socelars | c8d28298cf83e95158d8eb811ca0251af61a866d3eb55447ce092dc7c79c0952

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Size

1.4MB
MD5

ed8353cf1e80cb6afd65dedd1f83071a
SHA1

dc6f6c65768d314a7ae739aa062289567dea8534
SHA256

c8d28298cf83e95158d8eb811ca0251af61a866d3eb55447ce092dc7c79c0952
SHA512

143cafa76617f53fe09b019b8f6a505ad8376e77cd9e256fb1029740328b0e2abc4b8d91ce7da5046cecfcb1ffa1e16f76f0d4313ae9acca056e4cbc06cc3f40
SSDEEP

24576:PIVFA1pqtg/TnMbX0lwyh0FVmEByA1EwFYyOsFTceoCSPZVjQMYfsowP:eFA1pvTMbOwa0TmUyMYEh1oCSPnQMYEB

Score

10^/10

socelars spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
37	iplogger.org
33	iplogger.org

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4792	taskkill.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeTcbPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeSecurityPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeSystemtimePrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeBackupPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeRestorePrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeShutdownPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeDebugPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeAuditPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeUndockPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeImpersonatePrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: 31	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: 32	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: 33	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: 34	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: 35	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
Token: SeDebugPrivilege	4792	taskkill.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 4312	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe	98
PID 1980 wrote to memory of 4312	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe	98
PID 1980 wrote to memory of 4312	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe	98
PID 4312 wrote to memory of 4792	4312	cmd.exe	100
PID 4312 wrote to memory of 4792	4312	cmd.exe	100
PID 4312 wrote to memory of 4792	4312	cmd.exe	100
PID 1980 wrote to memory of 4152	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe	111
PID 1980 wrote to memory of 4152	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe	111
PID 1980 wrote to memory of 4152	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe	111
PID 1980 wrote to memory of 4532	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe	115
PID 1980 wrote to memory of 4532	1980	ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe	115
PID 4532 wrote to memory of 3636	4532	chrome.exe	116
PID 4532 wrote to memory of 3636	4532	chrome.exe	116
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 1452	4532	chrome.exe	117
PID 4532 wrote to memory of 2680	4532	chrome.exe	118
PID 4532 wrote to memory of 2680	4532	chrome.exe	118
PID 4532 wrote to memory of 2312	4532	chrome.exe	119
PID 4532 wrote to memory of 2312	4532	chrome.exe	119
PID 4532 wrote to memory of 2312	4532	chrome.exe	119
PID 4532 wrote to memory of 2312	4532	chrome.exe	119
PID 4532 wrote to memory of 2312	4532	chrome.exe	119
PID 4532 wrote to memory of 2312	4532	chrome.exe	119
PID 4532 wrote to memory of 2312	4532	chrome.exe	119
PID 4532 wrote to memory of 2312	4532	chrome.exe	119
PID 4532 wrote to memory of 2312	4532	chrome.exe	119
PID 4532 wrote to memory of 2312	4532	chrome.exe	119
PID 4532 wrote to memory of 2312	4532	chrome.exe	119

C:\Users\Admin\AppData\Local\Temp\ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ed8353cf1e80cb6afd65dedd1f83071a_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4312
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4792
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - Enumerates system info in registry
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fffdb769758,0x7fffdb769768,0x7fffdb769778
    3⤵
    PID:3636
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1892,i,2885360247567971957,18014356680929097106,131072 /prefetch:2
    3⤵
    PID:1452
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2148 --field-trial-handle=1892,i,2885360247567971957,18014356680929097106,131072 /prefetch:8
    3⤵
    PID:2680
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2232 --field-trial-handle=1892,i,2885360247567971957,18014356680929097106,131072 /prefetch:8
    3⤵
    PID:2312
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1892,i,2885360247567971957,18014356680929097106,131072 /prefetch:1
    3⤵
    PID:5256
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1892,i,2885360247567971957,18014356680929097106,131072 /prefetch:1
    3⤵
    PID:5268
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3508 --field-trial-handle=1892,i,2885360247567971957,18014356680929097106,131072 /prefetch:1
    3⤵
    PID:5368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3520 --field-trial-handle=1892,i,2885360247567971957,18014356680929097106,131072 /prefetch:1
    3⤵
    PID:5376
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4084 --field-trial-handle=1892,i,2885360247567971957,18014356680929097106,131072 /prefetch:1
    3⤵
    PID:5884
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5528 --field-trial-handle=1892,i,2885360247567971957,18014356680929097106,131072 /prefetch:8
    3⤵
    PID:5512
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=5540 --field-trial-handle=1892,i,2885360247567971957,18014356680929097106,131072 /prefetch:8
    3⤵
    PID:5464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4308 --field-trial-handle=1892,i,2885360247567971957,18014356680929097106,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2172

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4216 --field-trial-handle=2000,i,9877262470271371196,11878025205711850266,262144 --variations-seed-version /prefetch:8
1⤵
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js

Filesize
15KB

MD5
eb711c50e9bcb5b3d012dfe51905241d

SHA1
a306075297760107c327a436649e70f697585922

SHA256
2f2bbad827976b7a7a83cc5b3eafe633d9c0108c0dc1b2ce14517a4271ada434

SHA512
2464807e8a1731ceddd49765c421932443ebffbe28e532e776a88f4df81a431ae511c8e23ecf320584af739fa1cb2fe3bf70a7dacdb44e41b845861e5830061a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js

Filesize
14KB

MD5
dd274022b4205b0da19d427b9ac176bf

SHA1
91ee7c40b55a1525438c2b1abe166d3cb862e5cb

SHA256
41e129bb90c2ac61da7dac92a908559448c6448ba698a450b6e7add9493739c6

SHA512
8ee074da689a7d90eca3c8242f7d16b0390b8c9b133d7bbdef77f8bf7f9a912e2d60b4a16f1c934f1bd38b380d6536c23b3a2f9939e31a8ef9f9c539573387b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json

Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
1fce2ccbdd943ccb6483c4300f5169d6

SHA1
93acac8973da8174101a16327483db8f82ac645c

SHA256
ac590ffc3c5cbd95693bdec7d0b7ca612975258b2bb670c750b10a52b7db8e93

SHA512
33f3f81a7c2714df85b111f530d7b086901f5c3da95867991774e7512fbc88af51a59da77935c7614ce4d4e93bf39e18d8a77283c2523ed30775d7b53c865c4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
d998db6bb78f1336ff0e927205cd5dcd

SHA1
4d4a205d698b61b661514654b3917375f8ab644a

SHA256
32bce0ec12f35821550b935f0f9d841c1dcb83e9316c804190d0aa26881e9d9f

SHA512
c8e05fd8ab522baeab3742ceec64eea154ebb72f9408c82babec3d01ecad67886626c13a126b9290074d4149eef1be56853e9aea72c455147fe3f7039bbfe21f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
4a0b907083f8afcc81fd894fb6c45d01

SHA1
7161d696223d3373ccce860cf81249d7f738a02f

SHA256
87b0af1a5d48c9852603c2cd73097e27beb903aca92354231262ceba0e276e4c

SHA512
9a917882b29ac03f6af556b1c4cfb99b5e8260a4bf9a179b91cb1a1ddf47c1cd5543b8d7f008d955320e567dd4fc0236e187717d4bda748289700b3fe920aca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
32KB

MD5
69e3a8ecda716584cbd765e6a3ab429e

SHA1
f0897f3fa98f6e4863b84f007092ab843a645803

SHA256
e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487

SHA512
bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
4cc769b1e4e9afc390784c96e384dfcc

SHA1
415ff077fb41529088fe5696314916a7c30771c5

SHA256
b9336ad6ee5fb6953a455a6575d9325e1e1b1e8a5fe00f9932d92d7a10d79d75

SHA512
f0bfddcb3d58f93be26dbaa207c87f939edcb9ad1e3271e4ce80a8cd393e86f8bdd35fe922aea362575424e04fc736f5ea130d58d952a8199e6c6ed5dbe652f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
23687cce5b40d7e45998210c91e12ec6

SHA1
9568714b82fe53e9996143997e8a13e27c179f15

SHA256
b307d45d9943aba512ce047429e591ba30760409179674c62d7508a0fb06ab4a

SHA512
069312170aee4984e14e4d07e221133fcc0ab3e332eb677dcb93a80b1d1fabd4c2214e254b8da0183e4d56f16748e794b900dc77808c2e37d14ee97cc7a21fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
6c8934e9a4dbfef848113bf9162eeeb1

SHA1
3ccfeb6aa27e73fd4a46bfaff18f3e354e4797a9

SHA256
be1c93d32b010b1a18046209ec19b294112351ba7c609326cb7ba00881de3cfe

SHA512
aa5c908f7c5c6433945d2d9793d697a34cbcab59e405146af717d0267363cc79338978196a8d12bfe32c64402189d94ca97a3be1715abe6d0e114f016c47b7fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000006

Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000007

Filesize
49KB

MD5
55abcc758ea44e30cc6bf29a8e961169

SHA1
3b3717aeebb58d07f553c1813635eadb11fda264

SHA256
dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6

SHA512
12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008

Filesize
17KB

MD5
0a9df637571a6e1585310a36acf1ac68

SHA1
036fb07b0215a3c64baf5754cabe981d6a6d060d

SHA256
7ae8f30de033ace05e9d849eff4a1c236c894ba6389a7ddd8278a30abedea287

SHA512
d13d80fb0c9a88927d7be23f286361401b4aa72200f4967242f2fabdf01edf6bc598e9cde83ec762afca8c109638e2dd091320050b97599cb43d8bdee12240c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000b

Filesize
37KB

MD5
01ef159c14690afd71c42942a75d5b2d

SHA1
a38b58196f3e8c111065deb17420a06b8ff8e70f

SHA256
118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b

SHA512
12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
9058912f4fa8367e30c8011c580f85f6

SHA1
fb568ee17dfa6306e1dae23b5b9732a538de3dfa

SHA256
7f2113d21381d7ecbabd782a047e21e493a0b5024ff4814ba6d5d13abcc45150

SHA512
6cd71912433cb9c64b17c9e9b7a901d58c473ce925ad117fafbfa8f504f80d62d5f2b6447fdb683a55a11b73b4431bfe74a4a401896e82d8c1384a04cbe220fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
a7412919553311ca931172b7fc97d43b

SHA1
8f9fd27d21019f0e1fd892e1372bf1182c0c9412

SHA256
ad8bff371193d09da59cae8ed1d43efe4e6377ee911811746b531cde837b2be6

SHA512
bf92556d7d4f282bc573f7512f5d94eea0bcb7ad4e158e4d285a8e8305026b9722a26739ce059ee9a847cd469fb50fe69e4967b453181504ddac0670c37c74a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe581940.TMP

Filesize
48B

MD5
b2b2914af2e98b169449ae9485c71419

SHA1
bff2020a7bf9647776195924d620642795e25e2f

SHA256
be21b9dc1a2b7f22a51ab68258a63dd672f0f0e1fcdbed88bee17dc381f8f645

SHA512
d204f80c74f83a78706aee78fad282cbc3c5f15fb223aa1b490fff7dcd2d58f8b101f99b5b54e9bed8a5ec86a3a659b49d2c2a9c6379c3b1e0377b4d3d0fec85

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
b91d4700cef80c219f3cef1e59c3c652

SHA1
3e09dcab10663e561b0db43c63d203b8ba42a796

SHA256
d66cbb2ae9f80ca0efe745f79ca279368b018bb2f80652d26e88958d2df88431

SHA512
7c65612e3096850d892399da2987adede2b5ea0c483da789312fd77efdb456fcf72920e37501e6fa168084b373b71ae29a559d7d08919343c24d086ca8efa9a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\computed_hashes.json

Filesize
3KB

MD5
02c8ed2627b526edc7d74eda75b9a924

SHA1
2984ed94ccacb55d86da2e38dbc3b6b7b3ae9a25

SHA256
c4d3d374611fdb6e970a2019cde28482f8b92230941cbca6ebf7699815c152a6

SHA512
16197b17c6e244c11d1804abc5a739eca5ec05858c9784f919acd634d72b8da2d4ba12b2e68f04145c5fb6d39bdfc187b9a5bc49c60a11435163445a04ba3103

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_metadata\verified_contents.json

Filesize
18KB

MD5
2f0dde11ea5a53f11a1d604363dca243

SHA1
8eef7eb2f4aa207c06bcdd315342160ebacf64e8

SHA256
5a2940c7c5adba1de5e245dbff296d8abc78b078db04988815570ce53e553b1d

SHA512
f20305a42c93bcde345ba623fef8777815c8289fe49b3ec5e0f6cf97ee0d5b824687674d05827d6c846ee899da0d742407670db22ff0d70ebee5a481ab4a0ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
3eea0768ded221c9a6a17752a09c969b

SHA1
d17d8086ed76ec503f06ddd0ac03d915aec5cdc7

SHA256
6923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512

SHA512
fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
edaa607970700e43058bcf0266c4ca8a

SHA1
b6bb3b6b57c4268e5894e604397f730df1ad18cd

SHA256
ec03adb6394f071ca5798606f1bb25f2b9113e2ef3caf6d75f00e3e30a7b6206

SHA512
bb0c4e3b6bd77816d58372ae16691ae702698d3c0dff139d5f9a1ae957d88cb8a5ad7ebeb37324a56157df71935e9d09ee8a7aa6bd5de44de99dfdb929e81212

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\50a8a61b-d2e9-40d6-b449-0fc15788dcf3.tmp

Filesize
1KB

MD5
2f731320796771fa0ceffd543c6de71d

SHA1
296d521b131298411d0e511c79e621bad57c6908

SHA256
eb879e131917467035e6216f6c582a4ccaa9828d23b932c1e8b5f13d799e8806

SHA512
ac28084e66eb01b0acf45f48a883a8bb5168d768225e1995c5f2053bef605af318bf49d7df415e88fd71980f0a3dcc29d1eb4f086143826bddac94755c1a63f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
451aa5d95ed4618422244bc533cfd40c

SHA1
7c22a76b6c559c3050cc998d342281269b1574cc

SHA256
71d1f8d139fd0c438bfd2542e1e8bef7e6b443cf28667cea1047ca73dae4dd5b

SHA512
1f1322edfc5fa79ae87dae446541fd510c678cca2a8f8f3de8a4b5c9038bb3e994aef0668738226362566f7e1be1f8266f8639b7767b4637e8b05bbf9a425cfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
1KB

MD5
48ddf9eec859e7add3efdec6e187ce49

SHA1
cce0fe6fb4d5d7734bc07af5b93aa4ea8670dfc2

SHA256
7bed6199d4a6250b9d21d5883ebd614fa1713436e3d0fdc95f461594fb159865

SHA512
3610a254925474ca9921cf6d42b9972bee7952056564674ca5be09b964bcfad2b7ac67896ab3c5489560561c25183eb59bbad68141140857b7679c806843ab2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
ead44540b406498d9f80fd38403b2627

SHA1
8a2094a455a6e36422ec8f299958e5f660f391d9

SHA256
902f28a69d36bff551a2eab45e271e9785c4c0900478d465a9baf8edb738d48d

SHA512
ae24255b7d493330b20f275b1e465d7db730324a187184b7f3e16cff5dd21fee12b7c64a17914b2b8f74e5ccb54291e706adbeb7730457a8183a11250d74854e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
5cb4fe6e23e4d2a1faf87847e8f2f3af

SHA1
86f8eb519a863c52a40f255f4cd5495cc7609bdf

SHA256
542fdea213f7f911a7ae833bbafd3f3218bc277fc77d477959ad883401d272d5

SHA512
34471bedaff82aed6c8d6c4e7783ce59a7405477d6ade6e2445aa1aad38e49a6f151cce5feb2e94a60dd297f7d99ae1afb781db43b7b935ad47c1d82a0b02e98

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
371B

MD5
3a46a5922ebde8e40b1211ec21198ba5

SHA1
fe5d57ca2a59245538b9523a2e997ec9b4d4f82f

SHA256
db4ba6bb67ece04b086f52020f17cd35aed653c68c5980ba4554341571ef7e9a

SHA512
416f27fca6942636c58b3021845122aef28619822d86edb6d63524b8d9ef2f379f00be4caa15e1520625e1928c0fc3ded3dacbe09caae24d000cb0e8e71adaee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
868B

MD5
4ac0064b71b4618a69d576fa1ca29e39

SHA1
283a1f658c177f23ca9f023c710005276fa64893

SHA256
8a7e0fc578100d4afd40122501c8773c30407d0723207239b2fe89cbc68ec4dc

SHA512
cd9e15ebf63f2f1b5a1b98e9e552f15a18e18360f3580c3ad0c177f3f51687c110556b943ab230995213250686915d226e60d377fc5f0e069beed2236b4a1698

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
868B

MD5
1880ca260d3994ab6e5b6391710d1d56

SHA1
7a6f6bec5e95d971a849705b7acc8e041e9dae84

SHA256
ca0665a7b30b49f3a9d524889612c90566ca8fb7a467cfb6203a7929955b64e8

SHA512
147327aac624ca4597ded5eb7311b335df9af3ab25748de1a0b40126bb684471d9ea5aad8f573da37c5589f8b80a417ba6c1a5afaec008c8e85b967d8d3d9ec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
870B

MD5
d4ee01a1787ab2eec0506c65ee58ee0c

SHA1
746a88b1146aa6b2ef0cd680f4633f3631145ed0

SHA256
1b39421fd0edb06a92c7c5e2156a981571475b806326529ba0dfaeb7d3402c68

SHA512
3515fd8a3c63aa19c863ddb010a4ce3ba62887f565a915a3f3c5be5d3258839a22f21cced6a62d4b941ddc78e76572ceafa19d65442218713e564305f3be8df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
85893f98c1bc21bb550ed2517a2e96f2

SHA1
828f152dc82ddddd8973e5d1bf19ee833601f87a

SHA256
2471d0fad2261e9878e3fa449fb8e54ffd87f7f7cf7f5bd15a248af089d66a2f

SHA512
0de8d0258d8e759c2b8dbb37c1ee03e25b3f0e9c3ebb9f5a9b9e802020cd8dfa1dae4806fcce79099193ad2ebb67a5888f674d64bf6040257c3cb839e4249497

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
a35f30106b8d93b06993af708ec8925a

SHA1
b2e4887b5356539dccd5898148b4463881935e4a

SHA256
8ab1a963d55aa8ac2ea8285cbe00e673081c585778d1daaac090c629d94a0e23

SHA512
ef36f8f87e7ddb26eb004fcbaa73cd33aeec65a700b68d85161e7550eedcc7b5c9b7c8859aa8bfa3e24c685ed2d2716dae386254e627f347c87b3ca0ecba1801

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
2589a3404a4533cd727dd3932a22a666

SHA1
5efaca87b738497c63f85af083d3f34abdc9379f

SHA256
d8b8b7af1bb6dbf3b1ceaab4eb1f63479ef02e8f8df543a6cde8012a82b36662

SHA512
d2dfa6abe72bebe344d5c28e462724d69120e949c67855750ddc8cc9cc9081991c62480346f7c1d6a29ee5c356bde82738852ebe5cd43b69043ef55cfab48561

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
307B

MD5
69bbc75c55b9f00d386ee1095050ad8e

SHA1
c355106b906e8ad826d9d7d93d0bc14c07e2ef31

SHA256
c3351ad91a35b9baf3261ac2cbce33b61960d082b500918bea3fba1ddea2ee83

SHA512
4af51781a2d28c22a10fde55edc31fb92a2b62f7efdd45d13a31df5811289a2a2fac7237ff4f909648352021384442d8547065efe1b43d6ab1a04c917fe8b4ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
52d3a1737e77d5fca904ae686f75c351

SHA1
8c4d1932bd413b86b62b3b23ed2e83bba87984f6

SHA256
7db79821d49c5d548333b7b4a7bf7d8f113d2a13e617d4cbc25e3e69c410eb36

SHA512
2e1467c99f3d608cabdfaa7a463900e1b60c2200b21d6d2b19eddb922ef1e8849b7030f30c2e97699fa81de7778a79e7ff56a6e6425b60101eb80ce11bd4d938

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Filesize
256KB

MD5
61e34df3a6c8ee0687e1773306c99c4d

SHA1
53244de832fa63e0cf58a54530e36049bd208eca

SHA256
637a8a6d664720ebc4124cb4181bb977256717714b5c9d9f991ef808580d27f5

SHA512
eeef77052076551fe87f68b28a49eb849eca76106e7f3b35b727de7f734f550cacf30d699f0320f6536402345a412ab22873724b206e306557dd2be95a2ce505

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
fdd74ef902fb14114abc848f056f4156

SHA1
3409173a91a55c9963e2145787e9d59d61e236e8

SHA256
fd89d7be4d7ac9fc491f22260b50d4d71969b715e2931a38b23aa8c4d6dad17e

SHA512
c693d7c75fabfd1fd6e0f1d8285dcbc60309448179ea733b226dd483172aaa156f7d748f08efee4b82874b8d1a0cab77ecf3b936f626454264e6984495fc9f6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
37ce7a8d6b4eb2994b8f5657a10d85ef

SHA1
54cca17c5e0596ecc90e553ae7e502f706d6fcc8

SHA256
b6b0a2c8a2d9488c2abe8bc1158313efc127ed4d22b326f30f296577710508b0

SHA512
3db7879cb8cff2dbf20fc5eba53fe93853cea3b9a5f4cf3f56e07006a228ea9731629897eeef1a3321e77eeb476b1c3c1775c50d31d87f919453ea639d2fe165

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
281B

MD5
e230682a87920a295269cedb3522c75d

SHA1
e02afafc024e7df622af4c049d8bfdd636d745d4

SHA256
4468886604b6e240934a8b8722111eb6be0c2764aa1a9578210b5b1cc7cbd670

SHA512
5df6095d787cf36468ee608a671e04756ff1c76fa9c48cdc4fae861674962a3ddc7f488bda04fe019a6639ddfda56e1340e98f1f23420955b10541669c0c759d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Top Sites

Filesize
20KB

MD5
f827a28f6100a85bd8217d338ccca5a4

SHA1
2a180393edd7109c3ab03db4e6edf07ddd9672eb

SHA256
82ee998a4908774d5f55d1d65c897abb5c36458bafada8dc945a09c6b9f21429

SHA512
77fc5289c9d5f954e789f2c0b908a39e8e988201b0ff89efc1002d2d5d7808a8e60e9332be4b9838490d48e4a4385d8cd9b3b18c8716ceb9d6f2117cb2e53d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Trusted Vault

Filesize
33B

MD5
574469989f61fe98805a3303bd8ae110

SHA1
03680211c9cb577b00ecdba7f8106ff748c601af

SHA256
f509d07754be7e05fd94e6c05565ac4c325ebf130bc8ab72df5207895e38c6e5

SHA512
75d9e90a92c3a44e7d80d003f0fa0f89d6af45391d1c15911fe3ec969cdcdd58d0eb434919152fc7992ef9340aeaa0e381de074444b231b3b07a5011f6dfbce5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
6acca8a055d983d1c9a881f0b6d9d041

SHA1
42c23133e9391012bef103d4683dcb9c46213f44

SHA256
0083b0f84fbb494eb93f99af2c244e368a762511d669b2b2099621a7e377146e

SHA512
11833c4b73ef07d906605419b0c1ef7af6bc1143b4f32605183962f789f89ce3da0999e9400598f4d91a57af0f9a344f8ebd6bf13f975509cbf79dcd4a3364c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
92KB

MD5
32e8980ec2bf314de3f9626d8a1e2e5c

SHA1
b1cc6c8e1cbe65810b3906c6426f15c0e02d1b56

SHA256
fcdfe4b919023c5f37a23742ba5221482458d2817b81636e9bbd9e2a2363b9f5

SHA512
e9b867c0e352b667e710d0dd49b42983dfe96423a90fa26ca46aea42df1e698d9e5d59866fa20a1553b81536b988078e37b25817ddf6cb593482abcb76bd28e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\a61b7889-7171-48ff-9c6e-0df26e3257bb.tmp

Filesize
18KB

MD5
7e54d226d78fb27bbcfe73aef7727875

SHA1
f5a2403e7b0a4c7c3cbc560da8429253110ee349

SHA256
090139b4d2785e5d3a9bed58adfa3c6443faa0669dbdd96c143504fb73e47172

SHA512
063091932760d39d504b5f4fff581ae704fb8c9c50809d924c5dcc084e834b3afa10967f06bc8612fd1c3b52f8f0f3161292acf67ff52a8fc2bfdc119a817dd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
136KB

MD5
9d4b56398d7ff87804fa5e898577a17d

SHA1
16f90ce18996c9bde6417d2c01b453874133a0ef

SHA256
777882999a3086ea2376777d8f7cba58b8c2cca2cce4396fb3026df8ae377089

SHA512
7ce05d1b45d18786c3421e575d28c39489cd25f64b6ceec9bd067fde871c80c2f4ecf5b12f0fcae814a778c2291eab4aec09fe5d1556f58003b3a9cdf43ba2f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
136KB

MD5
a4b3aa5b9163a53ced71f10776c0e450

SHA1
9342d21ca4ae7887574180072b02f3af98a6f538

SHA256
5b9d6d12e1da3b56db22fc859d14ce2492b81002797f3a6381f47ffd1a740796

SHA512
dc8ebef17c31d799b72fa8909a8d171d7f6de062c6ad0b7a3a46a89f906f80750756bfdf6811a5311d006eca880fa1f999fd733bc27ef40a3d393390a2ed2547

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
270KB

MD5
65eecc8e37949c2c09e45ddcea16d6ec

SHA1
c3005df420e6b2b3afb5ed78c364851ac3211509

SHA256
f52b84461a25d3d37568187bc83f45c24c84a807fea4ae3a42fb871a34906bd9

SHA512
4b69fe14cff95c6de0ecb963ec4b6580a755c7d9289dd97b16c9cf51d4461b19fa9efbadfe2b7760d4af6a7325b02ae22ab7749b86ed2caaaf7df1d695e6d8dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
269KB

MD5
31d58a90a0edc1ba40da7d31128b8006

SHA1
8d5a873382b26f049194234af886f3818a6833f0

SHA256
e9e2dabbfeaca8665312207e04e1613d33f9e7eebcdb8f0688457d8cd8329b88

SHA512
a8b56aa85da68be925ace31e5b5824b383de8e58f508394417931766020141f2df1b4bff354b8f5d72ed67e17681919e7dbd513b794b5964f8cd04cff40c8d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
d5736c8f9e80ff64cec04af162a8f5cc

SHA1
939d3ec02379e7312e07afc6c98eeaff8a332abb

SHA256
ac168b38030a289032e5bf8c9bda5097f174612126e1117a0abfe5d4ab8e4f73

SHA512
cc1910ddfde6fd858bb73b5e3ca9b7297badc4961aeb5072339c254e4593d1e12db491d1640d664d42f1ea53859dd868318568619b74ebb312793120cc443114

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit