa956c7c52797bb90b4be669d0d6b014564fde99b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000005

Filesize
36KB

MD5
9a00e0d5c6ad2dd458579db38961f2e5

SHA1
4945470a0bd0f7e17ef63823cd234bb7eb6e3a41

SHA256
893d6ff2194ce780ee8184ec4a68e124fe1e4a51e40597cffdecf5912fd920e1

SHA512
6a4207b1824963f45417951adbb82c2ce307cbad004859140d847713050e05fb11dcc88c9193c813c1f29381e1dad5dae40f0f145be34d1710b2a248353f0486

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000f

Filesize
49KB

MD5
55abcc758ea44e30cc6bf29a8e961169

SHA1
3b3717aeebb58d07f553c1813635eadb11fda264

SHA256
dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6

SHA512
12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
128KB

MD5
cd51f413d0dddf2806a75be361fed5f9

SHA1
b6789321404c853f9bbaeda8a053a11d310de383

SHA256
467f40528d45dfa1fcb401197cc759ade3cd9f05f0527e2667c8bfc57579b3cb

SHA512
037316f02e1298a1e27f0b3c6ec5be5246f5ee67ecbaf7ff1b403a800a93ab1f6c2e032a6987435a778be16cbb391ed19735aa0b3439d4cc2f0b782d746c0c25

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
095f87993adc159dc94dd2379862cdf3

SHA1
534b1f31135f99ee3b67ea146961525b22ff43de

SHA256
a33fe208bfa44576ed5d8e2d09d802488f3baa8416cb22f980e2e637f50e0ec2

SHA512
2cc3e10f8cebbc2b5fd35587f3c9bd1157832105e105f315155b78c16c8004a9cd306532b9e267a7c93e3862ba8ba20affd58272c1b3e48d11b23ac573e8a178

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe57be5e.TMP

Filesize
48B

MD5
46f0661015bfbc5b7a21c00b9190e716

SHA1
0845be0795fcccd8c056a6e7c7b0caabf2515362

SHA256
de498f1ab3a109325098519f32bfb4d59ed0990c4f6a331f5503bd201b510e74

SHA512
fc071872eeb3e13838d97767d0175d13fc584bc52be8dc6d43fdec8a52d3e3ec6e960fa16d0ca789a12a4fef5a8e3ffdf9d396fa1bf3cde07aee447cb58578f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
3116bf2dd2b29596f90cb89d271e181d

SHA1
8a59e23b774251c482fa3cd18583fecb7da9cf8b

SHA256
7d514a56fdd2173eab7126b678e6a8a7b89ef9681e224a255e31664bacc5a994

SHA512
4902b417f44df3abdc66f6a3626e8e17ed44ca1f2df7126ab05b004c9186bbc0c7dde4afa8c59127fbf43188c6d5d3416bb02a6f96595188e62f0ae7218ecac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\computed_hashes.json

Filesize
3KB

MD5
02c8ed2627b526edc7d74eda75b9a924

SHA1
2984ed94ccacb55d86da2e38dbc3b6b7b3ae9a25

SHA256
c4d3d374611fdb6e970a2019cde28482f8b92230941cbca6ebf7699815c152a6

SHA512
16197b17c6e244c11d1804abc5a739eca5ec05858c9784f919acd634d72b8da2d4ba12b2e68f04145c5fb6d39bdfc187b9a5bc49c60a11435163445a04ba3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\verified_contents.json

Filesize
18KB

MD5
2f0dde11ea5a53f11a1d604363dca243

SHA1
8eef7eb2f4aa207c06bcdd315342160ebacf64e8

SHA256
5a2940c7c5adba1de5e245dbff296d8abc78b078db04988815570ce53e553b1d

SHA512
f20305a42c93bcde345ba623fef8777815c8289fe49b3ec5e0f6cf97ee0d5b824687674d05827d6c846ee899da0d742407670db22ff0d70ebee5a481ab4a0ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
ca80f612b8732ab264252e1789e8f224

SHA1
5c0d1acbb5dca5f3b41a1429ab972b5bf06ff0e8

SHA256
114bfe188639fef5604009ec00e2f218a4514dd5db156f470c34024619b3fc54

SHA512
61859213ca827cc67a80d74eb16d6a9b7e28a21f0e02954d7a8d12f8941f128aa0d66e84da2b8d13b31c8a55239b4e33d5f5152b2d90816c5079dcd034b797b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
5d685ae684bd5f113374bfa716d3d8da

SHA1
99b27f37c3d3f87384b8a9ef58ff69b3de8d3d08

SHA256
70bfcd4e2b88a2f09e4518b7eda5ab5a99b099d290a6e8131e1cccb83f84b2a7

SHA512
355de2a42c77d35e435260e9ba6c4caff39a51a8c5c1bc4ca6e0d2416f1c6d3b281e950135d364f1ef8159f7f38b2a045e3b7702a6f89df313ed17fcd86faa5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
4589622d00d6eb2b864c907dafac74c4

SHA1
f7b46f0cacf0649d9f7c23b35860e570051eca9c

SHA256
cb3d1b4b679e588ec4defdc57461553a0d4b6bdd93d0698d31decc1ca3d66cdc

SHA512
88392b785d6220b7bd5482e207e804d32191b2e886462c46531baec0a5a0c1e5c86b5666dc45abb82c9289fcc1399c4bcd4e3b05892674b101b6423836b98a95

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
6178b5602547f814de65cabb087c275e

SHA1
daface554e2d59e4051061ed95a5f4d4631c23e4

SHA256
fc956dcb042b50c4d8ffd66bf49d5e6e45067a6b1618b59cf48b238aeb4524e2

SHA512
474466d763a86f8a334dc564d5ab671701ae5f4e379240009096c988efe11aed34e45c7f1d5f2380c5f202b42b2b921022024dc87d578511e9207f66eb2d4d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
b3b529b5fc8915a2b753fa73cc7180ba

SHA1
b96f35b53d9e9c3cefbcfaf63749507ed5dc5331

SHA256
508467972f43b4d5858368141e0ba5901cbbd3fc4126791ef9e47ceb2e3b85b1

SHA512
aafa43031e39aaab606533642ede30ddccc1e0b9b87427baffe4f85dbcf35843eb13ce2c2da58c919de2aa006c649f9aec87c059ef5da3f4c3326a81661a5fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
e2bd7e64d2db5a521ec2de02f7fe2845

SHA1
15c2cde6838c0ef5d135bda0ca5c1bc0ffe08d3c

SHA256
af787f6efbd2d2ac01d1c3d23eafaa85940c1d68d62eabfdc65133e7c4ba426c

SHA512
221158edd95e9e098e9a30c058491defcbe8ca5524dbff7355c97ab6e9aea3a26cc7b8593115d38fb66fae7328870eb4df6fd2e5d9c4393d98e48bc0ceb2a6a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
371B

MD5
618899fa66b42e56730e698abcd486bf

SHA1
3b3d7aae2b071a9481195f436496d2d9e041c20f

SHA256
6551fc13574805bb82236e9cbdac636a89b4837c44ca337c32bacc3aea117ba5

SHA512
2516827590087f7777fc4428b29e5fd0cde1c573bcb035551a4c8a92e2c7b8930d9476c2ad4816cf792b7a0dc57bfd06174297a6615517bc23e0cff0f3886efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
f509ddb3755241441e7f705fcbed5f8e

SHA1
57ae15cd522bf028538345e3310a570960f901b7

SHA256
ee4a59863f1f0ae40c8ef4377de322fad447b9525d4c39a79935fbd9755d9e34

SHA512
437db5594fba2803ebb0fffafb3ca5452ec35cf960f95695be73d326e1234b8cecbe5d5a9285e16dcb4195f33df25618dae18765b60a0267170907bd6d1f7c58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
cdfac1fc5a4bb99643f0a7b1e4205f20

SHA1
250765512e4aa3d84735019d2835cd37ca6961a1

SHA256
6740bbdee4efe3fff43a65d85f771ab98b45dae96fc7fa4c7bed207599a058c9

SHA512
603aa8667891219eec3a3be32c11f9851b51010e13b601b9b9bf7b6ca4a6b010226ed6889c57924170f68cc10d3d4d28632e2b0695d1b76cdae14dce5e5901f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
0990bcc65efb8b43e8cf81f25b75a477

SHA1
7f56f8a59db317c4b6c8ab68f171e5e42f5c7d12

SHA256
d25e4f831c7f2b6aaeeb079728582e834536a00786474966398eb005a8eaa7ec

SHA512
cae814ba2dac02250fb49ddf8c9defbbdc0d2bf41fa412c33eff4d684f8335044eb46eb7c07601b43ff508c2318a4b82f75d49adbe6ed241ebbe0a1a9791767f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
603c3bf4e5fbcb4c4681524840e52364

SHA1
854df7862afa3e9981f882122c031079ac1d92fb

SHA256
4e0abd839f0aa9b0aadbe3733330d36eff67658a3b33644979fa70f442a17384

SHA512
631a5f07732a355198627554a78aee8a12257038770db399ca6b3f3e7642d1aa07e29ef3f238a41b70d2cc7b4ca9bc5e5907947c9a6e641e120abf711da3bb22

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
aa6b3caaf81a899bc9c7d6095de83007

SHA1
f4e585739e2b1c7e1eb55ad5456a1f961635ab3c

SHA256
bf2f2ee81c986f11a85b2a714d32ab6168e5ae1a0bc65025a6aa5dbb365d4ec6

SHA512
53e78b9c77c9e46a15f48c030ea7995b9b153b87f271a3712b4675f59a5342fdf560c47077ecfec668f577f6bb28aee1f2c013a4efe1749836d9d1cf19638fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
305B

MD5
8340af319c2fe7130aecececf07e7692

SHA1
38f0818e11f661ed887b9343a85a2928bcb59288

SHA256
4bd4dea8d7d714bfe20f4967b29d8c8d5b8f53cdb1098288c78440c172afc438

SHA512
4f5e042aa8f04d6a1e4a7959967a7e91803b3735d5516aa5096ec5675138f56da0771dbe05cc2a1d743c3a3762496ea6efb6e1afb39365102be4f416fa01201e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
569bef9f4a1f3bb633cc966720b280de

SHA1
4f102339317395d17f97345794cb987cc99c251e

SHA256
772d33cc9401e6c35c68ee78440c4289c12c890dca57a61592fed265247d4b17

SHA512
e8634d6e870391d4fb69ed30748c9bc2d8acf4fedb2c416fc5d1a63b15aaf9adf26c9672921032838efe71d22eed1dd00d17b6ebd6333f01a7274894185e27c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
6dbe5ee8b31b3e0e0b17bf343a8b2068

SHA1
ddaf5760295bf5833797422c999bab44f9d746e4

SHA256
034f7fd3a00d0d92daf6ed9dcd41a593c411d4cedee64e3e3468430cf63a740c

SHA512
aef93cc10327eb0f005b13f606c1089636b59c0a21840861f8535744fb69967fce7933aceb08c6c7f4c1b01feaf477cdfd131aeaa7d5bc99bdd9ba19dcd17b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
1dbcac664902cad899a9e19c76019b39

SHA1
08ff75c9123ad3abcfc6b95756156ef57bef42bf

SHA256
099acaffae5288e6c7f9ffd7fcc9098035956f1c25e47418302fc48ad3acdd6e

SHA512
f98c245af1c6942ae92737b0b00c7e84a22d041ecb100c245c7fed534a5cbf36dd18ddf5c48c781467537af6669f451f65cf933f7768b5c4ae6eeff3ac9fc146

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
281B

MD5
77a03e986eb9a6ae6f99bbd9f47e682f

SHA1
140079b5ee1970f7832736812694e51395fa295d

SHA256
3cc80a47915724db8c762c3358aa2da166f592d2aa5297b84d5f05705ec1ef77

SHA512
3af44c0c4c436cf028eee78d986214ae86c11a95f1ac377349c862a95e1dd08051071da6571634c9015e5d3a226fc50ddead62f4849e931611bbfc899008e696

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Top Sites

Filesize
20KB

MD5
f827a28f6100a85bd8217d338ccca5a4

SHA1
2a180393edd7109c3ab03db4e6edf07ddd9672eb

SHA256
82ee998a4908774d5f55d1d65c897abb5c36458bafada8dc945a09c6b9f21429

SHA512
77fc5289c9d5f954e789f2c0b908a39e8e988201b0ff89efc1002d2d5d7808a8e60e9332be4b9838490d48e4a4385d8cd9b3b18c8716ceb9d6f2117cb2e53d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault

Filesize
33B

MD5
5b34b906dbe731b31e3f99ea1206264e

SHA1
c7fe2ea04cc322429501c4c310b57acde776b7b0

SHA256
41c4944296a0f55fd53592aed3f4fe42e5d4d1004f3fe19dbe61a1b490f6f5e0

SHA512
db08270554733f4f4bfc20d2803eb1d99e1fb8716b0474d0dfc8ef63067b2bd7098e2f4e4323009610046802d0ef340260ee9e356840f3ba436c58a748b089b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
231706c92db8e18261e7b0d0e8a7cbc6

SHA1
2a072aadc253b0920bc5e1183abeba1faec44a8d

SHA256
1205c36f95c45447fad1644e1d761576cbf4822126fb17e13dd11287b0fb160f

SHA512
0cbd7357d374467494d30afc7a9411d1277dd5d2d5d11a237a5ed204525b145dc496c44658923466f39bcc130878728f1f5e360ed7274ad3c078ab63aaa45d22

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
92KB

MD5
3b87ceaf0a845ffa33aeb887bc115c3b

SHA1
2f758ad4812f4e3b3d6318849455e59ebdafbfb8

SHA256
4273431417b41b1abab9a6ed93e6220be0b1d1c97ef5176806132b173d78f9ba

SHA512
32f7b10f4f0da7ee2217ae4ef0d95cee30ec1dd477f1efc07d933c29a0345fb46339f29a08e9c3bd30ef4b756ecfefac971eddf742f73b05b99aebabd1177096

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\daf11263-f57b-41d9-b421-ef834b87da05.tmp

Filesize
18KB

MD5
f1f20641969b6c13ea67e8f02f7260df

SHA1
8fa04deac8dc384bf0a16d81a038a52d9815f768

SHA256
474ae200d943c51e11debddbaa6b46caaba9fa36fe209ab1024fa6fda29d4899

SHA512
45ba834161b973030a60334f3217046a975a377b8678e73a9d232e615acf43708b0b22d7edba27403a5094e1d9cd01d537f053b053991d25b74ea03b7d45dc79

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
114KB

MD5
01ceb05d2814cf9db3a9213a88bdcb36

SHA1
ee4bcb4e66617996a8dec80cb6b6ebde000e3754

SHA256
14b0fe18f3490167acab69d26620b3a6404076d90fed9e92f67c5f8feeefe31a

SHA512
22140b8f44935fb5dfa2da9e23f0f63cd0cdba8d7a2be166a9e67b3e8b2a417bb10ec8fa1d25aec25977cf462e67ec87fb51b8a55688c33b54bdb34d1e451ac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
231KB

MD5
114f3b1387a87bfaa30a78990262d1bf

SHA1
a10f48ed703c24bf7391d3a5b56e6b9cde414a99

SHA256
52c0096918b201efd627649f0db298f8d038c649754b0e9ebda3bcc1f92a8919

SHA512
26ffe187778cad7b17ae076f883942d0a2be13b5c8830986960582d5840d932c079f1a47693e7321b0b7fda23013c4503d54f70914d63f7476271394e3c10491

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
4a014115a1581f4d87bf5ecda7aaf93c

SHA1
7d7d90a87577b2fd87ed0df1b57264ece00f804f

SHA256
35f42b948b9e3e66f52c78cdc9b6a888cd9c07b1e00acddff88bcee8f3803dd4

SHA512
4aed297a7cbf4db04ca99248ddd104be02d231eee0c3c907eaf8167735cf5c49562045eac308f74759c3abcc5db8e23df900be46cb5410184c606df45b3802be

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit