socelars | baf65a4cb3a3443c4dea37ddd9766557037a970b6c1f2376fe75e1e09997cd4c

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Size

1.4MB
MD5

4e5c8938ed644daec8e14035d1f13bbe
SHA1

1360d8c4f029755ddc0dae7396d13d049f745602
SHA256

baf65a4cb3a3443c4dea37ddd9766557037a970b6c1f2376fe75e1e09997cd4c
SHA512

9656ba361f94253971da6b6a0f708560d3f9b2cd8961d7323a3cd67e3d5f8f550791554cef5c4d0a7b8ef22ebfdf3a087b2cba1007c0ca329dd0a8712c1ab5bb
SSDEEP

24576:zIA7opO13nWEjukQuzHVZ64lEq25RHxrFCKezViURT1jS7VQ+SB42Cf6:D7op+Weu+zHj64ENRhCHJh1jS7y+SBhT

Score

10^/10

socelars discovery spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

Processes:

4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

28 iplogger.org
29 iplogger.org
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
28	iplogger.org
29	iplogger.org

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

cmd.exetaskkill.exexcopy.exe4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

xcopy.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

5060 taskkill.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

2312 chrome.exe
2312 chrome.exe
3348 chrome.exe
3348 chrome.exe
3348 chrome.exe
3348 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2312 chrome.exe
2312 chrome.exe
2312 chrome.exe
2312 chrome.exe

pid	process
5060	taskkill.exe

pid	process
2312	chrome.exe
2312	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe
3348	chrome.exe

pid	process
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exetaskkill.exechrome.exe

description	pid	process
Token: SeCreateTokenPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeTcbPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeSecurityPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeSystemtimePrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeBackupPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeRestorePrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeShutdownPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeDebugPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeAuditPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeUndockPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeManageVolumePrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeImpersonatePrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: 31	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: 32	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: 33	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: 34	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: 35	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
Token: SeDebugPrivilege	5060	taskkill.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid process

2312 chrome.exe
2312 chrome.exe

pid	process
2312	chrome.exe
2312	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.execmd.exechrome.exe

description	pid	process	target process
PID 2160 wrote to memory of 2348	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe	cmd.exe
PID 2160 wrote to memory of 2348	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe	cmd.exe
PID 2160 wrote to memory of 2348	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe	cmd.exe
PID 2348 wrote to memory of 5060	2348	cmd.exe	taskkill.exe
PID 2348 wrote to memory of 5060	2348	cmd.exe	taskkill.exe
PID 2348 wrote to memory of 5060	2348	cmd.exe	taskkill.exe
PID 2160 wrote to memory of 4724	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe	xcopy.exe
PID 2160 wrote to memory of 4724	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe	xcopy.exe
PID 2160 wrote to memory of 4724	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe	xcopy.exe
PID 2160 wrote to memory of 2312	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe	chrome.exe
PID 2160 wrote to memory of 2312	2160	4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe	chrome.exe
PID 2312 wrote to memory of 384	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 384	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 1256	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 3624	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 3624	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe
PID 2312 wrote to memory of 4520	2312	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4e5c8938ed644daec8e14035d1f13bbe_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5060
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e36bcc40,0x7ff9e36bcc4c,0x7ff9e36bcc58
    3⤵
    PID:384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,5565516563556784435,12226600903348613544,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2
    3⤵
    PID:1256
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=1860,i,5565516563556784435,12226600903348613544,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:3
    3⤵
    PID:3624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=2288,i,5565516563556784435,12226600903348613544,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:8
    3⤵
    PID:4520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,5565516563556784435,12226600903348613544,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
    3⤵
    PID:2820
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,5565516563556784435,12226600903348613544,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:4392
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3536,i,5565516563556784435,12226600903348613544,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3568 /prefetch:1
    3⤵
    PID:1520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3544,i,5565516563556784435,12226600903348613544,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3596 /prefetch:1
    3⤵
    PID:2212
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5272,i,5565516563556784435,12226600903348613544,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4328 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3348

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
15KB

MD5
cbc58b5b64bc40dcb9b01208e1c729d0

SHA1
aa81b8fd7fd35573f06c03161d35da01d2aaf786

SHA256
0a9248adc4f9aa23275db389a15e8db44a7ded442326495d9c261874a0614e7b

SHA512
032f31a5b993d0b9b7ddcd77ae7d6ff032ad06e538f8c69ab285a2f1f466b5d80aff91aa732bb85f123dff19322f77f3df34e7a1d0c9c9d894610bc63858c174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
26KB

MD5
029c53effaed86331055c63d264c3316

SHA1
859bb39d27b462a73fc9131f694b69c8c118b3cf

SHA256
3c1453cb6fe4c7ae8945d96db6c19e3eb58702df65ee0244f8f2444b20e93068

SHA512
68d115d79428c906ca377091f30c207de92ee9450e22e94a35fd7753547cb582ae36434595f1c0e444bb19d5c6dcc214fe58a9987f690486800c8ad91c9642d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
bc9f3244458b0e8bd1f0079107162a70

SHA1
b3288eee533d0e56adf064a7ff754127d9c7e850

SHA256
3f6ded35f68e58a60a434c794dd62c51463755a9a9e238d30fc3f2ec6abd5aca

SHA512
6422d8afca90ea80ef3663f2d4b4910597434ffe9f3d36e2bc5468a3edf17de3b39dd64f8f3e879007d66eee9cf3b1841cde779220874cd7ac1c42f741618bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
9a31b075da019ddc9903f13f81390688

SHA1
d5ed5d518c8aad84762b03f240d90a2d5d9d99d3

SHA256
95cf4025babcd46069b425449c98ed15d97d364b2461417caa9aa0c13cb372e1

SHA512
a04726a429ae727d685f0836327c625d2f18d6327253216a9a31265a324b68b06bec4e7f1b744d261a0e67fa0a90c43719aeda9d2998f42525b0ff5640c7bf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
800547b40b40a6d57a70b74809b450fa

SHA1
310a064c7ba82120f80af50892dcbe61b53f9d70

SHA256
a562ff4b14badc73b0804883bf4ccfd9972e485123de5e5949981794f66ed936

SHA512
39630e3b5069d0c66ea44069358cf01f180bf25103968f77d483a27deb7e91e796a1718ce9af2f438bebe8207537e735cd402d649e2adfa2ca7748faae2db949

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
43e8d967a6b5b827e55b0065dee2de37

SHA1
0dd006344920023d9e2bdc69bc90ef2966ad9aef

SHA256
6f5268f381f5deb124d9b53f3975ff5b1e4f5f20f50b958a012ddb9d5f266133

SHA512
d311e89b6c4238ad1eb7abcc34f0304b404a789499aaa768ac295ce429e3453c7c563aed9ab77d9c255934aa4a997172c128a711f14354f38c2d7e008ab7b42b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
8bc6e3dc25672df0c22d6f9cc57e1748

SHA1
abd0cb1892ef32ae1269870c79d9745ab75af200

SHA256
4f91e5c3b459f457918b4723ad9aabf702bfb2e197425be6547fc2e9b09199ff

SHA512
eecd3e8e60efc54d60ed365342b71c9c62b86beabe62003d7bc268bb0566c9e36ce5a2dfa1820e5d66e40c987b88f25ac4d40506f81599ac653bb837578fe533

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
727ddba6c69d2e855820b57ad8a5cda7

SHA1
2d53b1c7e3ab91a0c3a33cfcf75b7d9d3bf1e202

SHA256
20b34e761ac58e4c1d3be056e0ca65e1372143e4dd4fad25c19f1f45f2e2fc19

SHA512
e3137d4f4b872046c2c0edf72b4a8f14751a2f265ae0703409a78ff2bd54f877924ec445b550e69d09171503cf47e6ddbbd341cfa7e935fb985add2545d3bc98

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
4bc25f16808e4bddf34dfa8fb708a810

SHA1
ac2c65e969ee46e029166580051f2d963eb8fefa

SHA256
1670e1a9d114da08d3c08c5c22cb66860e961ec25bd407115610d17e777ad854

SHA512
d277bb355c28981aa2394d733751a4074757e76bf89b4977659c5a3e79b57c5075a202fad9d48449e9b0a817fad8701a8d7bf2ba61aafdd28c6587b02fbbfc35

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
9666d74b18f57389ee2d3dee5073f71a

SHA1
1830bc2670e616a1da1af27157159e6677a5ad63

SHA256
6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae

SHA512
69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
5c592accb23a76c0216f800695f699b9

SHA1
c236175e8729bedd48a236c63aaa3be63c8e9b44

SHA256
e9d5780ad6defc3548175960c8e3db36e32d4100ecaa98cdbb5b50cd2d9de97d

SHA512
88099596ed2b7214d3cb5d26f5617428c360e7dc5949c730b1dad0bdc8ef4db16669f3a1d2c9faf2b5cedfe16aee977b13bca4d2fb1c0348c3e7165fb9f08274

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000005

Filesize
91KB

MD5
a7d0018905d710fc340f1429886d88b5

SHA1
aa6c7a7f8cf479e21c178b9846ba283e720dba9b

SHA256
7caf31e436587fc92ead2453a28dc8c38a173e2554b2ac7588fbb6f7193646e9

SHA512
c679251593cf7bd73b11cae7663567c3c9357f3c8e58daae8e84b02cdd69175fcef9e462c04ad70b78a9ba3b11e1673cdbdc78ba730f241a130c9f299faea96f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000006

Filesize
50KB

MD5
77e2e80055d2a01d218da4c6403aa44b

SHA1
e8c2d0ec7e7aaea08e0c15b3a9933c0a33ad3334

SHA256
5fe04fb74eed46c14dd7437ec979530439f9de83e45755f4795f686ece899ebd

SHA512
3af3752fb9d763b0a8aa6ea255ff3608cacd434c6baa6fd897d2721871c76b4b53e5a902e90308875869433fb853bdf657ea1410e3add7b1d952f3bf1dd810fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000007

Filesize
26KB

MD5
b546855ea44309128aeb9a51304c7cea

SHA1
be6c15baa22e674daefe878178f00cff467d0b25

SHA256
269917ffd1d0918112b9fe1f8040175389b0b4e4f1baad2eb15d7b5f2a176566

SHA512
f0ebaec12eade7bbb6aeda19c33024c84d91d830a16176f7ab8196417420cd9ec0a4cfef36255daf01284896240b7eee7e4a6102b21db69ed68ee744fab183d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008

Filesize
129KB

MD5
ddebd8b9bf0d448f1f4a6eabb8e02c69

SHA1
06b75158defafa31ad4b0a78b66c6601cbc7206c

SHA256
e2de1c58203e54f916ad842848e3b68e02216c00d0ab9d83c6172b10d0afed39

SHA512
666703ebd348c6d03a0c2a8cace8f0f0b73d470f2c4ff1f2212a457afe3dda31342b01371b868dc30cc710de04074394e823b1632fd5382a0cc19f1180ad138b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000009

Filesize
16KB

MD5
759e8b9a9fac97ceeb36914614211222

SHA1
5a14d50e639e43718873b4b99ce000a47db4d333

SHA256
c62b82cdb978f660780b322b5225924b17ab58886bcc59cb71d8aa07e4a64e25

SHA512
061754e0261c1157ecdb4ce053646550ae560c3c255c356c4f1314ba51e9d26ab650468ae8b52d435845421368bb8f0509f5d03b2167dfff5313c6ccd7817a46

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000a

Filesize
45KB

MD5
992a39ee0b8b83e69e2aa90df1230702

SHA1
dfce44a2807ffe86a43dbeed1cab0f6f88a4abac

SHA256
6c1932349ed8e8f8137115f4c36ad52f3f64cf117c92bf4fad773730eb3156b4

SHA512
e6e926c0bd6a01f79bfd329841e92b579aed7690b9dec135f132b9d7dee75b2aecd6743941018380ff70e8221cf7b7c7b6d2b29192c7636e06650b22ecf6ecf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000b

Filesize
36KB

MD5
334952f56f6b55e10cfb44096c5e4dbf

SHA1
dd89d5ad9e5ae1901eededb3fb164f058eaf5324

SHA256
697fa23d5100aedb17251c39896a8a8a2090fc305eb0747b2d326e56f6269112

SHA512
c3628e7d8fa00117a84366786f35cb6969dc5e5394fc547a66f449617026db9f44b2009990f2bad73a9c1d883f9543ab07c1f957e0530f16242a20c8c0ea04cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000c

Filesize
17KB

MD5
3ece6970d993cd27f0301b0dbf39bc49

SHA1
2e5445f6e4f42b45b280147db48af8cf79e4797e

SHA256
a02dc93e365903230037e9261be71d1113f4d0e1745faf9c633a0b5cea77d511

SHA512
3d232349cdd3bb44fa6d7b3e9da54dda03c0f01c6fe0366330798e27aba03310478206442a54858b21e4ba394301379cba63ffe54448d5582d3546ccaa150ea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000d

Filesize
20KB

MD5
6ba036552dbb555949bcafeb5126b3a8

SHA1
b418739a6801acf0e1d843546fa3dbac96e4031f

SHA256
1fbae7b95f24e99274a971e537b14b6aa0524cdbdd722b26f8e4840a1ec8e22e

SHA512
9a3ee77ffb18826154a7769e2ac354f18408cbd13de39b6a1978ab2ef04a4aa41034937a0b6899fef4b985edd2eee34a65a23365d8d93a6551d0612c920f8eae

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000e

Filesize
55KB

MD5
415d201c414b7ab86b53406fa06548c2

SHA1
fc45351471c23a28de9629be74ae685bcf733ef3

SHA256
9249f83ee6cf2f6e60ee501b844735315c626e34d2a6678ab9690cb3ad4f25e3

SHA512
1915bf1af8499b0af6257cb4ba2f5e424fff416cf076d64e48c93b810e8e2e5e6984f96e14d8eea29dadbbe10590322a0e0f33e145f817a805b1350d9b31f9da

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000f

Filesize
20KB

MD5
1243721c2ec43a3531abe3c25477ad49

SHA1
c36e53b219074f4868ccba0090ebf1a7db25f09e

SHA256
0780c73b0c3cfa60e88dd0d21174a084595824e152a90ec692e23e3950de7de6

SHA512
aaf1c7a07007b5fa820882d92197f5ec75e1ff406f56788c65099ee92a83b9f584ea2ee45c7e09ff0fbcd5ed8dd469296aced47c32db881f07391fedcc47bd04

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000010

Filesize
55KB

MD5
11e05a9890dc41085d57591866c9ba72

SHA1
ca94ed2a621c8d126eedaff9ff5a0fdb49080c44

SHA256
a1700dd30c227ea6f38c8a1e34ce80055ceede411caef04c3451843df29c8790

SHA512
0fbbdbf7cb094130ddff1d41a476b53d341038e7a3b3b3246758dc3c69eac7389c460e223cbf76c6e9f211a7d7b29995beacaa0d4940ab91d281a945ed73d722

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000011

Filesize
65KB

MD5
ba0aed731bdd01a06434bbac318b9714

SHA1
9ef79f6a974ac9e251808a4e4f2e853f53ef540e

SHA256
276e71e826fafb6ddbc7ad109037d50e348f45200dbb8a8c92e476811fc02f06

SHA512
51bde5c2c151aa52b5ba455c93c63c42eddc59f4f418cc01e078b70b5eeecc8c83a9efacfda47b02d4c3525cba42870360f9b7aef50c1620354902c146e11501

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000012

Filesize
27KB

MD5
6508e2a5b8172772bb0bd2df73493db6

SHA1
b69ea78954e40b8b17f9fdbe46c33054d5beb419

SHA256
239142f2d191749d335e0004b7c1e8198977cfb0608de7fbc873c7e55f98033e

SHA512
1bad80c417dadc4fd3512744aa0fdcc5659c5e099815cc5e0698b67f5aff98dc45d869f402ffa756d2fa489bfc1c0cd2877c85051fd8d4ffe37c02fe44d9e988

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000013

Filesize
73KB

MD5
92c0a0cc98e3ca14c29a1d715d0d8fb0

SHA1
e777506f9fd0e097e09df692ed0c5dd8a0fe0470

SHA256
e1af33c23f0129a8dcdbd368965770b65ebcdfbeb1b15cb23c909c29569c24c8

SHA512
c0f520ccf191a81bf04aafe2934ebb291b6bef4d82bbc89d43b658838dbd0f1e64b3789a200e88f3de0a567f7395041b8cc94b638ab3e828ecfecb4c03902bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000014

Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000015

Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000016

Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000017

Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
d4272e42f33a7706aee2bd96da859ce4

SHA1
d6c1d3d5d38951e1438f203b81f1595f1dbf990c

SHA256
3e8589ef15e80a0272747cba772ca3b9ecfced880eae7110669cf1acac949c82

SHA512
21d10961fb164a742b86755e8c47447ae59611a4199422cbaf5f01c9d5f0217a12dbee5798234c242f4c87e810e7a78a4534206f1e8c8bbb89cb57cbe31d3ecd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
0c60edecb73e05a9649f5f6bb2aa82c2

SHA1
cd1131284642a5a1e93485d93a21707abcc7afa8

SHA256
ba94f958d603ae3436882651df06d57de504714ef278c40651f611ef0c249da5

SHA512
73e6063a158a12d5d9e940116dee0c3a2d7b37769f76aedda95324f43d3ae318ba54372fbd207c4eb1ea97deffde7a223f56a323bcb1e96e7bba250e62786954

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f290e3ed20b5f61323928e08d1842a30

SHA1
a056bb55948c5166ed3e90c7d59ed798fb3c7a29

SHA256
271fc34dd4047ab391b307da999ee1629299b8ec0999d172141796392371aa35

SHA512
5fc8171ab19f96c877a2c95cc8a17d36c51102dfef032e9d01c67bd3ee7b1c0b80bc366f5b092692e62aa67969a56999f37cc60bce89cd0914819aca49d0e95e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe58501f.TMP

Filesize
96B

MD5
c8f70725d5ffbb0dfee61fa8657d25d0

SHA1
d7a0dbcb7982519804446b95f42550f4ef5d42a4

SHA256
efb5f61e1a5cbc09a59c7fbb04e8386129f8ca20e9df81b956ad927df9b45f85

SHA512
7297e77a1e2aa92b5d3a62e4121cb1a10556ea9ae51529a58b5041db7d0304cdf706b1978004449d4d6bd0ab7df90a60550e1e8ccc7c9e0894ded5602e77e68c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
654a48255af5d7f42060965dc1d50f87

SHA1
7f7d46e2bd1aaeed6ff2405d168db23a459733ca

SHA256
d047ce1cee3104610d577714c710a7692b279c942437b13a7cd823518494d084

SHA512
23372a44d3a63bae9cef14841cfbf39250b4417887f2a1434ed8b914458a426edf98754c6deea21e2ce0fbb66572437f7fc44d04563ff92a4a7e13dd016a9183

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.82.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
b40e1be3d7543b6678720c3aeaf3dec3

SHA1
7758593d371b07423ba7cb84f99ebe3416624f56

SHA256
2db221a44885c046a4b116717721b688f9a026c4cae3a17cf61ba9bef3ad97f4

SHA512
fb0664c1c83043f7c41fd0f1cc0714d81ecd71a07041233fb16fefeb25a3e182a77ac8af9910eff81716b1cceee8a7ee84158a564143b0e0d99e00923106cc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
1457044d975fdd1a2953af485f37b834

SHA1
696463ef9d026f1908d17df192d52dd902f6dd7b

SHA256
8e6eb2f0dc2e8c674705c1d90091619c7b4592447a92f464abfce01fdb98f6d8

SHA512
0a04ef91603fccc97ecae640b3163b6dfc4ac5f430ffb0b916ddd3706733fcb575091c0b1c517fe331a671bb0cfa94447395aca8b51e9321d32762d27d80fc07

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
160KB

MD5
f310cf1ff562ae14449e0167a3e1fe46

SHA1
85c58afa9049467031c6c2b17f5c12ca73bb2788

SHA256
e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

SHA512
1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
8b9e5f0941bc0fd3afdbeeaae853342d

SHA1
75257c1f8c32411cc314a36dae29594395d76675

SHA256
0a9e11f3c7078b340e319c4e1598b30ebe826c82664cfa6a0ebf91df1e43b17b

SHA512
82560598dee51f95c412696c962a9973ad69f6e68a2d51c23d4e1d13237e600d53698f29f49e39892494b84155e1815f65ea66217b633a3d2e76517d94424062

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG.old

Filesize
291B

MD5
f71fe37d05aa07a8d3a642d81c21e9e4

SHA1
8a36da942fe9e28a1c6ad0458234716662b95461

SHA256
0e608d8c6d78085654962e060cfbb7abe45d6574ba39138dad55f8ffbe12cbbb

SHA512
e3e3edf9bcf84ae6fb6d96ca9c0d186c95e26958e4c3479e3ae7054a49340bdbe55a558f37b210d74683654255a1e60c6781cbfafdb7ca847f431fc2a613b3e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
95c5da565b6a2c2365d048a9070a4cf5

SHA1
6479a814d1b6c72f686c81600821f0b19fa7378d

SHA256
84844dc62db233b33185372016f416878d404ce4296075487c42065ad84d3956

SHA512
a5844379982d4582c8dc9a28ae730e529d66efdc0769b283abaec32abe25ba53be425ef8d581bfb3ac2add8d21c78b335b255173927e56e9c8ac6f0f1c2b6710

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
db0046044097c497711e7524175f8edf

SHA1
e4a6a25ff3ebfa8b8226644ae17c157c58e389d7

SHA256
469d36dc0f92c75ad9262876b5de5ffc08739a8d0ee22f3d4fb9d55288c9ee55

SHA512
aa22618444bbee6fdb92c1cd8ad355374fe57d608187c0cffda6b07d5e863efe0b4a8652f2b017f92bdb066829b8f301ef28f262f6b43a75d1da18f6f6b793a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
3KB

MD5
f2656b28c630e436d08685c8017c4911

SHA1
30a1bbc2a126300f30c05af96f9a67f3798484e3

SHA256
99d6fe4b8352e8deac4dd9c30dd14978c7d617793df235ad7a9487adb847a483

SHA512
0d28c7b1479015982831c5cbd5ea9db447e558d5d1b8cae0f5094a1a93f17d3a5b613e0475bf9ab1cdecb7edbb1581810d9766ee8742fa96772faca11c07a6bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
966f6aa02c85690d5747980116e67562

SHA1
7825fbcc01b142a5dc402156edc64678c3841eca

SHA256
1f6a42a95925eec058adb11cc98d0ca307c07fbf378469ece0afce0ace41cb75

SHA512
be79a81c686ed16d50ca6ec8596cbe0ad5c810a60562221232d8cf1dc123820f211c0c1e1b3fb390ffd8e428848e17fe670ff7f0925bda0451348a560a8bae47

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
356B

MD5
eb1fb8c2e89392eb1e7563377738c136

SHA1
1cad4394e45b16ee92418d4ee604b051ab7bd261

SHA256
30bc3e79601c11eb706338ef912efa27a90aba6cc27fb0f34ab5f9e5ad66a5b0

SHA512
579a94c6ba9e49a32b4e3984b2a6fc50f02913339fad5e64b8bccff8cd48215c04045ac253d2da2346f53f7a3b5412512f23bf2d7fc01e08abf608b4284d029f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
7d06c0ffc978fc30e4f1ad6c91381e3d

SHA1
9baa1f8c0c41e8010317b45960f093f014d137f1

SHA256
8166eaaf1cf363974cec0822709b42fd5bbac312d46e2b147e65d3465939215c

SHA512
87bd4b81b8b92070ab050d41570df09c251c9203f0d6da292434a4d0be9dbf4c9f7824305993559482483a4e3b664e866c027142222af105019e5754c478b337

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
ef0cf5ce7e868c4d314932686e2e3c9a

SHA1
df5d8e89ea72cab3323fe36ab84141b068dac93d

SHA256
86770163164e9ea1b8910e0c711450b05ac44b1c15ff42073c9c322e7336993d

SHA512
e73c4edb9c9f4782f74bf35dba059faebbf0ae6ba8af71083261c01361aedc21668a7b73fe2da414bdcf08a43e04cd39075765a18c8bfb12ab6f4a8018ae5f36

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
933c543fe9d89dccd265aeb4237964ae

SHA1
2e0372d7e162ef74c929f07b08bb8a4f3d1ac2b0

SHA256
7f95dac1a4a29b8407ae549863a4fba3ab60ab6d42ce05a3fcceb32f711e9afa

SHA512
c6bd6ee0f56bf9428d6be4d2ed7661c71d0f1c6b756e1c039a135b27d00b96e3f2f803fb071c8ce4f5d84301d7bf9f7c5b30768af3ac0ff2b15da45d4af23717

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Trust Tokens

Filesize
36KB

MD5
767a7db34589653629c0d4299aa9eb7a

SHA1
57375ca0b80b3c856b76b3b080270686c90ccb8e

SHA256
78a4734f08b47286a3736c88c6fc481f76bd2b1a46e29d0920939f088ce899fd

SHA512
a01b63edaceab16394320bd2d9152faac7f0c3971001049e8e931b6403f97d8e5e6f4e9020a446cfb573241321cfd26c3d982f30139799fa7fc32617cd1ec859

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
7KB

MD5
79612874de0bfbe117fef897391d8beb

SHA1
720f8bed49025c20100bc5cfa0511388aa49e804

SHA256
beef97a89b0015b57d49912aa087e44147d8c476a5973df7c40e056f0fabffd7

SHA512
4b4a170efeb1d7bd060747f76e1bd8522966d3985bd719f4ac450901fb3eb32eacb00184f6fc1f7e8ddf0728695003b0b2146af1a0289e1dd6cd6de56fbdf454

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
152b0e32c64ae79c934504575abe9f98

SHA1
d8c7e5f18fbf8c3535c2f2880c37ac308d9c62f9

SHA256
355e799cd1f33eefb0606249db6c22c59ddd9f1126d7c980f003e5d9844c3101

SHA512
5367f68eb902987fe47849217df888569b89465d8dc4b4dba4162a3139957c5dc6a8d781c86fe4e49d6c79e6baa8919386ff328979a7de5b0fd51403596dd4db

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
5e34a9738d053a39ca13f3ff890ea4a9

SHA1
e1ecd5914d059bcab889d2c0e0af80893f8804fb

SHA256
2d225ea5e152cdeef983931e7a2fca5491d242c64ff28327a2a19046398ad484

SHA512
40a0d063a5516018e1914654939054d41f9056a4a81720b1392dde8d411b2e355650a92bdea95862863e14ad389782b27ddebd11cfe756fdb8721cbe46b40aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
c8442cdfae7ce8b4d7cef46a9b2741d8

SHA1
1d3541b14f943ebe44bf327812dcb7f42807f695

SHA256
ea2f390646419630e37dd26a8d0afd2553f9a8f0092d784834eeb2d136710608

SHA512
406593c7cc1bbf4ff5253b262f4da012e0c9074d5b400bff19d6898c41e1de7fe22af89ebc027b1a896ab505853d7034368660148c61d4755d60040ab347e750

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
cb1b55547d245f716b97adf57969e66d

SHA1
baa715b0e37ba0c4aa4f158ac5f1e990f52d8537

SHA256
ddfc90717b9f31bf07e1056b6e53c4779d4722f1160cb238641021995f9b3750

SHA512
3b076ab5fc3b97549d1030bdbe18a2e0d550ce87ae3b0f5c4a7c223ce64b52fa45691a069029540586ae3ec5bf6429fa7f628048e559a0fb7c4d13028fbcb245

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
59e209398acb99b756db7e81c5ffdaa3

SHA1
4f9f19d56e864e53f321a6dd6487fbdf6c06b3ba

SHA256
9008288f8321c1fb788fcfb41bdaba16fbeddea5bf471b24fbda2bed67e0dcfc

SHA512
48b23e24041955f0fc1af1880f9240e30ea7b0eab1d25c10cc1c42d95e85129525ecc7abbaa2230f891e8751b22a725416ee6abb0cbfbbd18f429262cd2010aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
fcbbc835b0e1ca43f8fed4b1b95c8e22

SHA1
c83fc518f81199bccd1f79d5e51b5c9c720b79ca

SHA256
5e608f0dfc25c29f6e314b6eb64353b56befc879d9ac30139a4a440539ecfa24

SHA512
58184b283e7109d9c3e8b26eb8439e3808efc0f1d5673da9c8554acdd9e6edd6c24fd89c0d865f86363131cb5179b9b8240cd29a76df05df171664e6182d6bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
19KB

MD5
652c4fd63616a1768ae6a9cb8f080a40

SHA1
e25beca93ff21b36fec5e0515caa7e35c8426d81

SHA256
9790c99268780e01c73f91401600664439adaa0805b431fe2d4eaf9bfa0e2546

SHA512
b52b4a56d449f4651ef08f1af9d272da2e95914a904a2bc12caf0697620e4f9e06f8497ff8fb85348b64c7a7e4347e60fca7bdd99a9b5867114ccc942dfec879

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
590ade630d938887d8062952eca87083

SHA1
894f194f26d9e1b993079487e747fc9f511bc0df

SHA256
e2b77d398d685f241efa96376789724c8356abcca675b2460f47f81c963f9226

SHA512
880bfa16a0aca43755a8ff4d112ef203c184b3f1a9a97fb4516ba13e176ff0d60dff73a433c8fdeb455d402ed48af34652ae15b7014924a0ef917a8af21ef7da

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG

Filesize
333B

MD5
90f68a860c62b9bba4dc2a37a56aadb1

SHA1
77af4e8bd7b7b35b27a8e4258a8ed1d044f22706

SHA256
f8255e065face1c9ffb58518212493f0c147833edb4bc1dec578e3643a55be65

SHA512
f5aa8e94898ccb960fd8b4b3d397837e528946fc7db72f6fdca931e0a891b2de5c0d0fd2ba78bbd2c3d49d777b4ad8676bfba27e23e720a23070ce872cce30cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG.old

Filesize
293B

MD5
e6b374a47fb411048ac9f15a9943cd85

SHA1
59c460012ab5e8647d159b091f3f3bc97dd11ab0

SHA256
18c9232043b6fea765cc6655062942cf5df248c6a0dfdc20befe83907bb24057

SHA512
8d87198084f9d785f1e1e9480b1e02595c4be2ed27d694acc818202130b513ce3c147caa1f4bb9e42861774dd4f3166ee2562214ddb0d38b05a7c7312116be1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
36fc050488edfeca682dfc4e04465cbc

SHA1
7bb294827e18189781a45de09f4241c481d8cf8c

SHA256
509cc73e2806fc102e76f9409ff07453a2b533b0206b4f90fae2b7236d140e8c

SHA512
921f357ea0c7f42ce729e4b75589879cc9928eca1bedc017ab697dcd1cc5d8ae4bfc0433ee742f15fc3b8818a76f28662202b22645cb9882a116c75599dec8d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Filesize
256KB

MD5
f465c7fc46a3b39d88c605cf15248a44

SHA1
53adf7dc6a5f679af4ed5952fb4e62cd828964d2

SHA256
0f6faa233d1f0b43dcbb8976f8cc3053cded63259cb5b494cf783d5c67ff0fd5

SHA512
353e0600f2b0e6eb4ef17c23a36d81a273c93cef783a4f7fc2c33d02bd2e3ff1957dd87707febbc621982b90508c287a45ddd2ec33e10bdc0983f2c65a92d4ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\db

Filesize
44KB

MD5
491de38f19d0ae501eca7d3d7d69b826

SHA1
2ecf6fcf189ce6d35139daf427a781ca66a1eba9

SHA256
e58156bca5288238d341f5249d3b6c91ab37cef515358953b435339100d0596a

SHA512
232f5df71e8ec35e500ac81aa54a87b3523fe8a32168096a2a76f08e5c7868100b3cdc5155786ead489aac440beee3f84ffa43d226a5b709c66012923b20c696

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
a5cab59a3edfe722cfbb4b18ce67b1d8

SHA1
0a48ba12a17f3df55a62d857409e4e1d4b9bee35

SHA256
6b888767d2e9d21050c1e152c01048a6db6f869a6f16eb4bdd4bdbcca1a778bf

SHA512
b045406e636cac59769481427701a46a8e45f265fd1652ad4df1bba00ce6fe977550328866b9fea96fe7c340a19f95cb4daeb2087931920d0d40169891804872

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
c1dfa3c807aa81424438c328c526f11f

SHA1
fd9ff1f0de43b5f869147fc68ec83503bfb2868a

SHA256
7993ce007e3ccbcf4975f2c2a5feffb7144432e3668685035ced15b51a2a0348

SHA512
a6e57a2aab84839b1eee2bcde1f20dc9d399f8dba02c7acd00dcf3066b3026fe6e551a0c274d8113af3ff3e8c5f1a213c763117647e04febe82f9acd32b00de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
283B

MD5
438e1d62639b85852cb76a33b0ee6609

SHA1
2f27638248d26032614f2c0dffc6395bb0fc2415

SHA256
2875d3e81fc299c066330b723c8352ffdc51c2e6c8eb9a950d2b8f424787ea65

SHA512
cd3b668928477c11bce19dda7acba37d4b642206aa3205680b975f99832f6de7b506ca73a41f04daf61cb318fb6f54d86936f55a7ff5f2fa65a566336273978d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
58c223d924608e0ab3eb15b7e515e3fe

SHA1
2a3b0c5321cb28d16e667378ae4bf94927c18cf2

SHA256
bf165666f2808f5347a9a36298f8687cf5048f6fc027607cea7fcf484001319b

SHA512
67c22344e3f4f38c07b7524dd6de666f77ef0a4126f4eeb2c8f90a7bad03db31fb9cb6e68d1324ab9a6d1f444409435c58e5c7889c16dd6d6007c7e943c02436

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
114KB

MD5
ab87d892a202f83f7e925c5e294069e8

SHA1
0b86361ff41417a38ce3f5b5250bb6ecd166a6a1

SHA256
bdc61a1c60fe8c08fe7a5256e9c8d7ad1ba4dd0963a54357c484256fc8834130

SHA512
f9a03eaae52d7fb544047fea3ffa7d8c6f7debdbb907348adfc46545e7b6c3783427983f16885ae138e43e51eec6ce73520c38581e4d9bb7140beeae2137de41

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
aff94e3fb139f34702bd8262458ed04d

SHA1
4a9e7fa5b68b4947e954639940596cd4cbcc772b

SHA256
08dc5758cd6260909bb1ab420032543ce161793b8effe411126fc8b87e5c7617

SHA512
c9630a41efc16746a5086039ac208810167333d7001c69e88eea0f11b0ea34f2cd26110cc7c4e8ff82d111263749ca0b8ac121b70d84c6b30b6acf92a35e0165

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
5b5335f2b50757a943f812f586f4d884

SHA1
dd5a28195edfcd75c9072562c1ca8ac92a7f3bd4

SHA256
6d802a8c6c05511c90f32606ff80cb977aaa91a504bf132eba8936801119485a

SHA512
66c40f7df03f9a4e59aa2e7fb6c1b4f356464329825cf150c32ed7fac6dab827bab99855e53e6a4f9518c42812c41d7f1282eefe2e87eaf470a889a04a525762

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
9a63d525fe71a27d967669e4dc653cbd

SHA1
769a29e1b98728d0783bcda442839cae5e93bfd0

SHA256
029988475b8595d9d76c6d7ad5f6ffd08bed7907229e23e134cd0c4195c649e7

SHA512
9c10613710c5c2c0349d1c2c854de3d2059d1742e20694005d6cdaa373e2ff56c7dbec8de20973e53a4a4b9b6275fc9e82e9820580b58d9e3e3d0a5f8a17b556

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
248a73e44a2003819e668f1cda1cb496

SHA1
6772a34a83eb5eaa0b316e87492463daf889804b

SHA256
64260647e4a71fffc3e6be20c7fa4999aecaaf9524300aad3bcb7adf4a72a150

SHA512
4ae37f49a28f6e6a76e39ffd99f5dde4b16bfd1463aeaa9b2ec336e994c1fa947d3be67b29d7062ebe82bdc97d909a3f36a283839840ab7f5996c3584f62b06c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db

Filesize
28KB

MD5
3979944f99b92e44fa4b7dbcb6ee91c2

SHA1
df2161c70a820fe43801320f1c25182f891261a4

SHA256
001d755b2b560945440023bf4ebfbda797cf5106419ac7dd270924b322f3ecf3

SHA512
358e6dee698a63c2490c2fb5206516766fd8ace8f3d523509c29ff76aa6a984cb6381468f15bb4b9c084d9a470298b4cc11b0970e671ce0316243069ac4c8590

Download Submit
\??\pipe\crashpad_2312_NSHGOUXYNUEKEONO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit