socelars | 544f8a240a9cac65fa34c3e715473e8cf97fdc7cbeb715b9e076cd39c7714ee1

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Size

1.4MB
MD5

3f2844264eb1c6e140117202188f6f46
SHA1

9efe0b59052e51813a9c516d2be3abe76c0c29f8
SHA256

544f8a240a9cac65fa34c3e715473e8cf97fdc7cbeb715b9e076cd39c7714ee1
SHA512

79fe53a5115e36f0fa4fa8cefcc488aeb948dc5c35455654d0ee9111da2caa3f56af12a671930128d7895a252af324d166407fda17e6a76ae94f6123981b1999
SSDEEP

24576:lIA7opO13nWEjukQuzHVZ64lEq25RHxrFCKezViURT1jS7VQ+4B4SCf6:h7op+Weu+zHj64ENRhCHJh1jS7y+4BdT

Score

10^/10

socelars discovery spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

Processes:

3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

Processes:

flow	ioc
21	iplogger.org
20	iplogger.org

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

cmd.exetaskkill.exexcopy.exe3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

xcopy.exechrome.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

Processes:

taskkill.exe

pid	Process
2132	taskkill.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
3216	chrome.exe
3216	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid	Process
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exetaskkill.exechrome.exe

description	pid	Process
Token: SeCreateTokenPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeTcbPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeSecurityPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeSystemtimePrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeBackupPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeRestorePrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeShutdownPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeDebugPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeAuditPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeUndockPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeManageVolumePrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeImpersonatePrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: 31	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: 32	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: 33	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: 34	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: 35	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
Token: SeDebugPrivilege	2132	taskkill.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid	Process
3216	chrome.exe
3216	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3f2844264eb1c6e140117202188f6f46_JaffaCakes118.execmd.exechrome.exe

description	pid	Process	procid_target
PID 4352 wrote to memory of 348	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe	86
PID 4352 wrote to memory of 348	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe	86
PID 4352 wrote to memory of 348	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe	86
PID 348 wrote to memory of 2132	348	cmd.exe	88
PID 348 wrote to memory of 2132	348	cmd.exe	88
PID 348 wrote to memory of 2132	348	cmd.exe	88
PID 4352 wrote to memory of 3752	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe	90
PID 4352 wrote to memory of 3752	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe	90
PID 4352 wrote to memory of 3752	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe	90
PID 4352 wrote to memory of 3216	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe	92
PID 4352 wrote to memory of 3216	4352	3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe	92
PID 3216 wrote to memory of 3616	3216	chrome.exe	93
PID 3216 wrote to memory of 3616	3216	chrome.exe	93
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 2132	3216	chrome.exe	94
PID 3216 wrote to memory of 1920	3216	chrome.exe	95
PID 3216 wrote to memory of 1920	3216	chrome.exe	95
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96
PID 3216 wrote to memory of 872	3216	chrome.exe	96

C:\Users\Admin\AppData\Local\Temp\3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3f2844264eb1c6e140117202188f6f46_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:348
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2132
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3216
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8dee0cc40,0x7ff8dee0cc4c,0x7ff8dee0cc58
    3⤵
    PID:3616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,13900478054450351998,8543188671536823545,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
    3⤵
    PID:2132
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=2144,i,13900478054450351998,8543188671536823545,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:3
    3⤵
    PID:1920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=2252,i,13900478054450351998,8543188671536823545,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2432 /prefetch:8
    3⤵
    PID:872
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,13900478054450351998,8543188671536823545,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
    3⤵
    PID:1140
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,13900478054450351998,8543188671536823545,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
    3⤵
    PID:2940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3544,i,13900478054450351998,8543188671536823545,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3568 /prefetch:1
    3⤵
    PID:2184
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3576,i,13900478054450351998,8543188671536823545,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3592 /prefetch:1
    3⤵
    PID:4084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4660,i,13900478054450351998,8543188671536823545,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3948 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2368

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
15KB

MD5
1808b0a179aa5595230fefcd7358e7bf

SHA1
6ab6ccd968f1877ebdaec487ea9e84800079f4b8

SHA256
1c50d2bef911eb00f8aaf0253358174d6717b6cace98dfe3fa0ed256a8ac73bc

SHA512
76be99254372e9b0c8ab29fd72fd2128396e23d465329c04cdac25a78e5d6cef79c582f336cfdb7357f52c6d4970f284069256e94e67540a945cea69dd17496c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
26KB

MD5
029c53effaed86331055c63d264c3316

SHA1
859bb39d27b462a73fc9131f694b69c8c118b3cf

SHA256
3c1453cb6fe4c7ae8945d96db6c19e3eb58702df65ee0244f8f2444b20e93068

SHA512
68d115d79428c906ca377091f30c207de92ee9450e22e94a35fd7753547cb582ae36434595f1c0e444bb19d5c6dcc214fe58a9987f690486800c8ad91c9642d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
e4c4c2b7bebcfab1cd22a917ab674219

SHA1
01e0f10ad486a00a0fd3d31a77258218f4831c8d

SHA256
5ad151c65a54cad04d9d73a2e287e14b990c1b168adefd5f5c204deb709fd504

SHA512
7bbbafc313c0fe18380fd1ca110323a3aa7b85bc34f605f32fa4e12dc65b9c6a0e886b10f171958070cbc21602976b0b73391a8f472ebc908764b74e5491dec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
9a31b075da019ddc9903f13f81390688

SHA1
d5ed5d518c8aad84762b03f240d90a2d5d9d99d3

SHA256
95cf4025babcd46069b425449c98ed15d97d364b2461417caa9aa0c13cb372e1

SHA512
a04726a429ae727d685f0836327c625d2f18d6327253216a9a31265a324b68b06bec4e7f1b744d261a0e67fa0a90c43719aeda9d2998f42525b0ff5640c7bf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
1fd2bcf7be677e004a5421b78e261340

SHA1
4e5abd04329ee1ffaebe9c04b67deef17f89ff84

SHA256
f539c848f584add20b43d5daefd614526b67adbf22b0c89eaa7802a8a653cd31

SHA512
929499946e38281bd808b37b362c4a86f3b6382eb1ecd5fc094410d3688906d14a114ca930a2cf38b6241ab734bc5959e6fe541270d47ca9538e82a68c99cc77

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
25cfd3e6883a233149d744cc06bfecc2

SHA1
ebb13c51e80a55345ba8efd6b7d9533af6a970ec

SHA256
2e2260f6ded30e2a70818cd70741b0c7ff11634d347b9ce67c994c87a6c73e7c

SHA512
c8120aced98772024d44efe36956217a970609aa4fedbb3dcf56d76199652d7603a399ff5a20aaacef28ae87d5040a8f11be9dab259003b9646a9f590741d27c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
19d54fc6e6de0987fff96ba2488f42bd

SHA1
9bc2786b6181194a9ff07253c40d40e9d5a64177

SHA256
e27aab630aeaa5ae4acc5ac9d3de1232c10def5b35e267882e530d9f4ddc66ec

SHA512
d757af6b6fff5f9d92c423fe68ea2a6d1649deda9e83b3dac463f4d3c9e6e6d105c8c7b2d0e7d271976468b0d8b9b67219f4b9d600216cc95e81c6787d95886c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
727ddba6c69d2e855820b57ad8a5cda7

SHA1
2d53b1c7e3ab91a0c3a33cfcf75b7d9d3bf1e202

SHA256
20b34e761ac58e4c1d3be056e0ca65e1372143e4dd4fad25c19f1f45f2e2fc19

SHA512
e3137d4f4b872046c2c0edf72b4a8f14751a2f265ae0703409a78ff2bd54f877924ec445b550e69d09171503cf47e6ddbbd341cfa7e935fb985add2545d3bc98

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
c3adf02b2a7c345cc13e9a330b610796

SHA1
e77031b1f42058094794eb056a2aa06e3ffedfb1

SHA256
acc8f72b596ad6624fde859346a43de5b2ffdd6db4d67b0f1e05cb86479d509e

SHA512
2a3fd2a1181fd0fbd768cea4b6460e6fa36929da3a36f74aff5965673a898bd5c155cb3ff49176041fe3ccb11b7aaeda83d02be5bc2716782c5abf91eee2373a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
9666d74b18f57389ee2d3dee5073f71a

SHA1
1830bc2670e616a1da1af27157159e6677a5ad63

SHA256
6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae

SHA512
69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
349d9e37101b5dbd98ffa2f95e2cc329

SHA1
d3182a1d6f32898362be4e37855feb202821add6

SHA256
67649df12b2bd4bfc838abd6d7f1dad1acd3f97bd6d30997439c9fc9a39eaf94

SHA512
221f8b498ce57fe43c2d41a2c8d37e4bbf36c0c12dc9ed39670999a1b4dff0ae3fd1fc181e2ed4b2b3b7d60964571f94ab00b0d0da0e1d0941e0bc1f51442318

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000007

Filesize
47KB

MD5
7305846c22c10b9ea3a23fd406ce3d7e

SHA1
defcb9981fe06285efb2dd6a80fd7bb8c1621960

SHA256
02138042ebc0db3b627bdfd5ed475dbf596d4d654970ad7242f2f0e58a40e2c1

SHA512
2e3fc08ea078616183b54c185b2f7e4d553164d58c3c39eacf54701b36f328cf53c759a85a0ff949dc798c87eea2c3739a07a3abe7edd1e0d927b3ed6e3cd330

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008

Filesize
21KB

MD5
4950dd5c305697eae81f3d99f1e38675

SHA1
8db18654b0b120d9b61dc90b706316199702a3dd

SHA256
c6b82b30f16c0d68291a3c21bc4697ea13f571a922b9c0c3858c982f5218ef07

SHA512
20bc4c1007d5a755ce300cc29129a519e5b26f73978ea93b0f3569c31dabda183e8442290759bcca069e51ff8fee1ddd5a4c9042ed204dd41457df461eb86db7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000a

Filesize
26KB

MD5
35629868ce88f514b9387aed14f637cc

SHA1
030a0e1159b849c27bc2ebfdb772698f3701ef1a

SHA256
f0ce126f0edc17ffb377398a49d0d1a5f987a3a18228da38258930e9c85d05d4

SHA512
740aa943acca8538fbe2ee0a882feb85ccef27864ddff44883415f7682626a3be93b81cb930b3c9dc86523b6a0d95ef9fe7bc1fea2e01374b9927d923099dc36

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000b

Filesize
45KB

MD5
992a39ee0b8b83e69e2aa90df1230702

SHA1
dfce44a2807ffe86a43dbeed1cab0f6f88a4abac

SHA256
6c1932349ed8e8f8137115f4c36ad52f3f64cf117c92bf4fad773730eb3156b4

SHA512
e6e926c0bd6a01f79bfd329841e92b579aed7690b9dec135f132b9d7dee75b2aecd6743941018380ff70e8221cf7b7c7b6d2b29192c7636e06650b22ecf6ecf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000c

Filesize
70KB

MD5
10a62b7f25cabe173ad9095dd5044a88

SHA1
f854960f67a82a26d7567695341d9df472a54837

SHA256
3fbb37a8d3999c44dd71b0cd3a1bb71ebf272dc5df9006dce98185a58ece4e93

SHA512
5db63b8f0be615a62760ae7cc896fb7326177e772be106f379039c49d7b20db148bcd73944e1cff5d06185db189c7fa1af37a80ee29a73f6059e9bcdf87a979f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000d

Filesize
17KB

MD5
3ece6970d993cd27f0301b0dbf39bc49

SHA1
2e5445f6e4f42b45b280147db48af8cf79e4797e

SHA256
a02dc93e365903230037e9261be71d1113f4d0e1745faf9c633a0b5cea77d511

SHA512
3d232349cdd3bb44fa6d7b3e9da54dda03c0f01c6fe0366330798e27aba03310478206442a54858b21e4ba394301379cba63ffe54448d5582d3546ccaa150ea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000e

Filesize
20KB

MD5
1243721c2ec43a3531abe3c25477ad49

SHA1
c36e53b219074f4868ccba0090ebf1a7db25f09e

SHA256
0780c73b0c3cfa60e88dd0d21174a084595824e152a90ec692e23e3950de7de6

SHA512
aaf1c7a07007b5fa820882d92197f5ec75e1ff406f56788c65099ee92a83b9f584ea2ee45c7e09ff0fbcd5ed8dd469296aced47c32db881f07391fedcc47bd04

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000f

Filesize
19KB

MD5
82b66494d53732fd21e2c8bcd936a33c

SHA1
5e1bfd5ecaa95916e6f1948800bbe7a25bd4df58

SHA256
aa075a8b08ae62d0ae119cca2224dc0941215d0db9a392657a7c84735195ce9d

SHA512
37e96569df8da6935f248e40dccd435cd73708ba905d807b7d3e9574646bc9d1bf83650225602bd81b0929e86b7d69cce2c68902f71370c5d235917df5e9c916

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000010

Filesize
65KB

MD5
2e936d4ac0e78de02083f227326d1195

SHA1
035678676498c2393859d297ffb208085ace077f

SHA256
9cf5b1601c88b262090b3722c331eac0a384df1ad140bcaa4f816971ad72cf7d

SHA512
a5f902fd005fef9515cbee8cb537a1ba8c7ea55ea8cb8bff312d5ae879884720ef90f15874b6435f662073250f482271cc8edbe84268eea6bb701ad27c24854f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000012

Filesize
27KB

MD5
6508e2a5b8172772bb0bd2df73493db6

SHA1
b69ea78954e40b8b17f9fdbe46c33054d5beb419

SHA256
239142f2d191749d335e0004b7c1e8198977cfb0608de7fbc873c7e55f98033e

SHA512
1bad80c417dadc4fd3512744aa0fdcc5659c5e099815cc5e0698b67f5aff98dc45d869f402ffa756d2fa489bfc1c0cd2877c85051fd8d4ffe37c02fe44d9e988

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000013

Filesize
73KB

MD5
0a119932ec7054c6261e95c021a56e15

SHA1
cb2c1710b23865b4344e47aabf72c656cbf7b640

SHA256
048c39840c634a9643332634c3f61b42c772d8361152b7138bc98f26e6e18231

SHA512
51d89db547fbce629b3a14a2c78bd42ffb6d11b2391333dd44f71a594210804393f8dadcc667dbb70241d396819a49da8159f9f5663b61fd316bd9790b5a2f0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000014

Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
3715eb717e8a3fc6ece75c4cb8635440

SHA1
9af973d2fb5126b15ef5b7e62b2d0f8778e37907

SHA256
eeffab81130a3d425dd71e8359f42fd3906eca4e8d3fc337b4d8052ebbd4ef33

SHA512
504e1cb7061c36c391140d328df5444de769bfed7ed2cd0a212334c611fa1cd85df9f97dea750a855bb44b3e40ceccec92dfc0bf8b8b22e28dce6b400d99dd14

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
63025fb34bfc6315b33afcc792cc5f5a

SHA1
8ea76421a6fdffb3476ca0f24911a246b278eafe

SHA256
0488f453ab0de1b563191989c209c71230aed129ec6da5f37e03805bb0eeeec9

SHA512
441cb42c04c300b4d660ffdffb5fcbf37b00e383b764f5a5014ea297f21acddba67cb2605261871b2e2781376eda275e278bf8edb34a8571eb242607943bf484

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
531de457decdcf21af081848690bae75

SHA1
6286d7cca026f28b1103a86e29abd5bc6c69441a

SHA256
4263a78f5f5bc8b3762959c46824f2286853343a9fe01273dc033fdfecc7fd1a

SHA512
be0f6617bb09a9b855ca8f389ced7c77cc11afc8745d85501b8a4aeb627e5b6dff04b7a8774eca2951bd586f64d7b65c37c455981041508a6c53e2772fee33a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe581fd7.TMP

Filesize
96B

MD5
885f4866129c46d608e4a8221d807827

SHA1
c1c2402b62128d7deabf289ab170828076f1d2aa

SHA256
dc3f32d81eb23f75c097abbc5b203f4068f1ed286ddec5471b2da2f28d6b1144

SHA512
1f76d37f2005937c94b06041a46ef90209b74fbd4b87a6a338aa66569613af4ef1b37df364857079de9fb591dc4722e18b5ee4383ca7a8bd421e50086d82324a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
bf180b5d851b6b12088da778ca1201f6

SHA1
98af29e4c4b7e35232765f2c67df6927642ee229

SHA256
f188a7c572222fb1ba7666282016a2813feaa1dc3d8f8accea41684b194e7fcd

SHA512
4aab629e67d87afc66f80525503e21253a5420b993dcbd0fc4a992631bba6a84c235fd76ba92f67f69aaed78f01635d6689f1901d50c3e5412d68a2308611352

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.82.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
b40e1be3d7543b6678720c3aeaf3dec3

SHA1
7758593d371b07423ba7cb84f99ebe3416624f56

SHA256
2db221a44885c046a4b116717721b688f9a026c4cae3a17cf61ba9bef3ad97f4

SHA512
fb0664c1c83043f7c41fd0f1cc0714d81ecd71a07041233fb16fefeb25a3e182a77ac8af9910eff81716b1cceee8a7ee84158a564143b0e0d99e00923106cc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
7871d57436de3df3f18360417f2c3798

SHA1
35ceff73d7ce7b02455fb6ab87ccd6e71e9e5f1f

SHA256
49fe719cd2b1f7bf361cfc21d28349c41cb3ee9d1e0aeebadf6822df8a452dbb

SHA512
a564e69c3b60b7062adb084c24a84daea6838443556dcf7c4ee2e837590d2ffb569254e864b96f6da09ab2ae77a1460dbaf340ee7302940f9eba7ac87a81ff62

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
160KB

MD5
f310cf1ff562ae14449e0167a3e1fe46

SHA1
85c58afa9049467031c6c2b17f5c12ca73bb2788

SHA256
e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

SHA512
1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
ba55c111979afd4ae9d070b2d5adfd17

SHA1
79bccd77f443691c2443904fcea1337ad21cb7e4

SHA256
874ff1b0a0f687365925720289efda3132d90dfcd9e428882940350050ed3916

SHA512
6be6ac30210a5d33d9205e094b104b21781bea9befde1746995e61b8e6760c1bf4bcffd8b876c7b54588a90d45b2190058e766986ec4db23167accc1b2485150

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG.old

Filesize
289B

MD5
2f1f9e19e49776f11baf26dd6fe399c0

SHA1
273489ce05cff24ba8f01368cef72c5ffb74d5ff

SHA256
c583566f943bc8212010f3b1c285a28bf078ddf6f0dd2f245471aa5d351ec411

SHA512
fb0e1ba85057111cc9a989d1012590093684b678f52086921070f39e3972c0a2828fc27a8991f75fb70fa2d63cdebe6116b8f36d7681c4517970f1b8af85f68b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
78fc4d9ba01b81c81a93215bdd3639bb

SHA1
a7d133da2e2e7b7749f4a31ffe9d5ebc35dca92a

SHA256
6b8464b01760ba4bab5b5cc111dfbd23e7c269e45a19c798cded7e8f20710672

SHA512
7034079556e64296e3ab045f9c44328ff4f9de4f0cffb1f370cade89215bc3f27c6216121552941424f02b04fbaf82974d0854bbb357e930651bbbb290328f48

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
816ae24b4c1157d8e856a0336eb6cc59

SHA1
008a4849e7f26b425255e9ca7504d20736c94548

SHA256
85da33bce1d73fc22de12b4ab0b8a95a24e51d23b7225e57b445e309026fe2f9

SHA512
d2a4e19c6ec56d91ec3c47b455a139529720a8557cc36ffd46da1436b4a9339a2f651ed75db28943a44dc7f0df83331f5a5c0d6738f70dcba44bf331ec826305

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
3KB

MD5
34df097b28dc3876552a68f599c6760d

SHA1
c884fa0d183ab101284ba258f74a938903e0620d

SHA256
14a3e298b37201295f7672217fa5b5736f7a376430e1c908e47187be512c4bc9

SHA512
c70a56838929b339f3a64735690bdf4f51ab846ab288258752c629c2ff1358e9550000e0a60222dcb21020d7e45b12c32fcf77df775cf8537de5f4dbcbf3fecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
037c5f73f77a50b072533fa47376c562

SHA1
fd0e02d819bca9718c1a7cc6ad8a473d2d3ac425

SHA256
01d1d98f61e68894e788fe975bcbd971aec37b619a9249d789075a2370ce60ca

SHA512
26ca13dbbfb636d3b8357c834ec5f6ef461fdf066e590a9247b21992f6ff6f26709d50e1e866eb2acdfc27bdcc6236719eb957f6ac2b866db7fcc1767b3f9b71

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
356B

MD5
d56c707a2dca75f17d3e3d09f88c02d3

SHA1
8e065c7debd71765653f31e4fec88250b3d07073

SHA256
e3f1ae25b95a475975419f39cb760539548cb935de391d6fd777f8090072c236

SHA512
6d52ebe0a8b46bbb8538ab32c0811f90c431cf74622ffca5e81a0cd64b6a1399459166ac80c61ddf417392d8c1ac794649790d628430e955c23f336fd5cadb0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
27a76d2c3a9e17bcfee72d04c9fb24df

SHA1
e15dc77371449a0d5bf6c30a8f27cb8dd4a982cb

SHA256
d6decd24a5cff35411c5bf69eb39eaba9dc1121307b4540cb4faa3d1eb471021

SHA512
cc34c49954461c7b8128188ae5d44abb3a93d7a04c14487d51bc6d81c60f070dbe883ca0b2740d5e8389fd667b0df5076836b38aa7bf3e5a35aa76b2694fd8ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
c9e8f71a43cb568b7e6abbed6b9be212

SHA1
69c3873b67599733e6ea8d81a95c4cb7cd64e66c

SHA256
f008b6df76a0419424193de68e36bf5189ab2fa23d9bcd74b6d23870d57c6c1b

SHA512
36740c26eb198e0ae5b1578ddcee4422805097f7720f70638566149940c8987acf8b3322dfbf76cc024e2da4cb783a95fef5cc26cc876305245601c8b892ff2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
ad1cc06eac0dee3b800726f826e47645

SHA1
45922aa2a228e3ca1b2bc37640f29a2a1b9779b4

SHA256
191ccbe87bf05028c728e40a1f4429dc207e7944789e53b85be10e8de28f4862

SHA512
f4787f0a5eb1d24a23f1a8f1cb99b913fe1dd0dbea596aabed2bd5cbb9d8a8466b1f5ab6a6da0ffa8a4d5b5d30b76dc9b354874f29ab53e1c0620106f1030369

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Trust Tokens

Filesize
36KB

MD5
767a7db34589653629c0d4299aa9eb7a

SHA1
57375ca0b80b3c856b76b3b080270686c90ccb8e

SHA256
78a4734f08b47286a3736c88c6fc481f76bd2b1a46e29d0920939f088ce899fd

SHA512
a01b63edaceab16394320bd2d9152faac7f0c3971001049e8e931b6403f97d8e5e6f4e9020a446cfb573241321cfd26c3d982f30139799fa7fc32617cd1ec859

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
7KB

MD5
7bb7d42423c3a013cd565ced866c30f2

SHA1
3e9dc47deb74a8c04048f89407be9b0a45aae120

SHA256
a9add85bd9ac492cf1df3e32972daf1517651cea6731c9cec6bec981716c4b54

SHA512
6ce1742da0c77189e3e2afc9e489032e185bf6e8af6dd054db0ff3c535ead453e214ae19640d5f915531d41fe9cd2c36e765482ca501be72ce54e8430c677956

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
c0e5faf170ff59419d7cd99b9a4d922a

SHA1
0354624f246ec922fe6a01ba6dcbdc50cde6ce7e

SHA256
a7a76b67d156de937bfdd3a54a1abb9aa6d609a83a2c8d903acd59a3185ab469

SHA512
46ffa0e20ea3eb827e76f3d8f6cafe80ecbe2f5fb17ba3862af6c2c03921525c5c3a060cd7f157b71adb2b6ee7bf31967b80ab9af3f980873a23993cd36a7bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
b9e0ccec815c677851cef019ce75d3a6

SHA1
27243c8208265c79943c7955f82079dd3361bb25

SHA256
afa339c15b73ac892e17398ff27df3b4d5daddab374cd5b2e4f7036397d7d34d

SHA512
e722c62f2cff683623e67d522c96172ebd88c5d45daa1e3d6402a138182415b51b1b358389052070c83fcb5dc34673d84cc73cd1be8d9ab88f8e33c6673001fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
70bfddaf1e4dc83ce13cc369ee806837

SHA1
f0f0df2522574678df8c10eb073b3eeaa5a6a3b8

SHA256
f7d2fc9505addda9e7c835667c3e762f6bca2c4a06bd4a049e23619a8542e806

SHA512
e5f7ddeeb36d678c8942d636dcab65895f32d38c3f102eff4e449babb09e17ddac82e8c2ac95f28d43590056e5fed4150146ece7db3e15126521e4b266fc7c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
57674ba6a4e429b752bbff6f475bc148

SHA1
c29838fe5333dc38bf4522208af484559776f7b8

SHA256
4df7fe9848e221b815366b96105aa1663fbf86e1ef41b3ca26d285b9c5043fd8

SHA512
a22a55c6531f5aab77b59ee2a92640c8592d91c243980c56a7bf1fc8bed197497fb7d828cc67316932e69d16d9409fe80f7fae8ef36b39ff42d2bea764c59b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
38d0669284a4969894ca50bf131c8c6e

SHA1
852f7bb676ed0fd1b2ef725a84db90b97341f0fb

SHA256
bc70371abec84fea5025c42c412a8b5b2023e4d00dc4383b75a96a41b298abf2

SHA512
552ca4c16ce759a62bc3b152d3282cee80eae9302645a66632e2b67349f5d26dde24878dba88f509bfa467f685a34f2b553fd027d82fbabeff6de940766fd4bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
19KB

MD5
3ccc2f122f2d0437fb5aafbff496a32b

SHA1
f51e096ca831f1c847067ce250165adcd49f71e0

SHA256
4a3c92ac15e8eaeac51c0f4a82fd43e024a3c0d83418c216c5d7fa052ef78938

SHA512
09e069d2d1ce1ffb947dcb6ebf65b4b8080c26477725fdb2a5fb27ee9cf11d1ede9eafca306f9acec90ab1add3da8201e32fbd731a61685c6ad2d34b5015d58e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
57ab671093b2030e4d1f525628736b77

SHA1
6c740280fab7f31c3d063fbd3437a827ec268cd5

SHA256
edda17a696cfb13b7e4d3bda142a6e412352f7e02cc408b0ddb2ce492b0614b0

SHA512
79d123a2c05e9aaed11075c95981a8ff70c0a8abec75dbd4effbf48ab9d839b6b07feebc911be0649a3a54901933a446ddd21f6b65f21186e7293f7e7a0cbc80

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG

Filesize
336B

MD5
7e8ba27e1c189e456d9682e92dbe5ef1

SHA1
ff59cdec05db0b9bfbac110bf73616ae423f155c

SHA256
d581c95be139608ec2c25067094280a69ad7b83296a9c8e665c10aeaaa41d4e1

SHA512
dfa283e31b3d370de8a92cffa4c92103aa9063658d125f07105fdad9e570a0224f072e64bb5c564da7f45673343b43bf08cce2365ee4f6e9433fc91fd6aa840f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG.old

Filesize
295B

MD5
e3dbda704b02d8cd62b65b0f1bef1700

SHA1
44f0951f17fb68f68d2819135394d59512dfa0f8

SHA256
0700d75cdbbf82354e2d88eee140c9d49440538564ec50f6cd944523c8b30636

SHA512
d8e55bcd85458cab7a5cfdfbd3fc93ecd4f5a1b8288d9b58152c62474fd66f448308e4180d29b4c12fe9e31fa3053a1d9b03d7d746e6a3015d06e5fd8916783e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
1c07620c35db7246972eba093cc74c7b

SHA1
60e7226a3e8b79eb9eea48080444450a215d2e40

SHA256
e8f15ca71bda6093a8fda9103db7dc8b7fac4e200bb61f12b40de4f109f9b21b

SHA512
7ad71dd415ff984c9badf763dca541ce98aae0fcadd6c57cf045b998573afd177964162044849714ef3a5a66d6ec17382f0554b1d7dfec22b9a43f147b7030a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\db

Filesize
44KB

MD5
491de38f19d0ae501eca7d3d7d69b826

SHA1
2ecf6fcf189ce6d35139daf427a781ca66a1eba9

SHA256
e58156bca5288238d341f5249d3b6c91ab37cef515358953b435339100d0596a

SHA512
232f5df71e8ec35e500ac81aa54a87b3523fe8a32168096a2a76f08e5c7868100b3cdc5155786ead489aac440beee3f84ffa43d226a5b709c66012923b20c696

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
b7074f71d5999c46ac667f0eaede85d8

SHA1
b6e5072d7233b201f867ad2ba59de7b313a62d29

SHA256
888fede7a31707cf91e88c0d21268a54e44c96da781d1337787e39bac3911657

SHA512
a3b7baef64e08821df49eb62fb2aa7de6fcf1703fb1ce4adf372153ede2257a3dc78a8120ef829682f49989595a31a6fac49afd7987e4b38dbb5dc55667f03be

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
ef9d4fe663591ad5d499188ecdc89fd2

SHA1
96a6c42a5f3de70b8013d160df29f13f2985e031

SHA256
7b535f65ab231d44d570140869ec4f0f8b15febd1ea565001ca76c18d735292b

SHA512
117664296cce715c6cfe179aa44ffdf422059dd513234a6f586e50ea35368e97d41367d71e9ac6efb85d7075a9b999f5643b9bad8a07b7d5f988597b01aa8a4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
283B

MD5
48eb185c645b9141720280223c21ee89

SHA1
5a80ac000d537de5a06530442c545ee4db9cace7

SHA256
49e612e6b341344ab148a344a675cf1e260a9ad099f8daa211b901aecbdfb738

SHA512
782e31ff51bb20696dc0d7534dfb8ea1e26ca08d4eea277dade309def34b4bcc7cde3f76ac72c780902bc3688cc31d2e9adc11d5be310971d4e0665528069a1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
feb9fc088db0ce4691985d033a3eee37

SHA1
e2db2f09bb0993d65661aedc4e8f8049bdb623d9

SHA256
8c7ea7f76fe937f73168e4bdfc8ed85eb9ca9394e0ca1d9db6aa569eb02671db

SHA512
97e051a5d751bf2d06995b614bad390299b6d542a2edb1ebdbf26b8ac4d75c43ed5ee95ee0745fd9b67247f6b84ae5d9f0bde649206d9127376a0473f7d68766

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
114KB

MD5
e3bad5a8407ce8be2e003acd06598035

SHA1
a6bc025a692ae74493b231311373d214b72fd9b1

SHA256
29a8f30850aa6f08ad492c71594de5844e11ab1a9bc4b8e0432b137fb8ca2d69

SHA512
cce663e7318c9a9723a676e100dc77c47399f3ca3c25729781eddd4c63e7797c93ccca34c49a0eb725806691ffbec2699dd7d450f14cbbaeff8a3bb07a57e082

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
f59049fe591df635bb5bd0b9563aa178

SHA1
cddd40d5ce2f19c4b593acfd18f47f1eefdbafb3

SHA256
22b666e6ab4afe975a4eed739386ace555bc0f589d406c986d5b36caa95571f3

SHA512
0efb376e53bdf9ada916e3389e124339bd89ead7f5de6aed6dd1c0dd8af584c0b0b8444ceb49aee5e8c6353de6999283a288ac20617930e035227696ec78917a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
936f81ed3e919f6210370ca470445df7

SHA1
1f7c73e88f8f7a84efe6e0e039d15567d37d165f

SHA256
f293881fb677c06e6c9b6eaab8d13e6b9afdba245e4cfeee4203c7703fff4fba

SHA512
b6ff3a891ca66231e9f1a7cabdf624dd8c84f3f4b28a1117b68cccd61cb34defab6f7d06421a9bac6e891ef0e876731d3e9b88a8c476eae6c2a3b9761e9b0e70

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
d22e80029dcdf32b630f381906ef4b72

SHA1
aa94e6901bd31bc5aaf3722824a4bc89819905de

SHA256
658cf2e44c9e2a76226cebe8a0339f6708cdbb9c72f36c52ddcf96d3844c49d6

SHA512
f8751abaac4189288e5891854352a4241c598634c4e9a91b1a791e26eac4a39b73abf5cf03514f96da1d27376078dba909fa5d3f33d5524d0523ec7ad3fa5d43

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
9621d3749fd19ba2ae290b679e8995fd

SHA1
0e26bde909949518d487c650773a962813f5dabd

SHA256
e4a73f64860d30710be6f1c7f857de64125e80462bb2e35f2c11ac9c5d9dce9a

SHA512
96a96b9f3cb61c91f76ba294650556cba781807243e350d3b80084fccb084f93750e1ea139d0d9c3c7833a8b24f92fb91a7eb561619620b7c7a6be47f18e801d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db

Filesize
28KB

MD5
3979944f99b92e44fa4b7dbcb6ee91c2

SHA1
df2161c70a820fe43801320f1c25182f891261a4

SHA256
001d755b2b560945440023bf4ebfbda797cf5106419ac7dd270924b322f3ecf3

SHA512
358e6dee698a63c2490c2fb5206516766fd8ace8f3d523509c29ff76aa6a984cb6381468f15bb4b9c084d9a470298b4cc11b0970e671ce0316243069ac4c8590

Download Submit
\??\pipe\crashpad_3216_GKRTAOEXLITVVBEN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit