socelars | a3f4061d3d60ae5a3ee4a168f1bec3790e1927f77184915a821d1eade478677e

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0x00070000000132e4-133.exe
Size

1.4MB
MD5

6db938b22272369c0c2f1589fae2218f
SHA1

8279d75d704aaf9346e8f86df5aa1f2e8a734bb9
SHA256

a3f4061d3d60ae5a3ee4a168f1bec3790e1927f77184915a821d1eade478677e
SHA512

a83cae75c7d9f98e4841f1517ec6ea867731f3f3c52a2f12c372be01c7da0a53d458eadfc61309a906ed63c48ca80194ddf52a084044a20e8a2bd3679e492c31
SSDEEP

24576:uKZpitpmSUUm4vJHsCSfl7x4/v4NRfyaGbFVss00svFFRSuOeiFFuCv6ef1N:uWitpzmSJ8fVxKvG8xVYZFRSudiFFLvN

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops Chrome extension 1 IoCs

Processes:

0x00070000000132e4-133.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	0x00070000000132e4-133.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

xcopy.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

1268 taskkill.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4876 chrome.exe
4876 chrome.exe
112 chrome.exe
112 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

4876 chrome.exe
4876 chrome.exe
4876 chrome.exe
4876 chrome.exe
4876 chrome.exe
4876 chrome.exe
4876 chrome.exe

pid	process
1268	taskkill.exe

pid	process
4876	chrome.exe
4876	chrome.exe
112	chrome.exe
112	chrome.exe

pid	process
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe
4876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

0x00070000000132e4-133.exetaskkill.exechrome.exe

description	pid	process
Token: SeCreateTokenPrivilege	2252	0x00070000000132e4-133.exe
Token: SeAssignPrimaryTokenPrivilege	2252	0x00070000000132e4-133.exe
Token: SeLockMemoryPrivilege	2252	0x00070000000132e4-133.exe
Token: SeIncreaseQuotaPrivilege	2252	0x00070000000132e4-133.exe
Token: SeMachineAccountPrivilege	2252	0x00070000000132e4-133.exe
Token: SeTcbPrivilege	2252	0x00070000000132e4-133.exe
Token: SeSecurityPrivilege	2252	0x00070000000132e4-133.exe
Token: SeTakeOwnershipPrivilege	2252	0x00070000000132e4-133.exe
Token: SeLoadDriverPrivilege	2252	0x00070000000132e4-133.exe
Token: SeSystemProfilePrivilege	2252	0x00070000000132e4-133.exe
Token: SeSystemtimePrivilege	2252	0x00070000000132e4-133.exe
Token: SeProfSingleProcessPrivilege	2252	0x00070000000132e4-133.exe
Token: SeIncBasePriorityPrivilege	2252	0x00070000000132e4-133.exe
Token: SeCreatePagefilePrivilege	2252	0x00070000000132e4-133.exe
Token: SeCreatePermanentPrivilege	2252	0x00070000000132e4-133.exe
Token: SeBackupPrivilege	2252	0x00070000000132e4-133.exe
Token: SeRestorePrivilege	2252	0x00070000000132e4-133.exe
Token: SeShutdownPrivilege	2252	0x00070000000132e4-133.exe
Token: SeDebugPrivilege	2252	0x00070000000132e4-133.exe
Token: SeAuditPrivilege	2252	0x00070000000132e4-133.exe
Token: SeSystemEnvironmentPrivilege	2252	0x00070000000132e4-133.exe
Token: SeChangeNotifyPrivilege	2252	0x00070000000132e4-133.exe
Token: SeRemoteShutdownPrivilege	2252	0x00070000000132e4-133.exe
Token: SeUndockPrivilege	2252	0x00070000000132e4-133.exe
Token: SeSyncAgentPrivilege	2252	0x00070000000132e4-133.exe
Token: SeEnableDelegationPrivilege	2252	0x00070000000132e4-133.exe
Token: SeManageVolumePrivilege	2252	0x00070000000132e4-133.exe
Token: SeImpersonatePrivilege	2252	0x00070000000132e4-133.exe
Token: SeCreateGlobalPrivilege	2252	0x00070000000132e4-133.exe
Token: 31	2252	0x00070000000132e4-133.exe
Token: 32	2252	0x00070000000132e4-133.exe
Token: 33	2252	0x00070000000132e4-133.exe
Token: 34	2252	0x00070000000132e4-133.exe
Token: 35	2252	0x00070000000132e4-133.exe
Token: SeDebugPrivilege	1268	taskkill.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe
Token: SeCreatePagefilePrivilege	4876	chrome.exe
Token: SeShutdownPrivilege	4876	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid process

4876 chrome.exe
4876 chrome.exe

pid	process
4876	chrome.exe
4876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

0x00070000000132e4-133.execmd.exechrome.exe

description	pid	process	target process
PID 2252 wrote to memory of 1076	2252	0x00070000000132e4-133.exe	cmd.exe
PID 2252 wrote to memory of 1076	2252	0x00070000000132e4-133.exe	cmd.exe
PID 2252 wrote to memory of 1076	2252	0x00070000000132e4-133.exe	cmd.exe
PID 1076 wrote to memory of 1268	1076	cmd.exe	taskkill.exe
PID 1076 wrote to memory of 1268	1076	cmd.exe	taskkill.exe
PID 1076 wrote to memory of 1268	1076	cmd.exe	taskkill.exe
PID 2252 wrote to memory of 3708	2252	0x00070000000132e4-133.exe	xcopy.exe
PID 2252 wrote to memory of 3708	2252	0x00070000000132e4-133.exe	xcopy.exe
PID 2252 wrote to memory of 3708	2252	0x00070000000132e4-133.exe	xcopy.exe
PID 2252 wrote to memory of 4876	2252	0x00070000000132e4-133.exe	chrome.exe
PID 2252 wrote to memory of 4876	2252	0x00070000000132e4-133.exe	chrome.exe
PID 4876 wrote to memory of 4756	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 4756	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 5004	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 4608	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 4608	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 2708	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 2708	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 2708	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 2708	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 2708	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 2708	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 2708	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 2708	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 2708	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 2708	4876	chrome.exe	chrome.exe
PID 4876 wrote to memory of 2708	4876	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\0x00070000000132e4-133.exe
"C:\Users\Admin\AppData\Local\Temp\0x00070000000132e4-133.exe"
1⤵
- Drops Chrome extension
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2252

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:1076

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1268

C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
2⤵
- Enumerates system info in registry
PID:3708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xbc,0x110,0x7ff866959758,0x7ff866959768,0x7ff866959778
3⤵
PID:4756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1816,i,17434161502210931724,7107802145429980287,131072 /prefetch:2
3⤵
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,17434161502210931724,7107802145429980287,131072 /prefetch:8
3⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2212 --field-trial-handle=1816,i,17434161502210931724,7107802145429980287,131072 /prefetch:8
3⤵
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1816,i,17434161502210931724,7107802145429980287,131072 /prefetch:1
3⤵
PID:4284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1816,i,17434161502210931724,7107802145429980287,131072 /prefetch:1
3⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3604 --field-trial-handle=1816,i,17434161502210931724,7107802145429980287,131072 /prefetch:1
3⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3340 --field-trial-handle=1816,i,17434161502210931724,7107802145429980287,131072 /prefetch:1
3⤵
PID:1400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4800 --field-trial-handle=1816,i,17434161502210931724,7107802145429980287,131072 /prefetch:1
3⤵
PID:1244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4248 --field-trial-handle=1816,i,17434161502210931724,7107802145429980287,131072 /prefetch:1
3⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5148 --field-trial-handle=1816,i,17434161502210931724,7107802145429980287,131072 /prefetch:1
3⤵
PID:1340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3960 --field-trial-handle=1816,i,17434161502210931724,7107802145429980287,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:112

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4644

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html
Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png
Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js
Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js
Filesize
15KB

MD5
b450745623fac149f5eec9060262409b

SHA1
6d8b7a58e786681abe6a46b3802309d5f30caf28

SHA256
c805df28026d1d11b75eee89599fe803d77b0ebc4438642e391010cc70f649c6

SHA512
3dc49353c7b0f36eaede40ff7999353d5c683ab228434f210e2e9186446a2d7db514313ffe7ec3b305a21a3994703745509d0228f6100cca595bf38c573fb297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js
Filesize
26KB

MD5
029c53effaed86331055c63d264c3316

SHA1
859bb39d27b462a73fc9131f694b69c8c118b3cf

SHA256
3c1453cb6fe4c7ae8945d96db6c19e3eb58702df65ee0244f8f2444b20e93068

SHA512
68d115d79428c906ca377091f30c207de92ee9450e22e94a35fd7753547cb582ae36434595f1c0e444bb19d5c6dcc214fe58a9987f690486800c8ad91c9642d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js
Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js
Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js
Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json
Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
18KB

MD5
2744ed602aa40388c96c7d0a2cf6d5c0

SHA1
473bd4bdb4a96d29739f3201540057b3f39c9a30

SHA256
494aeeccc6954a0e1940eeb4c7507437d5c3328c0b243eb558df4c3f935e2124

SHA512
58c69ff90cfabdb3bc492566791739cf354b57a239af136ff1dbd2f4573ad9e6834f8649285bc3c0cc7eae50274611aad36c6346eda18db557b138da56b2b60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma
Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat
Filesize
40B

MD5
52957d4bf2f5b79a0cf7b42e9eb1a954

SHA1
c6ca0bc3ebd37a4a7a99b3ec8b4cc29368c5fac5

SHA256
373963e79b7dd7a50576b9bf92f1a5c356e30bad53e25c44d245dfcc2f869d6b

SHA512
90f957c13fe611b314c501d6cff5fa6d747ce1bb67d32b73997292c6c846c516e509ca76351f827bfaefe80960d4ba8ee89ac7a2a9330f4741f6dce9b4170036

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat
Filesize
40B

MD5
52957d4bf2f5b79a0cf7b42e9eb1a954

SHA1
c6ca0bc3ebd37a4a7a99b3ec8b4cc29368c5fac5

SHA256
373963e79b7dd7a50576b9bf92f1a5c356e30bad53e25c44d245dfcc2f869d6b

SHA512
90f957c13fe611b314c501d6cff5fa6d747ce1bb67d32b73997292c6c846c516e509ca76351f827bfaefe80960d4ba8ee89ac7a2a9330f4741f6dce9b4170036

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\6b30d005-72b0-476e-9274-80ee894cc926.tmp
Filesize
6KB

MD5
a7ca7273ca6f1cc2715d9178da803c30

SHA1
e00fe7423215ca709640da7435670569260606dd

SHA256
4c77e9f58e773fba1060c7668caaf85433cf438232d7d4e1a3ab9730e1c4a753

SHA512
b3c09f596456fc693d884670d0f0bc78e06e5b6f2c6d338b6d6b518024e10cb703d86cdc4f99bb4bbbd3fc5aa5f11abd88b0d9c29400a34a0b07f2f285107ea4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database
Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
cb010c2b8d02d91d57d46e7bcf9c1521

SHA1
d95b12c20db1faf744021aa1b2bd7a49e8489fd2

SHA256
146b7d7ff60564d59ce2da49443b821f44cfffe28fb5f7d2443fab4dd7bb9b79

SHA512
5585f90ff38489920fe9a95e8846696eb23260df2a305cb390f3ef8bacca2cf9e633d799b280961f30cf5db50c4a7edeebd0ec81c816602a9eaa0bdeafff0db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
69d23370c3dcf8c38ac1c991fa057795

SHA1
36146c467ef501b49e18fedf15e077d9f1069703

SHA256
c6ba6208314af9fc86808e6d527f507288d905be65f9b21fe23def24afbd9219

SHA512
978e1f763b9e45135afc41ccad9e23c4b11f2b8eb85acbe2f785c72ee19dd2e847cff11a621be978c42bb1935f0080b5ca955830ee6bd8001e4f80691490dddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
bfb710f6472d2be8e304286ff54985f9

SHA1
4aa44dd92e0bd67d9aa77ab7abd56f7c55cb0cc4

SHA256
ffe37a0e50bbd9ed254234841247bd7f54ef91675dda728b0971f7b3436de2f6

SHA512
173e0d4ab4d71f64349c8cb01cf3632b873786419c822d722c3ffbcffd41e99bf88f06565fe3792df43acd7a34487967ad0c8045f8d85a8b1f9c85ab21a06710

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000001
Filesize
36KB

MD5
d535884c0b2abdd2696d0ffe5cab50b4

SHA1
a23f5f39060b9a3cf3169891350e6fe209f35a79

SHA256
2cec261312569139ee9f62f85a033f11ab684c27561cc3f45e43f73ce735a54a

SHA512
c786ee0174a3fec9a9e3afa2bf4f10490dd0179c98d435d1d5f54aeea08b7bd21e4b17577118d55be32e91560fdfdca95ef50e6f504504287b2c06930b17d684

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002
Filesize
47KB

MD5
15d80e493d1fc68bdc6a8ea1f5bdc14d

SHA1
f8cf55c328c9a9619b6bd29d45911ed64d811432

SHA256
49840eb0187fbe5c296813bce59a47284a5149e02de8a5120adf33b1401212b2

SHA512
bcd1d28f9ef934fd584cb13753cba95d4a137ccde8f5899b2e680c5c97459195c29eef8401b1754dfcf7282c6e0e8f9e72bbbd6e8547924d5080a5d8a0fe9c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003
Filesize
37KB

MD5
8b7b7fbb3b03a6363147f827f1c7548c

SHA1
1989538f1b6d6f4adebcc4752e2851d87dda996d

SHA256
42f93e826e154983acb5940d49ea3d36dfb20b2c169867754bfb7ffb2d74e79e

SHA512
809951e322d244f1eae7894d0d0b703881609b906ca1062775f6fe540b672e0603bc780d210b5d91078a7ad619ee10debdd0999bbf61855f880dca681b079c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index
Filesize
512KB

MD5
250ffb9af23e249ce136719faefcd702

SHA1
0e6ef6ea20845cfefc7b69e6c010e9d5fd8ee6d5

SHA256
063d5c2940e7157892d6933a8f9ebc822ed18c09682a4d7bb3ac99b257ea6749

SHA512
592ebd73d9ba640ac2738e384f88a2bb950848072d460b87b1d9062437601fbdd32f51954f44a6dde4fec70b0af5266b5976e88edf4986cb67f6df1aa301e7f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
96b43812e4a002dd9a930fe268e5a0d1

SHA1
1bf62369e96844d8ed6f990fbce86ae9a189fb5a

SHA256
d5885b91356faacd1a632db468553d26aeb9b18fcfc6b34e0e50f929fdd5f65b

SHA512
39416b28aa8a09499e6ee5e4ae9cd8772533c170d84254ca6e983a875b66b104619a85f80e3e2c9284aa8760b4ca0f00d2cde5f774ce884b8356c78569496661

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index
Filesize
648B

MD5
7792d96bda61e553133db8209f30a5b2

SHA1
e1333be5ab99204b4ffcea2a786295da6ef41580

SHA256
a838bda70ae5241d82bc48c7727b510041289de907c817f96f16784e0ea4b809

SHA512
74f025fc6e6ecbe40778b0d8492e528f5a643e1c48f5e5337ad705c6a788f676646d0216fdd1d70d27e7c01a42283cb01b5315ca49ac4d5abbe092146b1c401e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe57417d.TMP
Filesize
48B

MD5
161b28d8ea5f3e0f343652ee7ebcb6c5

SHA1
8c48262cde40c1e78b0364771d034b71dd9943d6

SHA256
14bd0d87c2b92a19bd67ca324622695bb3c2006d7e95f77f7d843d9a0f4c0a0e

SHA512
5135d76eb3142651c5decdf412aa401020a49c14a89bfaf7b5973851e9e79f23621ca79b28930e8566922cf293e72fa8e179e59068126b1b3fb7aaea5ddea4ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
96b43812e4a002dd9a930fe268e5a0d1

SHA1
1bf62369e96844d8ed6f990fbce86ae9a189fb5a

SHA256
d5885b91356faacd1a632db468553d26aeb9b18fcfc6b34e0e50f929fdd5f65b

SHA512
39416b28aa8a09499e6ee5e4ae9cd8772533c170d84254ca6e983a875b66b104619a85f80e3e2c9284aa8760b4ca0f00d2cde5f774ce884b8356c78569496661

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
96b43812e4a002dd9a930fe268e5a0d1

SHA1
1bf62369e96844d8ed6f990fbce86ae9a189fb5a

SHA256
d5885b91356faacd1a632db468553d26aeb9b18fcfc6b34e0e50f929fdd5f65b

SHA512
39416b28aa8a09499e6ee5e4ae9cd8772533c170d84254ca6e983a875b66b104619a85f80e3e2c9284aa8760b4ca0f00d2cde5f774ce884b8356c78569496661

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\en_CA\messages.json
Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_metadata\computed_hashes.json
Filesize
3KB

MD5
24faa2a186abd0735d56282ddbd52678

SHA1
aec5702582bd478d6c01f8a68f9f44c778347652

SHA256
69327ece9b5f122acc4288ef532bab812ca14d20178a1a9c97f5a1488f4a7c0f

SHA512
2274de2fe1496101a0a9bd9d1a3a1dd6f3246c3a3507bc19e918a36c5337329bc49b46d70ef51515796583af75c2520e5991272045caff6e9c8319c4e87ccde7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_metadata\verified_contents.json
Filesize
18KB

MD5
007f8ac4a87f9373ead66a99c1fa4ed5

SHA1
416a9397246a542c501bb60b245b9ce9310030b6

SHA256
95059aacf4fb7b782dbc7b5b0e7d84e8a94f30c656b89feeca4cf089dea2b272

SHA512
a5ff41ac482cd5925446b121b48fa1467cadec3743bc7a90c4031c41efea0ff10e98eae2acc0fd28519689231624cb8bbadf05e34897863b5ba08eeb1e87c3e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json
Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json
Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons
Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History
Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG
Filesize
291B

MD5
8f23ecdc498751b3e910e0517c422c32

SHA1
1921e516c5a4728a42dc6ff68de8b7cf963ac6ae

SHA256
43d970044b523b45c89a27bd5fdb7cb4692150024e720d596a4e9d1c6d3b5c88

SHA512
3b9d4dadc1da829a6edbf6322e31e8b667552ddf1fb8eb45e36c0bf00f6cd75968a14a868cdc07eb751877176e5685abae26a637b7cd0b10f9f14760cabf452e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies
Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
1KB

MD5
1b4c43089b17f172993f77547bb8ddef

SHA1
3fb958805c449561197e7238531a98f1cf62c358

SHA256
e8ed9e0f20a1134d3366b3e90d1c94382a72b2ae146b847aa5f2fb35631b1ea0

SHA512
2cc11dab46372807a19506f2efa6efa2350162b8aa15120582c7823e8efe93d612f43767e0fc592515dbe3f46b0f34c549326f191be8fc3746b926d7a2d77c3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
1KB

MD5
7a52b31ccc34f5a94cd94dde07f7bbd2

SHA1
b1408782e04d5ad80876db365ec224c07af8af80

SHA256
6419e8f6598d78525a6cddb2fa5ba8a21b6ae66ef25e2ce18877769c15d55ae2

SHA512
cab041dada1116de3d94405f8cb71c22e7b62e987eebf68540be8e67ef7061b605c0f5d52eb4d7bc4135ff2529c05ad7c099d164f635677bba3363389e34a726

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State
Filesize
1KB

MD5
993863ffed4c1b8d6176ccacdd34f708

SHA1
12e680bf99c5452bf399503d29da49fed20e43f6

SHA256
5981e2ac6ff34c7e672611929dff97ea21fc084bf15617081f3c0a592dc5ada0

SHA512
622bcab75cbb375b54576518579e4d35ab1f1b17811a03e1bb6d37a6bb9d4f026ca6ee54e279aecfa363a7e04b897f4a66f39899e7372568eb6921c0c33a5d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL
Filesize
36KB

MD5
623bed3105a9982c286002d64580de54

SHA1
2d1755cac0e45de8aa07667671bec1d93d9a5e6a

SHA256
a555b43acc21a220ec2455bcb8f7d5d8c8336a7431abde48e1019fd8b9258d42

SHA512
9f576ed83d2994a4b329b465ddcc3eceae685872b274e8934592d996183c9d98ef7847c4b6850854e37675e9c9c8d7acfe1a03b04c6ee0c0f10e4897da94f11a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
874B

MD5
412281ef5708b5442c3e96cadac3c584

SHA1
f57cebe04dc53c76c7b6a8694918cf31e9e177b4

SHA256
c63f877c29f45e6e13a2fbbeb534795eca02c0967a1aa293c41115d26a39f2ba

SHA512
1eb243cc80538722ba1c43e868e302eb56efe90502f21de3912ad8d8a9778ea961c01467efaf5a27dd5879f8d01a52d2c6650d58380eb4ce108bf126382d2a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
371B

MD5
e357eb60b26554451cdc10a97611c363

SHA1
6feea06c01899863b68cf967ba70463e105390e7

SHA256
797276bd13b35aa7da74c93a57e8ec83e3c4b44717d662604f45ebca72b2885b

SHA512
c134c55fb71b3e2d990aa8bb861da66e6400c6e7734376bf998554cba05a687685d143fe078c75c577b6eec28f1dd00f3d4da99e7c29fc872ff913a2c975eb11

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
874B

MD5
15a16d48b4c556f06f6fc377ad87261a

SHA1
30fa5b3026be747728b25fff2649397e2f12c634

SHA256
157ee28ec2380d173b0f932f2041ec6ae355096b7b674b2da0c0c36a8f3bbbfe

SHA512
9fb02aecdb1ca554cb81528eaecb02e5000b3bcc2af975e199af24d4afb784d31236289ed1c4f63a6a2bdcce81317817376d2fcae4650ca7714b585547b4ea40

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
874B

MD5
212cfeb9a67a01a7464f935b1d3d7182

SHA1
188237f7317cae7df3bc47f84e525f8c509f512b

SHA256
95e8dc889f85ee52bf7fbf65e648331034eba5625c5866ba78bd23ea59917588

SHA512
1b668eaf239a8ab31e879d0295cf7ce65b74afd0a2afdc9f5ab8c57ec14ccb3e6d9fcf10686c62b0064914c59b18036680b1ad1e6e47f730727dcf44bbf65c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity
Filesize
874B

MD5
a387245197f004680d87647bd68e9f00

SHA1
cb1902841a4236b43786076a1eb1719ad5bfb1e5

SHA256
78c0a129f047a9187beeb94ba0b152c4a5814d4eac60b82f87a9902167382584

SHA512
7963e248fdb6f7b236f29537a223dcd7e4c3866050a56a251ab9ba8d377a71f3bb49e4db8b7b4b971708192d21d6525277d01c27e8a9bc23acdc4c4af625c6c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences
Filesize
8KB

MD5
670500a8a695ef1bd8bf0352a17b6ac5

SHA1
014016c6e50121b1aa684dc125fb050d9aee23df

SHA256
4a9132ed6f2f947c3ababd8a9d8f185f5f32427c07502cd3f5a4ab5d865dc27e

SHA512
aa7edb62746057199f1e34ec9bf9e5df24d119356a69c02ea81f1d680b7e15d021697304a91f30ca2f59d78d3e29b6a2706ff709009550623b5448e36daf74ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies
Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies
Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences
Filesize
18KB

MD5
2744ed602aa40388c96c7d0a2cf6d5c0

SHA1
473bd4bdb4a96d29739f3201540057b3f39c9a30

SHA256
494aeeccc6954a0e1940eeb4c7507437d5c3328c0b243eb558df4c3f935e2124

SHA512
58c69ff90cfabdb3bc492566791739cf354b57a239af136ff1dbd2f4573ad9e6834f8649285bc3c0cc7eae50274611aad36c6346eda18db557b138da56b2b60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences
Filesize
15KB

MD5
48fa8a399fb1063dd34430a0967df57d

SHA1
ea190c3b75f8639a58ed9f34f8662ee29203eecd

SHA256
bbe9fe6ef44cc063f07cbae8964c50f0e4e36ee44e5c59d161f58b0522234671

SHA512
830733f882a669a0973dca51077d5fe3be2d2fe4c8ae92263d5b25f03a259728d8031d0216f38ff5b26c3defd1a2e665306b9002e0c0a80969eac173398a7486

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log
Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG
Filesize
305B

MD5
b5c8ba3f3f327a248a39c51fcda5e03f

SHA1
282d5baf7c52c65bcafe92e5ee3d0c179b5280b7

SHA256
ec48157af1d2fda20493973c9c7cd0b00d9675c36aded5c10461070b2ba47189

SHA512
c0a69fdebe7eaa57ea0b55e05ae5e4e3bbf5003147ad1cff07ae2dacc9f6ee926e7cf37b181730781a76d82fce49f4480355842aa4d3eb11326d2628d074f945

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
c561008df1b335baf6baff5d86a092ea

SHA1
5a399d8e161169c89c064a2a481d32d7b22d9023

SHA256
6448295e691b357683a093c33049087697dd74429451d54f3d8c9ce4319041d4

SHA512
d18f554afe0bb5310b82e0c5843ff39196042d2b1dc5531c5422199a060b93ed8011440ae70bd9abe174da500e0eabcd940a0abb3f97009bf67284c3dc77704e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log
Filesize
2KB

MD5
bb59471739474696b795e8907eefcbee

SHA1
a432f92675d4e09d380a777769b6fd5e159f86a2

SHA256
a24b9b74a7c6601906a6eb38bcb5de56cc7b82e7c93afab9ef954c8e7238cefc

SHA512
80ea6193537323abcb266772279d3766800f68e7f2b3826d30347108941d800d1ac6759a5f427d598aa5d46e1a981c5c6078871076f3d1137adb6c8775656089

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG
Filesize
283B

MD5
2fdbf4ff8bf94d3c0c9d3bc083625719

SHA1
83493cf9eee065da0377f6d87e9d240a89340a5a

SHA256
5217924882da56ef23a1f9340a87da2ee03a30325273441ecebe0d5f5ec3b4ff

SHA512
6d42f4233e78accdf5b1cf0df572cba2ffaa4ad264993329a19864e1059f6a16918a6eb12d80c0dde46c7ea435901d92c383b0f38abdb1c8be0b379a47a5a1fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault
Filesize
33B

MD5
80f31e8a898443b2bb939aaa56413774

SHA1
7a0dbdb33fd69e349155505b8f0b71377f5acb79

SHA256
e156b55793a606f9e55383e8dc98f99fd2ab96acf18b0f3624704b027b757f89

SHA512
98a21048701ca47a1c3ff5151b607275fd3381c56d32c96143e3f4557b54c7bb216cbbb14f5e5bca928385312362ddf18aa9d6c1e36bcbc32a1d5a981b89929a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links
Filesize
128KB

MD5
a9e61ecbcc643b0ba28da2dbc7362444

SHA1
53e2872e97a320b00de9efa4c246816c3f36fc7a

SHA256
7d2fdb4852de976df9653dd591514a3c06306e139017a5c23168c5bea460b84c

SHA512
da1639ce59e5251379e63584eddc623caec3d451ab2001a49aafccea540cda6f777a3280fd7bf8248e9d88e2c920bcda6671e5bdf7f00e8296f1aa738467d5c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data
Filesize
92KB

MD5
721d9e468a6d6d0276d8d0e060e4e57b

SHA1
62c635bf0c173012301f195a7d0e430270715613

SHA256
0be20bbaa9d80dfefd3038e5c7904d4b426719607c563254ec42500d704021f0

SHA512
0af08f0f5ecda8cdaaaba317f16e835032797e4e6e64f3f4e5b0bb8fd20f1afd9e8e2ca50b549e1c1a48a26ff02f59bc8212deb354b095294c97016a3c9dbb12

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version
Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
71KB

MD5
92d24961d2ebaacf1ace5463dfc9930d

SHA1
99ffaf6904ab616c33a37ce01d383e4a493df335

SHA256
9013688dec264c615178e151c2eb5f0b2eb9fe8cfad867b311d8581d921c73f3

SHA512
77598c77f219ab5234b8b84bcfe873f40e7464b224fac3c8568b300d3f2563f7ef5ad9ec5cccc0d719e7d3e489a164b04b6b36316196afea0b8051de3c751cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State
Filesize
144KB

MD5
15d078eca7373cff52ecb657490ca8ca

SHA1
ca33a163536df6dbea59ef5c7e14d2014a616d9e

SHA256
6253c03f5490401340309e208e7df173ade3eff40201d600ed9931809e8d6ee5

SHA512
b043153eb6d5c82eb5544e534f4cf7a962dddc809a572e712968121f6341016a7c3855849470b017b2e730780cf3831787668fa7f90df29443a5cb1d05901907

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index
Filesize
256KB

MD5
cd1f0f6a6f9a62eb69dbca813b48d418

SHA1
f706cf48e6f87ceaad8e928ed4a2c077354d40af

SHA256
592c1b03e48b60e4d3fa6874a7249de20bc1d1c5f9b1e033edf07f30474c67b5

SHA512
bb3c3ca179e76580b5ee71fa17ac0e9d955a1f21c30379fadc5bbb773b0b5a70531005b3b092f3a57d9dbbe0f0ba846e19bf3a17e79b65000b9791927c5b9626

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations
Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
\??\pipe\crashpad_4876_HDTRFHYIEZQOHJSW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit