socelars | 02a5466eb5df2aef6f904ef7fa8ef36c2b98ace1ae5998cc516ad69884246550

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

baa553f1e49ce769cdece59801cf1922.exe
Size

1.4MB
MD5

baa553f1e49ce769cdece59801cf1922
SHA1

e59fb4277d3d36e140f73fa128b3d1103b375158
SHA256

02a5466eb5df2aef6f904ef7fa8ef36c2b98ace1ae5998cc516ad69884246550
SHA512

2732e54a6f61da3b7168f59294eeb21ecc841bd74c27d3835a0f77bebad22695612fa8b48963d8176bc4d112bb5e9b379c46ea16346da98b8bfea8721e6fbcf6
SSDEEP

24576:AIVFA1pqtg/TnMbX0lwyh0FVmEByA1EwFYyOsFTceoCSPZVjQ7Yf/6DP:hFA1pvTMbOwa0TmUyMYEh1oCSPnQ7YXm

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

Processes:

baa553f1e49ce769cdece59801cf1922.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	baa553f1e49ce769cdece59801cf1922.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

Processes:

flow	ioc
39	iplogger.org
40	iplogger.org

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exexcopy.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 1 IoCs

evasion

Processes:

taskkill.exe

pid	Process
4104	taskkill.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid	Process
3780	chrome.exe
3780	chrome.exe
3820	chrome.exe
3820	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid	Process
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe
3780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

baa553f1e49ce769cdece59801cf1922.exetaskkill.exechrome.exe

description	pid	Process
Token: SeCreateTokenPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeAssignPrimaryTokenPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeLockMemoryPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeIncreaseQuotaPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeMachineAccountPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeTcbPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeSecurityPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeTakeOwnershipPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeLoadDriverPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeSystemProfilePrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeSystemtimePrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeProfSingleProcessPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeIncBasePriorityPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeCreatePagefilePrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeCreatePermanentPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeBackupPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeRestorePrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeShutdownPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeDebugPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeAuditPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeSystemEnvironmentPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeChangeNotifyPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeRemoteShutdownPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeUndockPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeSyncAgentPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeEnableDelegationPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeManageVolumePrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeImpersonatePrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeCreateGlobalPrivilege	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: 31	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: 32	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: 33	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: 34	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: 35	3696	baa553f1e49ce769cdece59801cf1922.exe
Token: SeDebugPrivilege	4104	taskkill.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe
Token: SeCreatePagefilePrivilege	3780	chrome.exe
Token: SeShutdownPrivilege	3780	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid	Process
3780	chrome.exe
3780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

baa553f1e49ce769cdece59801cf1922.execmd.exechrome.exe

description	pid	Process	procid_target
PID 3696 wrote to memory of 4144	3696	baa553f1e49ce769cdece59801cf1922.exe	97
PID 3696 wrote to memory of 4144	3696	baa553f1e49ce769cdece59801cf1922.exe	97
PID 3696 wrote to memory of 4144	3696	baa553f1e49ce769cdece59801cf1922.exe	97
PID 4144 wrote to memory of 4104	4144	cmd.exe	99
PID 4144 wrote to memory of 4104	4144	cmd.exe	99
PID 4144 wrote to memory of 4104	4144	cmd.exe	99
PID 3696 wrote to memory of 1436	3696	baa553f1e49ce769cdece59801cf1922.exe	102
PID 3696 wrote to memory of 1436	3696	baa553f1e49ce769cdece59801cf1922.exe	102
PID 3696 wrote to memory of 1436	3696	baa553f1e49ce769cdece59801cf1922.exe	102
PID 3696 wrote to memory of 3780	3696	baa553f1e49ce769cdece59801cf1922.exe	104
PID 3696 wrote to memory of 3780	3696	baa553f1e49ce769cdece59801cf1922.exe	104
PID 3780 wrote to memory of 4624	3780	chrome.exe	105
PID 3780 wrote to memory of 4624	3780	chrome.exe	105
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 4220	3780	chrome.exe	106
PID 3780 wrote to memory of 224	3780	chrome.exe	107
PID 3780 wrote to memory of 224	3780	chrome.exe	107
PID 3780 wrote to memory of 1376	3780	chrome.exe	108
PID 3780 wrote to memory of 1376	3780	chrome.exe	108
PID 3780 wrote to memory of 1376	3780	chrome.exe	108
PID 3780 wrote to memory of 1376	3780	chrome.exe	108
PID 3780 wrote to memory of 1376	3780	chrome.exe	108
PID 3780 wrote to memory of 1376	3780	chrome.exe	108
PID 3780 wrote to memory of 1376	3780	chrome.exe	108
PID 3780 wrote to memory of 1376	3780	chrome.exe	108
PID 3780 wrote to memory of 1376	3780	chrome.exe	108
PID 3780 wrote to memory of 1376	3780	chrome.exe	108
PID 3780 wrote to memory of 1376	3780	chrome.exe	108

C:\Users\Admin\AppData\Local\Temp\baa553f1e49ce769cdece59801cf1922.exe
"C:\Users\Admin\AppData\Local\Temp\baa553f1e49ce769cdece59801cf1922.exe"
1⤵
- Drops Chrome extension
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4144
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4104
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - Enumerates system info in registry
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3780
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffce5489758,0x7ffce5489768,0x7ffce5489778
    3⤵
    PID:4624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=2088,i,17008300540135350958,11905101967431221083,131072 /prefetch:2
    3⤵
    PID:4220
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=1876 --field-trial-handle=2088,i,17008300540135350958,11905101967431221083,131072 /prefetch:8
    3⤵
    PID:224
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2060 --field-trial-handle=2088,i,17008300540135350958,11905101967431221083,131072 /prefetch:8
    3⤵
    PID:1376
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=2088,i,17008300540135350958,11905101967431221083,131072 /prefetch:1
    3⤵
    PID:1460
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=2088,i,17008300540135350958,11905101967431221083,131072 /prefetch:1
    3⤵
    PID:800
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3332 --field-trial-handle=2088,i,17008300540135350958,11905101967431221083,131072 /prefetch:1
    3⤵
    PID:4848
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3532 --field-trial-handle=2088,i,17008300540135350958,11905101967431221083,131072 /prefetch:1
    3⤵
    PID:2708
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4864 --field-trial-handle=2088,i,17008300540135350958,11905101967431221083,131072 /prefetch:1
    3⤵
    PID:2996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 --field-trial-handle=2088,i,17008300540135350958,11905101967431221083,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js

Filesize
15KB

MD5
d765dd58c519138ea417602af08be037

SHA1
a05acac2ab3ee93a10c90f4145e201d6ac8937f4

SHA256
2325c432cf710795bd5421a895ab67f03d82d1102f8b672b444150807e659b87

SHA512
0cede3fdfde0875bb1b4386040dd95037dc261de1fc800702104fd7ee6dd68e764ca304ff46d81ff23b6ea44c61c6f0b3fb17f95ba73296dcfe0c246cd9af5b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js

Filesize
14KB

MD5
dd274022b4205b0da19d427b9ac176bf

SHA1
91ee7c40b55a1525438c2b1abe166d3cb862e5cb

SHA256
41e129bb90c2ac61da7dac92a908559448c6448ba698a450b6e7add9493739c6

SHA512
8ee074da689a7d90eca3c8242f7d16b0390b8c9b133d7bbdef77f8bf7f9a912e2d60b4a16f1c934f1bd38b380d6536c23b3a2f9939e31a8ef9f9c539573387b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json

Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
64e85caefdd1c821515861f427a3fc63

SHA1
2dd6e9d415faa3ce5f8d460412d89f1643523dac

SHA256
c647170eefd402aacfbad73a4a4cd8f974917c1de486211bfdbd3b9df506291a

SHA512
afeab23c0b951ed4a39cd402e3c5c8f7d3806853e84d95fee65415573150200dabea8904b655be68eed7083c90e34342eb420945f1efdf48ceaf6a728176c4b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
1a7cdcf21794595155d9daf1ec65d8da

SHA1
40352477e8e67dcd08926c4d5904886a59ca052d

SHA256
ce57ea98de4e5bc14ef94248254970c775ec2c2e1105acf460333f725b3366f3

SHA512
3e1c27fc5dd19282fbaec773dd87077fe1749a450b2ee15bf001548751cc6293025e3454482706126131febb642021ae655350bbe8d43c5cd057b73708241895

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8fbdd4c3dbdc5a2342f51c85289b3ab0

SHA1
e73a44947faa3e729d4139932fe30f6060644f6d

SHA256
535bab9d3e1316519661138ffa2b29a67ac1b83991c5055f6213ab53d4414645

SHA512
43a5cd15c7f43e74d4631eef41eeba0fbe5f02260bbb63b1e736e8cb1bfb388b5b1e567c007318ac6b875d12429db8adcb501ed431b6922be54bcf6a2054ec39

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e96c4ee34f7f6062f61b30519ebb2e33

SHA1
b7b8060f0f5afc0006c2316df66be0dfe3ae4e9d

SHA256
bf5ce774b7b1443502913587e46b993e7966a5c4df45bb0def79431de53f1a50

SHA512
00f51fd6d088aee3077099cec6544257f8c09be846e680203a7c07fc3f4938d5f7b927fbf13a7da8f1357ce9cbfae57f1fd99ee035b94a6ee968d90426ca5348

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
2.1MB

MD5
89838546d211aa503d65fc94e487b09b

SHA1
5dc8c4d0b4dc49f7203896efcc9dfbba9f7f3111

SHA256
edfacdd03f9ffb8564b72cf06890e9ef96416609be514424d8990494d8d9712c

SHA512
709e5aa1437a3b03fac8da7a58d8b8c34b529b4deee030e8336f10314e6dcdeb10d00723b44cb773e50d329bffe7e26a449515e22f2b60a4c0e7d066464e3286

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000009

Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
1fc17e2d65d7e42034d5e469070e551e

SHA1
d5f8d63252ca153afb2d83aca28e2302ee5b07ef

SHA256
49354d146243fb23049783bd01884ac8fc9538bd1a6e1491e819479f7cd80e77

SHA512
fc8a8144147f7ce257fa22940013585a16179ad09b768df16feec0f268d559948c717578da4a0e3cc3007d01d06996e1904522638aa43e0706bc6da1a87e4e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
a66eec6a4a3a653eb4b201ceb1472e8b

SHA1
67ffa45a65074f1ee585ea648e1dcbda1c803cd3

SHA256
7be53aaaba706642ebb15c93810643f00fab8f372f81e06d7876d16987bb11c3

SHA512
627e5912ad399a50b2fd40ea15ce7544b63c242ab68070ac581867ebe9e45b61bda6e2479f73af90836443663588733cd4ccab29d3cd2865a1602950d1669edc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
cc844d1589da3745cd75ba66fca98299

SHA1
3e8815bd35b472c52775d52eb8ed25b43a699858

SHA256
beb813252e03de256d54f03778618099cafc6fb376fb97374a35af5bd1ba246c

SHA512
de42f67cf6836b53b19b04826a54528d2d4651d13bb55ff6660a2ab03bc34c95049bf260247a5905f7ab6c832c52fdae21a0b23899b47268722d32de0dacb041

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe57d040.TMP

Filesize
48B

MD5
c8d99b84a4cea1a35d40a967502a8df4

SHA1
9c345637b42acac3fdaf6e9f36f4d706375fda81

SHA256
8c006c599c3e934f23a5d39e1f9696d12c78a86b36aa34b3e6d5f830d6edacce

SHA512
e8ee2bfe05212171eb2f30c71d032cbf888e72951081b97dff9c92709bec395407e11de653c32c85c1ad39c49bd24118599d1eead3415fa5432a8fbf707a27ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
caa5c4b8dd688924ace7856480e9e10e

SHA1
5a38871cd66b6af84536fba8fcc9828cc7e82269

SHA256
d56c93315dde89eeb2a5e5d7252b834810e91ef3fe492d5e344300cc6a2fa2d2

SHA512
704c569acfd0140498a86c79785a8ed0eac2271875b9e8ee41036026139ee5a6c90af9d8a69ce757a70dae5745ddc8a9c698eb53361de0bafd79c6a4734157d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\computed_hashes.json

Filesize
3KB

MD5
02c8ed2627b526edc7d74eda75b9a924

SHA1
2984ed94ccacb55d86da2e38dbc3b6b7b3ae9a25

SHA256
c4d3d374611fdb6e970a2019cde28482f8b92230941cbca6ebf7699815c152a6

SHA512
16197b17c6e244c11d1804abc5a739eca5ec05858c9784f919acd634d72b8da2d4ba12b2e68f04145c5fb6d39bdfc187b9a5bc49c60a11435163445a04ba3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\verified_contents.json

Filesize
18KB

MD5
2f0dde11ea5a53f11a1d604363dca243

SHA1
8eef7eb2f4aa207c06bcdd315342160ebacf64e8

SHA256
5a2940c7c5adba1de5e245dbff296d8abc78b078db04988815570ce53e553b1d

SHA512
f20305a42c93bcde345ba623fef8777815c8289fe49b3ec5e0f6cf97ee0d5b824687674d05827d6c846ee899da0d742407670db22ff0d70ebee5a481ab4a0ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
752b57e59bfe370595ba961f7c05d738

SHA1
51b212c1be9c1ca16fb628bab1af2545058d91a9

SHA256
74799392d1f51802c36ade4f0af0d41d18d3fc0311a94cb9066939626f66dc08

SHA512
8682af627935d9e2172bb4f0fca6fec6a795f6edd53cabbd9b362ef99bb910b6685566ecdb494cbfd57143039d20b1d1984fdb00d87291fa7df65d7b20dc049b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
a96cee05c87fc2c2451bbc83cb790b27

SHA1
e6d23447e731c2aba927cab1d46a45b8ccb6fe76

SHA256
4fd37f441fd0a99caea83b5369326250adacf8d28dfb06c754e37ff6889c50aa

SHA512
3549860faab476dbf559881e0a21541086f0c1b94aeb5ffdd150a94f63b09e032464616d9d6aba93d14b4ab05889e7d0a66090bdd7578c5dbcfeae4416fa112a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
3f41300c0395fa6d4b08b05d3848554d

SHA1
49d23eaab72605af14edad7e73c38aa172a4a6d2

SHA256
8d00d11d85b214f128f4d560eaeb869b9ceaecc9722463adafdbd2d2cb301242

SHA512
03a25cc5fc1b0dcd8323241a667dda80576d0ae596a02b5ae3b7baa0bf1daea569aeb777ccec48bce884896cf7990684a4aa2cf9905ac5cc1d9f7832154b41ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
bf7b805f53e4ec4711e699a543f1620d

SHA1
4fee4a43392f04bcb5d76d370e4c5337e8cea066

SHA256
f44059fe7ca9491b0cb71e7d071b68d0970104adb6edf2accd4b42596c02fe88

SHA512
f6f530ff5f30d7667ab0b8190d9ab76855b6e50658ce964b3ba99c09cf6f242346e2bfff47ecdd4f4ebb1569e6d6dc9f5b6d04f7b4a399892bb035ec2acc5179

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
fcd2655229e08ade15b739ae68c3fd60

SHA1
6537d9f737f314b45b6e09f4b9c25213980b8cf2

SHA256
5d90888411ba94e75f1b001731cdf6dcfca6cfb6e0a115e184e424def1b4695c

SHA512
0be7ae7053c41d2f645d47bbe325a0b8ba3decaf699cb70ddcc7345e09b0aa78989ab0c59f278adf3b9c4f1b4021768aea4ef70b1d60b27b35b701e6f005e4af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
371B

MD5
3370d1de4f5a120483a0d54dd3199202

SHA1
1984af2ddd0d887b6c3ba3c7569051c0dd3cca11

SHA256
ef21394b0f673d446afa0419eb2ae9ca6a419e2c845d2ae990a391ac1319f7b0

SHA512
239fc6fbfb47d2a738d4d2c3697e14529ffc09e92a6fff135a1740648fbc31d0f5e55313f94e8e9e2a89c6409e4e60a62248afc344d8a8c68a08be7ba48647c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
e699b0c4fb5c19df5819a3acfec3df6b

SHA1
1199334416e1c80ab690d23791199fcdb8538d50

SHA256
6e3673f3ff6d4235256189fed743d9f2857a7629f2a61a8ed05e78a39a4bf1bd

SHA512
d13ebf68224383c668d5e7b45c67ccf2d74ac1c56c6e56cf25f499c2129434973287d5c6f0a3ec85bdbcede99be609564420cc29ba1e2112222587297494fe33

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
d5c243eedf92568a81af7e8f46c7f5a7

SHA1
69cef8c2027729211e5557b2003fe96bf1c7feb6

SHA256
b95779f42793d25bd685c6bbabee625d9aba479411fc4fabb555fc5c2250c505

SHA512
81427cbd861e405f568a8d0912c3ee74885eed2dc37e7528ed31a4a679c2835cac4250809e1069ba503749b5a3b40614635498ac76a6788abaeb60ce4d4247b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
d6b450ef409416f963e0c45c1ef50afd

SHA1
3603f37f29c2bc72971d60584fbae5cad1f9e298

SHA256
309bbf5e40092db376f5b70cca3ac0684609084f3d395bbbf054c86dfe9574e9

SHA512
1a11e5c7d0c97bb938034fd15c6d8aa99d5fddc252393500aed6e523643b431f6fa006a9192f234842f2d4f84694a0e595e6b3519e3ef05ce8d401e24b9740f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
b94ae3110f06fefc3ea4417a927f3c08

SHA1
3a1f3076099a430d43ae9c99cc292a0a37f04755

SHA256
b5e01cc36a494fdc13caf922ca52ec61b6df946f8cc472e95851aa3b360a8af2

SHA512
ad88340f5ac6a6228a11b47c84d62c4bf5b57adc3b3acbf257f073348fdf85e6c60f5f58abf94e845f159500f79db9f8c5b56f4dad1e6c3d9db2f12250bd9b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
c9daf427e7f6291a4974f449e28713da

SHA1
aecea08f3e8a27b569be338102483cbc277de553

SHA256
9cff00a0befbdb09da8601b56f2c228be7e68321aaa25d4ce5245cba5bb90afa

SHA512
15ed567ee443da48783b07806601fb6737d9d13166572685800ca96845b6f0f1eb9150b9590b53cb648f0b8789135a7d9f627fb8664f5e14f89b1038367f073b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
7fe0bfb21329bfb4a25ac698f8592560

SHA1
e6727bdcfc853add845a69ed6728b3b90c479610

SHA256
eded69c8b690531080ce9f8a86441b469fc867eca723caf7f981d439660d1494

SHA512
571938104ac990881bb7d6dc09185c5c267108744a331342e5d56341d7a1260fe58d117005b33304f7638726eaff42782319baef5d00f25ada9a8e9d4e7885dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
305B

MD5
2e12b2361cc2832cf5296e0ab3be0dae

SHA1
53fff8c1c2a8c2d6e7d3cc62c5021e11b4dabed1

SHA256
467699044bf74f9a57fce50bfebc37295709c4eb5da4124c6ec28a86cc489764

SHA512
9ac0d402f287e3df0ca474e63f80ebb444d472cbce0e814dc36e30b62ebe7c7f01480e25e74718cd675c2126b37b3645732aea2266a85d2d62a69eebd9b6e1d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
b61ec9fb6dba2754aac5e8e2e01c948d

SHA1
dbc77eb37f6335161afb7ff48e376ad4ded09764

SHA256
6b0d2f83395d25fdc8eb8e9487fb7e640a981757034aa1a2753035db2fc3e3c1

SHA512
fedff7a6fa6802886d89b93584d452dc594f4c170f7902f7c1fa8be9114cec4e7d42d38808acb9dd6f9c52ee0132383c1f3501d71f33bc7f4cf5b1e46d8f7ec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
54bcf80cfe1ffc068e9b246e16c692a3

SHA1
e8019098762b9d745b014f3b3d18dc9fb64e5252

SHA256
6998c25cbe55f6eec6b890fbd6aa48c28f4fc0192061c8ca107968b227312be5

SHA512
0df9a3477f7e53e0efdcafad0a81878d5d8434bcaf261ca48f0bd6b37432b67f5360dedb828964b6d5c52391198b5a8f8b1c7e004f1d7f76f550936b4968da79

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
999ee5cf4c6e9af78555fb33ca802884

SHA1
4d38b3ff24f145a6e3ce83253ce75899d9587d28

SHA256
3bdd0e256e5791ec2861b6f73bd195ea49baf32348b3eed94a1e009ff1d95431

SHA512
eaca633c00e694ad736af225d29a7905ecb3451ad2489d01975d756696d219a10284c6047c04e7027086d1b6c518cbd3642e82cf1f7d4dafe9d3a1d004d4ce2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
281B

MD5
88dfc39b84c3ddcc811d7abfdd70b77b

SHA1
77e2e38931a4f9cef1eb58b77361ee1e6244b5e6

SHA256
7f5808607c7920f6dc99f4656f6cc75a6ec6c36b47963c8d48f199909163f4d5

SHA512
5ccb5e2ed680cee123e14b2c285f0769d1ff8279b74f3e4c688d65c690488cc466fc6d208e7cc8453f4ad9cbfb3aa6723eadf5ba4614003a476430a6afd06a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Top Sites

Filesize
20KB

MD5
f827a28f6100a85bd8217d338ccca5a4

SHA1
2a180393edd7109c3ab03db4e6edf07ddd9672eb

SHA256
82ee998a4908774d5f55d1d65c897abb5c36458bafada8dc945a09c6b9f21429

SHA512
77fc5289c9d5f954e789f2c0b908a39e8e988201b0ff89efc1002d2d5d7808a8e60e9332be4b9838490d48e4a4385d8cd9b3b18c8716ceb9d6f2117cb2e53d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault

Filesize
33B

MD5
2effe1ae4ec00164f232f37572795abd

SHA1
7dc24920cde8c315115abe2bdbbe2c2664cbab43

SHA256
93873d0d6a4848833f812b039c8065832cad11ea6407380a21103e21372e3279

SHA512
0e8308def535ef08c4dc0a030020e682d844e08717cbf2f741239f257162ff7312bf81fa2d194115f88743fd55f1bb57ee1035f3119af20be00562f404f9a2ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
437ab9b4880126103c65abbc68ebf1d3

SHA1
f0b1f3b31ea4cdbe38b07f19f9332e16794a4245

SHA256
c8cb1b3c661783a4b85bdd78b4bbbaa5c1dc3c2acd8ae5bbde2ab4f8ab124871

SHA512
d7edcf7f4cfef2c062aa270ce4311fed9c31dcc4100c03aafcc232361680df2932eabda67b08705e421e6055ca10ba0b8604fbcf83b10602640bad90e93803c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
92KB

MD5
091fe463f4d2132df7ba44bd7b4424be

SHA1
81d928e918f119310a81112f50fd5bfc7417b8c3

SHA256
5b4c8bfad032c297cc9d43e741cd92ae79747408b7fa120b8efec4ed1a5c8938

SHA512
ca9d0e1eeae874ea1aaa1868241e98235ee00c165e3edb4f0ec4d858558f1408ff095e06a9e9a604ad23dc6bcc8716bcc0b8c4a0ecabfa9d852fa9d5755a9183

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\c2e88c8d-80f3-48fa-a8ca-753d3579046e.tmp

Filesize
18KB

MD5
78f02d56c5910d31065a4af4e7026d5e

SHA1
8e4dd06d049bc8e36412f411384b8998dfa78842

SHA256
f414c49bc22ef2b21508544d277957b1889adee01e66d8f42afd150392678d01

SHA512
125d0b180a7fe35784e542a06b99d40f98861dfe0e9ec71ba78ccebb6775b91dc44f589aaa7bffe48cc1d61962a5643efc83332ea4155601b3dfefd555f4b0df

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
128KB

MD5
353c0a9988612f85478128182c517568

SHA1
7ff6d097c3708fc083e9b5f443a250b44b612031

SHA256
e6da7ccc9ec4402461fb91ee177338e2de11faf7a9bf2188b550279ec5d62cb1

SHA512
30fbf4a727f5637c83e279cc530196f35e8a35f97a1918b154220a790360f15b63baa873de1ed53f5b6d0619df0771397ccb2e2da64636e674bc8f6bfa2c9550

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
257KB

MD5
655af5de19faef579a0c65c41f036190

SHA1
5ba7def4396dfac5ccb3b34eb64f2c1d35a3ad0f

SHA256
283593bd548cd1e5354a17bab4a866b658eacb351df2508ed98cf7d0bab28965

SHA512
792517d391acb39652e925c27ef8bf2d0f6d81e7f4567218cfd8348d4b25d7659c2c7b5fa3d8b809a6f242387d01b60df0e3bcc7172a5e25a671ad3d23db2605

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
9d5599303b65f768ed8e4dc980b6d6ea

SHA1
56f982e3b6585afbc9dd8937456c04924a66405e

SHA256
032efe5280ed63b6a7519549967c9747be9abdc480b3e91d596460b747d55b25

SHA512
c61adc31028245aea50351d33bd6d7b6f9af237e197ddbd5f30846b9645ec59f839da0ee84e31d40464551e6cb82fa36496cf8fc1db561e33f93023512b8f776

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
\??\pipe\crashpad_3780_XXGWVNDFSAREIWFC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit