socelars | 88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2023 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Size

716KB
MD5

cf45e274907f0e7617c65aff09dea3c9
SHA1

5e9718ec8de99349d08ddbbcc1e037f284c7e0cb
SHA256

88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7
SHA512

79a79c42c184098f75b70b8cc77a4ca3a14cab968c69524b1654d7b5c3942ebd68126b3320f9b371bec4ba3e149df872319db562e8bc21c4ac6c2f66029b16bf
SSDEEP

12288:Ggu3SyqFkVKLj4Feawzv1ztGwmnjpSr5LCRmO7vuArkBKfoeY:GyL31tzYjcCRlqArkAf+

Score

10^/10

socelars spyware stealer

Malware Config

Extracted

Family

socelars

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.wygexde.xyz/

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars

Socelars payload 1 IoCs

resource	yara_rule
behavioral2/memory/2740-134-0x0000000000850000-0x00000000009C6000-memory.dmp	family_socelars

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2744	2740	WerFault.exe	81

Kills process with taskkill 1 IoCs

evasion

pid	Process
4748	taskkill.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
500	chrome.exe
500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
500	chrome.exe
500	chrome.exe
500	chrome.exe
500	chrome.exe
500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeAssignPrimaryTokenPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeLockMemoryPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeIncreaseQuotaPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeMachineAccountPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeTcbPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeSecurityPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeTakeOwnershipPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeLoadDriverPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeSystemProfilePrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeSystemtimePrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeProfSingleProcessPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeIncBasePriorityPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeCreatePagefilePrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeCreatePermanentPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeBackupPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeRestorePrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeShutdownPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeDebugPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeAuditPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeSystemEnvironmentPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeChangeNotifyPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeRemoteShutdownPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeUndockPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeSyncAgentPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeEnableDelegationPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeManageVolumePrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeImpersonatePrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeCreateGlobalPrivilege	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: 31	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: 32	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: 33	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: 34	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: 35	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
Token: SeDebugPrivilege	4748	taskkill.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe
Token: SeCreatePagefilePrivilege	500	chrome.exe
Token: SeShutdownPrivilege	500	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
500	chrome.exe
500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2136	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe	83
PID 2740 wrote to memory of 2136	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe	83
PID 2740 wrote to memory of 2136	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe	83
PID 2136 wrote to memory of 4748	2136	cmd.exe	85
PID 2136 wrote to memory of 4748	2136	cmd.exe	85
PID 2136 wrote to memory of 4748	2136	cmd.exe	85
PID 2740 wrote to memory of 2912	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe	91
PID 2740 wrote to memory of 2912	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe	91
PID 2740 wrote to memory of 2912	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe	91
PID 2740 wrote to memory of 500	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe	95
PID 2740 wrote to memory of 500	2740	88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe	95
PID 500 wrote to memory of 4352	500	chrome.exe	96
PID 500 wrote to memory of 4352	500	chrome.exe	96
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 3828	500	chrome.exe	97
PID 500 wrote to memory of 2108	500	chrome.exe	98
PID 500 wrote to memory of 2108	500	chrome.exe	98
PID 500 wrote to memory of 2992	500	chrome.exe	104
PID 500 wrote to memory of 2992	500	chrome.exe	104
PID 500 wrote to memory of 2992	500	chrome.exe	104
PID 500 wrote to memory of 2992	500	chrome.exe	104
PID 500 wrote to memory of 2992	500	chrome.exe	104
PID 500 wrote to memory of 2992	500	chrome.exe	104
PID 500 wrote to memory of 2992	500	chrome.exe	104
PID 500 wrote to memory of 2992	500	chrome.exe	104
PID 500 wrote to memory of 2992	500	chrome.exe	104
PID 500 wrote to memory of 2992	500	chrome.exe	104
PID 500 wrote to memory of 2992	500	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe
"C:\Users\Admin\AppData\Local\Temp\88d3db212ceae3e3fd22ad246bb9a6fb674845b6fb59ce789e132d2f6b00c1e7.exe"
1⤵
- Drops Chrome extension
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2136
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4748
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:500
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb00689758,0x7ffb00689768,0x7ffb00689778
    3⤵
    PID:4352
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1864,i,10626095313628282393,8270268130801512492,131072 /prefetch:2
    3⤵
    PID:3828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2120 --field-trial-handle=1864,i,10626095313628282393,8270268130801512492,131072 /prefetch:8
    3⤵
    PID:2108
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3508 --field-trial-handle=1864,i,10626095313628282393,8270268130801512492,131072 /prefetch:1
    3⤵
    PID:2532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3480 --field-trial-handle=1864,i,10626095313628282393,8270268130801512492,131072 /prefetch:1
    3⤵
    PID:5052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1864,i,10626095313628282393,8270268130801512492,131072 /prefetch:1
    3⤵
    PID:1624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1864,i,10626095313628282393,8270268130801512492,131072 /prefetch:1
    3⤵
    PID:404
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2240 --field-trial-handle=1864,i,10626095313628282393,8270268130801512492,131072 /prefetch:8
    3⤵
    PID:2992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4920 --field-trial-handle=1864,i,10626095313628282393,8270268130801512492,131072 /prefetch:1
    3⤵
    PID:2140
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2624 --field-trial-handle=1864,i,10626095313628282393,8270268130801512492,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4500
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 1580
  2⤵
  - Program crash
  PID:2744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2740 -ip 2740
1⤵
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
15KB

MD5
1a0f03cc514599a693303f463dc2af4f

SHA1
ccb1523bc43b9e714e73e74978585e05b4eaa153

SHA256
be9cf978acbe54f7ed1325620b66af020441232c777b334ad25f5f88529125be

SHA512
7a479e8e609bcec808607dbba715003a067f72e94890f6615aba8df5dd635662d6debe9c86c9481bde7231554d6d4dcf12b0eeb59cf52d398d82110bd17ac258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
26KB

MD5
029c53effaed86331055c63d264c3316

SHA1
859bb39d27b462a73fc9131f694b69c8c118b3cf

SHA256
3c1453cb6fe4c7ae8945d96db6c19e3eb58702df65ee0244f8f2444b20e93068

SHA512
68d115d79428c906ca377091f30c207de92ee9450e22e94a35fd7753547cb582ae36434595f1c0e444bb19d5c6dcc214fe58a9987f690486800c8ad91c9642d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
935adb0f61fd1cd35612256f8f399118

SHA1
80282e90394b5552a5b9b2bafd04ec35e69f9899

SHA256
8d2b2a1739dcc18c050edef5674ac4b9323a102589d8702a2441f084bc606ef3

SHA512
591f8c1e4cc9b1b1e49ce15637e389b05afb7079f24eb087b7a74d7fcabfc795cae6ceb8072cbc05599ad28ee16500626e0c5c04e5c599ec3d828222f1c4ae0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
06beb2b179ed8d7eb726106b134ac0a1

SHA1
3d846505e0eea78a861bb4401dba44e00baa96cc

SHA256
6c5c7555020fef6e7483274ca86461be0e2683744e8bd41e6b5f65af76e89ea6

SHA512
5bbe6a5b2659561dfdbda7261f9fa993fab1b84a4dab8b074178f8cbd1107cdd1955a72a7157b5c088a0e6f9b7a65751b895d71554386c11a17249ca3064c810

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
06beb2b179ed8d7eb726106b134ac0a1

SHA1
3d846505e0eea78a861bb4401dba44e00baa96cc

SHA256
6c5c7555020fef6e7483274ca86461be0e2683744e8bd41e6b5f65af76e89ea6

SHA512
5bbe6a5b2659561dfdbda7261f9fa993fab1b84a4dab8b074178f8cbd1107cdd1955a72a7157b5c088a0e6f9b7a65751b895d71554386c11a17249ca3064c810

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
c93e73bb2ca3e85bf57e39c460ab0648

SHA1
5f09b8e6062dbeec0f9e2556ef522cbcdbf7e266

SHA256
f873053a64452f981661fc0c4f5b7e39864364f0fced351c59cb5ba165ea63b8

SHA512
7da8054c324433e65601df94ec181e0c606b4dbad9f2729d803aa6bf7b00e1c254d2804e2c63641718329c07ea82fe094adf4f9846b718ef7cea7f4c5313bdfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
ebb81d0b9ca0083300f1f79c3bfba070

SHA1
f3c187352108d727321001734e5fc3dd99ed798d

SHA256
65c3e5ba157fe13dc7b757d13148565072e060db3f231ec6417071c1275acb95

SHA512
404fdc7644e2f04f7c80a410e0dce33ad51174a60a5f5e3de8fdd98e7ee186894ce74ff29be1531ba0390b6f09a0def6de4337fc1bb67a07bd0506f4ddb1c516

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
225ff232b8f12b39d38d17094c39526c

SHA1
827d19899a6a5c11a989cec4b48e01977b7101b1

SHA256
5123e194c0fa9f2f9fac87c57127539f7b97533790600449d075fe63ee5ab961

SHA512
2ba89b27084702c1219c5173e6c38b142195859334b3af341079a0f0b0adfc2f9863bddd02c9e2611a6c621629c65e6a6a94f7e10160a05606833a02acc685f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
53KB

MD5
908f31d9161795706460bdfe9198329e

SHA1
be109906a6f29f66183eb3279a5c10341104f928

SHA256
144d8ca174b9d23cf9c86310cc8b8389d3c20959d13cbf68d5686158ea2495f2

SHA512
95732f15a85c1b4221fd040941472c557a236d9cda760a3975db33eb0e1cd81994606de76563e8913ff15ff7b8c247ef4f891205abc1b3dfd6157d910637eb60

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
39KB

MD5
8877fbc3201048f22d98ad32e400ca4a

SHA1
993343bbecb3479a01a76d4bd3594d5b73a129bd

SHA256
22f8221159c3f919338da3a842d9a50171ddc5ac805be6239bd63e0db78046af

SHA512
3dfb36cd2d15347eaa3c7ae29bfa6aa61638e9739174f0559a3a0c676108ccc1a6028f58dad093d6b90cac72b4468eb1d88b6414339555c9f872a5638271d9c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
37KB

MD5
4a79b9a12fcadca22bc6d584ac20400b

SHA1
00ba63f7ccd79a80d6b4658063507a5eb6799e19

SHA256
2b8fde87f5c5827f81ff2300e4b9724fcc7d612dd74e159cc9c2e8bb983cd170

SHA512
be8c6d3e79c89b5aa14fc0c86f9ee323891c7d6c411b01a3208c5805635bb6713b1aec3ea8b393efa672e4e827b30c2ea0813cb61d75144a066953229cd58fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000007

Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000009

Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000a

Filesize
61KB

MD5
22d7a7807a73c982b3a4ac128fbce1f4

SHA1
b9e581a120aadc2b788173cad1a681a5c82d6d21

SHA256
5e7eca67f6131d070c1b625b30e5da8d8ad41ae7a9fdc2e94ff75c7f4356d007

SHA512
cdcbeb20355618233fa17179960f4577bb20decc2047ea8a6afd98505cae71699e0a3cbd78a432948f898e0c12781ed346f30322df6008f804ba3c1c018536b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000e

Filesize
46KB

MD5
621714e5257f6d356c5926b13b8c2018

SHA1
95fbe9dcf1ae01e969d3178e2efd6df377f5f455

SHA256
b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800

SHA512
b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
9fa4cd746bd80d3308a1dc74d52d817b

SHA1
5d88a29bac39e94ad9a16b0e1ecc279d19395fa1

SHA256
4a199a01b79e79472fd48d6ac11ac5226cdc469cf29c9dc54078502033aed334

SHA512
e5d9f3f8952593caecde9885514f2a7fed75254a8c4b0409366588feac4d1c769a069bf670851eb0445e343f0c9da77661f8de240c3b8fcd705bf714500faa1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9e9b8c086229263a2d3567f62c4f0da4

SHA1
9b74276556562b1d5de486809a8847c6fb21fe5f

SHA256
b56a0c2a95993fda8d1fd0ecc6ec40c83ae4c332fd9710eb57e1ce884bdcdfb2

SHA512
62ddc3e05dc09614c141e0b4cc5d71cb15b8c9e210e1f7245175e3ac3c68bee16e66571e813221eb814791a2ce94f3570413e937dfc4a328680f7818b0a37acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
09d3f86f54935273fee63ee26b52eefc

SHA1
6eb6a70336f04442ce180448a23ae84cb50edd2b

SHA256
417f73c4ef8f767230afab048bfeff016a0044c7d81303cce4a31d9943b3756c

SHA512
1f1a45c9a6c58fc1896190a786404faa82d9cf878e69b84f474e1e46c9510e3b5a517a7422fc518f690c50b31acc4259bc1a9e9d4231b2919a04caff5add1ea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
f82cd070c1266353f4740c0abba3eda1

SHA1
b62fd40c01edceacb633aaaad055b55b03264bf1

SHA256
474af2879a1ce23d92b89e2dca2e157019b414a2a5e538d9325679914ca9c925

SHA512
a058bf1ba4dd8a538cc18f17b8854c17a0b5753546cb362330cf56b37fb480290d7670bbfb420732bb78dc3b006aa23e00f41ec8583ca292640f7b6ae821031f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
9e9b8c086229263a2d3567f62c4f0da4

SHA1
9b74276556562b1d5de486809a8847c6fb21fe5f

SHA256
b56a0c2a95993fda8d1fd0ecc6ec40c83ae4c332fd9710eb57e1ce884bdcdfb2

SHA512
62ddc3e05dc09614c141e0b4cc5d71cb15b8c9e210e1f7245175e3ac3c68bee16e66571e813221eb814791a2ce94f3570413e937dfc4a328680f7818b0a37acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
9e9b8c086229263a2d3567f62c4f0da4

SHA1
9b74276556562b1d5de486809a8847c6fb21fe5f

SHA256
b56a0c2a95993fda8d1fd0ecc6ec40c83ae4c332fd9710eb57e1ce884bdcdfb2

SHA512
62ddc3e05dc09614c141e0b4cc5d71cb15b8c9e210e1f7245175e3ac3c68bee16e66571e813221eb814791a2ce94f3570413e937dfc4a328680f7818b0a37acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\computed_hashes.json

Filesize
3KB

MD5
02c8ed2627b526edc7d74eda75b9a924

SHA1
2984ed94ccacb55d86da2e38dbc3b6b7b3ae9a25

SHA256
c4d3d374611fdb6e970a2019cde28482f8b92230941cbca6ebf7699815c152a6

SHA512
16197b17c6e244c11d1804abc5a739eca5ec05858c9784f919acd634d72b8da2d4ba12b2e68f04145c5fb6d39bdfc187b9a5bc49c60a11435163445a04ba3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\verified_contents.json

Filesize
18KB

MD5
2f0dde11ea5a53f11a1d604363dca243

SHA1
8eef7eb2f4aa207c06bcdd315342160ebacf64e8

SHA256
5a2940c7c5adba1de5e245dbff296d8abc78b078db04988815570ce53e553b1d

SHA512
f20305a42c93bcde345ba623fef8777815c8289fe49b3ec5e0f6cf97ee0d5b824687674d05827d6c846ee899da0d742407670db22ff0d70ebee5a481ab4a0ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
d6a0a6daf3097d64d4b80e2343919466

SHA1
9dee36303923c33731b19266ca349c95a2e83143

SHA256
dcce8e4f63f69ae162a6f0d3eb401c2c9b6f0b968df89f4904ddaeef4fe87268

SHA512
8d034e82fa9bfd5c43c645c0aafb5b374603d57223d724d33a5ed599d9057be3b364217be759d68a344d8e80635dcb794bbea69fb1bb655d7cf76e85930847a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
7765c8a6f6ee617a938b686d6d4e6171

SHA1
8c0376bd8aab2b91f8f10df70e2da5a2e05b68c3

SHA256
b07b697a2903c9ac63a16b56c4f6bc70682d6aae65affea7e3510d630304b56f

SHA512
fa1b256f0ed7c8dafca4636d6dd1b5d7691f6cacc239e0acb9b3511d85842dfcd5ce4b3a4feb0b80f6b29e498d5c1d723bc1a2bcdfc1089d8bb1f177cf7506e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
aba0ec65f11147e5a7d242f98b9bbc8b

SHA1
04d0f870812e959c606c5be73d0341bc627186aa

SHA256
70d408a35e473ae2483b2d1ff7aeaac1557051c0ddde1a3efc03fa1eced568bf

SHA512
d3f5dc4659909c0ba230ecb50090c4107a3641530c57232dd41c3ce8d27173bf3bf15c018be8d6895c1125738bd58ea218655c13187907c8ba4e779f7e79c53f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
639e803baa67c5ef34493ea7ee959dca

SHA1
240e07138fcd9b95afe27e21b58ab09b33dd7d69

SHA256
0d6f84c04598ba1768f387a0b77a54dd634e2f9c54cbae8978ba2c7287d455fa

SHA512
91c1c544445a818c5fc3d0db0780057842791129d0de60f2d22862002f82a984385a5e8fb6a81a48d7dec36f684947e4e20abd456afea1f65963354a0a77d469

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
870B

MD5
676375e6d513bc3ea9195fbb05a3092a

SHA1
54df1b0abf15bd11fcd07be6d589a30a26a271a9

SHA256
9b91fabc77646e1041f8cb8f0b65bb2e8b17e88743f5d0089181eeb1aa39a439

SHA512
c73b58f9652b777ee8ce21d8776b6b33b243d1235324c1980233d114526d8dd0c7b2a1f4d5b83fc676d9adaf4ca39497c4d982e661d28ef7e0cae1053e3d0ef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
367B

MD5
a457bdb66cb2398b50425451b869758f

SHA1
051ea4ba780e0a780bb48b4521b5e81f3b71ca9f

SHA256
8f4b9b2438ab15f69cd81e3c84641a31055f0bb05819ed092bd626397bb866b4

SHA512
420a89ab864a87bdb57c578c0087a1b99c6218263d12bffbc1ece85f40df17057f40572de3cad7d245bbcdad6379c9bb2c483d0cd1dd6b7e2b228974e7c488e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
870B

MD5
b8447e6e7817d848322a76a1e70cd4a0

SHA1
ea055a21c4718671b0d3fe6271f75188093511c2

SHA256
ce90b9f5ad738bcf98a289f73b4bb2b6a659e3dd3ae6b73baff948f63442724e

SHA512
af4cfa10cc7a819763eb1a4313b465ad97a8fd7a442a65af8db16e544034f9400f3cac3517b5193f3e9303375f9fa67f8bdaddaf023e517ab42cecc91dccc5f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
870B

MD5
abe6f56d6b8c996df00f25bd41d0ff6d

SHA1
b4df1c59fadeb913d10971810fb5b922b0fd08d7

SHA256
b4ca6faf3ae8d313706ed32556c96374044390864276555253c2e1d383b990bb

SHA512
22b200610aeace91be3e4dc4f8eef402ca37a0def01db0ad3bd4213937777b307ceaba65462240becdfb435debe3a41ff200785998caafe0e5f51ae4026625df

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
b90165ca0734a0cf977ba1740bd8d243

SHA1
cf46440ffda96c047cb386079e807ad96220d2f4

SHA256
d58a2f0d68d7cdf59873f1aedded228f26d5365e2dc35c7d4347480312ff4652

SHA512
6b2a4cc8bc243a6c06c9891c1a0d21f45fc40e305db84db20e06f203e4de9b9eb5ffd9565e6b0a22998301807d50e18d628a767ff30edfb79db2aa0e5f727ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
8d755fa1759b0e1ac1088e8f54b3bb72

SHA1
15f908ff2e4772a7fa733cb4ccb70720bedf1dc8

SHA256
a0c04665828f4399274fa457834f1cce2b628046d54cc41cfc5195054985d70c

SHA512
ac5c650e4e772f3561c0746db6e6bc69a447e9b31f42e9f74119ca99c630bb5949924c18bbbcacf26575883e1fdf00abe4c1083e53ea2456a25c1bad5a199477

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
18KB

MD5
935adb0f61fd1cd35612256f8f399118

SHA1
80282e90394b5552a5b9b2bafd04ec35e69f9899

SHA256
8d2b2a1739dcc18c050edef5674ac4b9323a102589d8702a2441f084bc606ef3

SHA512
591f8c1e4cc9b1b1e49ce15637e389b05afb7079f24eb087b7a74d7fcabfc795cae6ceb8072cbc05599ad28ee16500626e0c5c04e5c599ec3d828222f1c4ae0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
15KB

MD5
d6e49f7754744cb18767fdd5f8a4e837

SHA1
74665fe3a8bb0262428984bb618816f1ef461488

SHA256
b66247c9bc2b97effa0af2fb79853a189aa44c30f4d352f37052dfb57653ede8

SHA512
e90aafb11305edad6c832cb405e629ba9b324883a74d20700cbbc418b6dcec5b2efac0f70ff1fbbc15a8d2fd024dddbc305736996926e7ff24307c8ae37cf3b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
e1a81d5f2bd689b9d17dba6c5e9c095b

SHA1
9f4261af285798b5441699827fc1da4945602ad1

SHA256
9b819555150dee314bf795cf63a6a7893150f8e1d785e8906aadf1cb7ae052bd

SHA512
64517fd1d70de14dec7c03567c79650ac28b58a1ab61332b2bfbe101fedaac331a008aacc1685745ee3e7384dd1425b85bfa75f72119f5fd9f49feb24eabea55

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
305B

MD5
d1d497e6c66f31cb4ad72e641873c40a

SHA1
91d5516f23cbd78c7f3fc46e590f2f040363f909

SHA256
13d8316499dd8b7df3232fbb2cd95883268531a7586b13713e5baaba3cfb1517

SHA512
6fea4dacdb5194ca32121a061bbb0fd2f4fcfea3c4ee4f3ab697071449b143b8d5de379d836ed1b754cc673cd3a8c84817b820dc89b67639adfbf706d2d83b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
eadd76c6d28cf63ef8428e9e5c4b76c5

SHA1
6997afca1894a4db414348b0e514b97bcbc47498

SHA256
739d23c9ab5d30c544d3dbdf88c8033a1147cd00172370f92fff3780dac11d09

SHA512
478053cc07ce9a74fc659d02a91826e70a69997348231000591b63bd18458bb8cec2095f77538c393151a70b4f3b322a515bd93af7fb62bb6e38851ad74ba1b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Filesize
256KB

MD5
36121136bb4c8ea3bf09620d1d8f0bb3

SHA1
3b486ff2faefa4c1f0fb7882cc7b96f1659ae59b

SHA256
6a425279caa542df6fbfd059ceb395cf7eef2dd4e0dfe612680dd277bc6c21bc

SHA512
7b312bd882f68ebed5d215d4f188a0eba2a5a64df2e9fb01a036a68eea19e7013d1bcf96d35a22b23946728a0fbd85822b9396aa1036bafc32bda1fd0d0d6e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
93767e0813d99b1c11762d023df61e1d

SHA1
23f39ddf671d6be56b9209891f42209aaff3a2df

SHA256
69af0143d07cb586aae27ab0df397c35f5d3ca830dbfc34d294c34cd963555e5

SHA512
61ff3f6ab794de806b4f71edb3cdbd2874025b568a47f066fb36e99db8de7d5eb6bde4eaf68fdb790e961fa05747d965fbf0df5f7bbd9fa1169e5690bd38cca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
786f1cf7d968e2e83592ffde3f04f3cf

SHA1
8336558a5880dbcce47c76832d72681e810fbbb5

SHA256
de6ae470aca61223bee6ee4119dccde6e0d305a142fb3307980676f35c40b622

SHA512
b47a373583e7c5fdb59a4b6bd009aad56a7903862a7074b11838e91caf34a30c263205dcf087b22451dfa401382aa3c5ea5fccd3754a49480666998ab0ceb5ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
283B

MD5
533b4defe095e472afcd7a18cc6b9e1b

SHA1
3345d9db51418c7b9b52f02cee5361d0707ead14

SHA256
259bc6db35666183ae528007abd5733af59a80b40b2ab116f169e1b8eb8a59d3

SHA512
403d044e5dcec6e023dba6fffb88659dc998edd76265fed75aef3612b465410b159a3f1983d9abd6086c0861cbf7fddcd7bec08388b1d5d42fa9384d9cc563ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Top Sites

Filesize
20KB

MD5
f827a28f6100a85bd8217d338ccca5a4

SHA1
2a180393edd7109c3ab03db4e6edf07ddd9672eb

SHA256
82ee998a4908774d5f55d1d65c897abb5c36458bafada8dc945a09c6b9f21429

SHA512
77fc5289c9d5f954e789f2c0b908a39e8e988201b0ff89efc1002d2d5d7808a8e60e9332be4b9838490d48e4a4385d8cd9b3b18c8716ceb9d6f2117cb2e53d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault

Filesize
33B

MD5
4bede1c0d0fe2cb4ad3f24343cf17501

SHA1
eb95f3c30dfe2697b4e0fafa9919ccd987e5e196

SHA256
07b9b733f94249c6196c01d86326bf08d4f47a730da6797ef23f30ff37fc09fd

SHA512
bc0f522a401f441093bfb0325759971e645f2daa3efaf8b94e32626c115aad396ca182ff341f505377d71f59e4c8685c3576e15f8e26d315e00b874965d749d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
627a17f9b95d655d257e41ada895777f

SHA1
17efe72617ebcee74bb59d8392d25b95dbcf6e86

SHA256
c96a87850bc38b978cba87f16007c541551f73b74bd3b85fc8e474ebaa53bd21

SHA512
6e12ad037d6527f6d5192558de0d0b5999dc7af33bcca263c4f235e3f8559b19f92b66c13a474c236eea5be56be97de6051362a5fc9c63781c0841240176a7e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
92KB

MD5
da6f6947237f7f9902d3b9ee78c045c0

SHA1
492a79734456f81be28b4875feb107420a840a46

SHA256
603604a1810fac25ae925cbddbc1c0bf212a7fbbfefa95fec40e09bff96f70c6

SHA512
fd76772b420b13eee0c783ff042eec6145237f6a186c7a843c837781bfbffa772fafb9eef24e1b9202f4b95d93b7865c25a2dc51b98a87a716bc2679c8db6ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
87KB

MD5
6ff28abd310988f4a563c88c9b1b8814

SHA1
a3c6d27bf670f3cfc932007a26ec1ba3f6b1b6ce

SHA256
bc5a78c152d9e1cbe84ba9f0f16f840b397c1d364cf017ca517387c5b1e9fb13

SHA512
357a377a8059035cf6d51cb14983d7c500e2689e9942feb55b859f7f11e0de9db2d99efc7b21a70e9d6eb937fff9da1223d8a1ab5132d03469d9e24e465aa65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
179KB

MD5
4b5c3826275168735a5b513b1cc20096

SHA1
f6d41e80dc37215c1fea32fed850eb37e43f7d0f

SHA256
39b35ae21a363237d6177eb1ba5ffc067255fef18435624ff86e9d8a8a1af4d9

SHA512
59a3e20e27b6eaf01609b133bdf6c41090ba0b3af89c3eedca03a58be2991acc789045158b302de2c046bcafb9fa21980f0946fd3be69ceb9dc2abf49c7af7de

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
6f5d61831ac5960f46276a38062f9ec6

SHA1
cb01734d53e73d7c69fe3682f5a720fa2fea7ba1

SHA256
84452eee9d98a98ed0c70171bb0fa941c22115c5707d06688097df7e708e27b1

SHA512
d6c13a3d9f9bed1860b770f5cfa0ef3c5f2cf95cb56988b3409c5d75b721074a55edb63073746165b54e7454e6dfe71c174f78e5219347475fd73336087ef5ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
memory/2740-133-0x0000000002530000-0x00000000025A4000-memory.dmp

Filesize
464KB

Download
memory/2740-835-0x0000000002530000-0x00000000025A4000-memory.dmp

Filesize
464KB

Download
memory/2740-134-0x0000000000850000-0x00000000009C6000-memory.dmp

Filesize
1.5MB

Download