socelars | 69a72e21fee186b463e8482284f561e68939e0376d1670838b28f092388322d4

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Size

1.4MB
MD5

533fa0fc69c4a516d19c15cfb3490732
SHA1

795de8ad6c4363c6e21a5df0dc619e6173cd73b1
SHA256

69a72e21fee186b463e8482284f561e68939e0376d1670838b28f092388322d4
SHA512

9af2503285cca92524c9c00ec9e5547dcbd78087cf37e4af48e0e7f328aa3f619637c21b780fcd73a5055ae1a535cdbca04165686780b573c75badad22e7383c
SSDEEP

24576:yIA7opO13nWEjukQuzHVZ64lEq25RHxrFCKezViURT1jS7VQ+IB41Cf6:27op+Weu+zHj64ENRhCHJh1jS7y+IBOT

Score

10^/10

socelars discovery spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

Processes:

533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

25 iplogger.org
26 iplogger.org
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
25	iplogger.org
26	iplogger.org

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.execmd.exetaskkill.exexcopy.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exexcopy.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

4012 taskkill.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3652 chrome.exe
3652 chrome.exe
644 chrome.exe
644 chrome.exe
644 chrome.exe
644 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

3652 chrome.exe
3652 chrome.exe
3652 chrome.exe
3652 chrome.exe

pid	process
4012	taskkill.exe

pid	process
3652	chrome.exe
3652	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe

pid	process
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe
3652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exetaskkill.exechrome.exe

description	pid	process
Token: SeCreateTokenPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeTcbPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeSecurityPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeSystemtimePrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeBackupPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeRestorePrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeShutdownPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeDebugPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeAuditPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeUndockPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeManageVolumePrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeImpersonatePrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: 31	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: 32	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: 33	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: 34	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: 35	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
Token: SeDebugPrivilege	4012	taskkill.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe
Token: SeCreatePagefilePrivilege	3652	chrome.exe
Token: SeShutdownPrivilege	3652	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid process

3652 chrome.exe
3652 chrome.exe

pid	process
3652	chrome.exe
3652	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.execmd.exechrome.exe

description	pid	process	target process
PID 2800 wrote to memory of 1548	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe	cmd.exe
PID 2800 wrote to memory of 1548	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe	cmd.exe
PID 2800 wrote to memory of 1548	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe	cmd.exe
PID 1548 wrote to memory of 4012	1548	cmd.exe	taskkill.exe
PID 1548 wrote to memory of 4012	1548	cmd.exe	taskkill.exe
PID 1548 wrote to memory of 4012	1548	cmd.exe	taskkill.exe
PID 2800 wrote to memory of 4976	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe	xcopy.exe
PID 2800 wrote to memory of 4976	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe	xcopy.exe
PID 2800 wrote to memory of 4976	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe	xcopy.exe
PID 2800 wrote to memory of 3652	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe	chrome.exe
PID 2800 wrote to memory of 3652	2800	533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe	chrome.exe
PID 3652 wrote to memory of 1312	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1312	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 2860	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4832	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 4832	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe
PID 3652 wrote to memory of 1564	3652	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\533fa0fc69c4a516d19c15cfb3490732_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4012
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3652
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2998cc40,0x7fff2998cc4c,0x7fff2998cc58
    3⤵
    PID:1312
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2080,i,10433097353041804360,4586066743795115931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2076 /prefetch:2
    3⤵
    PID:2860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=1692,i,10433097353041804360,4586066743795115931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
    3⤵
    PID:4832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=2280,i,10433097353041804360,4586066743795115931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2664 /prefetch:8
    3⤵
    PID:1564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,10433097353041804360,4586066743795115931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
    3⤵
    PID:1860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,10433097353041804360,4586066743795115931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:968
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3436,i,10433097353041804360,4586066743795115931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3544 /prefetch:1
    3⤵
    PID:3068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3552,i,10433097353041804360,4586066743795115931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3600 /prefetch:1
    3⤵
    PID:5020
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5220,i,10433097353041804360,4586066743795115931,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:644

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
15KB

MD5
d8aec3a4bdf61c2db0b64604c75265a6

SHA1
b9e7b121a8372588c8062225bb0e3a2fce5abb4b

SHA256
069a445d0c74487469c5ad686430f4f9edd6f9453060f8a48c0ddf5e07450b41

SHA512
84f45a0b9406a16eab29586e170365ea8a5216f25ac102d57f0a681f425627fbfd2a3c88a88c4980b8f3480d4fdd3325910f5915cdc05fa3930e35b0bb70600d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
26KB

MD5
029c53effaed86331055c63d264c3316

SHA1
859bb39d27b462a73fc9131f694b69c8c118b3cf

SHA256
3c1453cb6fe4c7ae8945d96db6c19e3eb58702df65ee0244f8f2444b20e93068

SHA512
68d115d79428c906ca377091f30c207de92ee9450e22e94a35fd7753547cb582ae36434595f1c0e444bb19d5c6dcc214fe58a9987f690486800c8ad91c9642d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
0d85650874c4b164e96548d49900eb46

SHA1
baa87e37ee0d3badcd3e14662c6e9930b701d7d3

SHA256
10e02737fca6aef5b1eb05c29558a74cd0643ae01ec56ee42218cfe74fa208a5

SHA512
3ed08f2a32461f3db62e6f59c8fba0b417dc54d3b498616cc50fc9cb514cc89d06c10b1e5a605e508826d43d3f96c5bbd4bbc8cff2f84bfe975bcfbbbcd287a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
9a31b075da019ddc9903f13f81390688

SHA1
d5ed5d518c8aad84762b03f240d90a2d5d9d99d3

SHA256
95cf4025babcd46069b425449c98ed15d97d364b2461417caa9aa0c13cb372e1

SHA512
a04726a429ae727d685f0836327c625d2f18d6327253216a9a31265a324b68b06bec4e7f1b744d261a0e67fa0a90c43719aeda9d2998f42525b0ff5640c7bf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
6adcd808d1a2a6f9ebac5f805cd220cf

SHA1
0f0e1fea371ce8cbc6cf270c6863f9dcd546e4e5

SHA256
3bed64a9bfe94bc32d7519e6ab1132f4bba27029407c0d710aea073b92b4eb26

SHA512
bb11c7df6fcd3f7a66c3a5c9445084e386e0db6579c5d2b4480f6381e8f41b945279e4c9b2753c134834e5c25663ad6368b3af41ca9a018d7713fd184cafc48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
a3909f6af1378b4372029c2ff4b5014c

SHA1
1b92ec4dc2d4bb7e891df71af150837cb9cba1b0

SHA256
a5b0d9478ab7b4959318a56446925780e0b890911649a76bd0d04a036d6a38db

SHA512
bcd9a6ceff5a348d9959d9ecb537c5617380f390b60a320f6caeb9758e6084a50203e7f98c8e7eeac3ac20904fbd348fdad52faf3af42c1c9def5aa03ee459e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
cc139f920d773811ffec1bf8b65afcee

SHA1
2fc5fd63befc70349a6b09ed9d19fe4f17db143a

SHA256
b9456aa88e9aa4c7f4533e2ea39309121629b979f03e0d3c8380cbe0c996ce53

SHA512
195bab466f1ba0af5bb65fa7f0a7e797626443766a3f5cc904248302bd6e52c3d9b3a1eb4d65c59b62a14099c151973ca4a0c3c203bf9ab0e5cad853f9ac1284

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
727ddba6c69d2e855820b57ad8a5cda7

SHA1
2d53b1c7e3ab91a0c3a33cfcf75b7d9d3bf1e202

SHA256
20b34e761ac58e4c1d3be056e0ca65e1372143e4dd4fad25c19f1f45f2e2fc19

SHA512
e3137d4f4b872046c2c0edf72b4a8f14751a2f265ae0703409a78ff2bd54f877924ec445b550e69d09171503cf47e6ddbbd341cfa7e935fb985add2545d3bc98

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
0fe9e6bafc95c6eaee1a28c75c201ec5

SHA1
f78021b6a4bd23cf3f738311e43ab7390daba4bf

SHA256
b056794af298e9e226b78a72e88867e64b22423e701a911c507d86b268d8e4b4

SHA512
c8075e7d736df1968c4c002734b959c605d6e66cc9a490340ca8165615d508c3b548ef7b932470f477a602b175851d7cb0217a5fab94217a13a42e2c3a1b56ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
9666d74b18f57389ee2d3dee5073f71a

SHA1
1830bc2670e616a1da1af27157159e6677a5ad63

SHA256
6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae

SHA512
69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
c2398ef980baa21e56558a1365adafaf

SHA1
8ca835aec2ef71f2707222241abe00bcfe7f9fc0

SHA256
0aaa40e6e0971d88ad7da9a316b242718cb4ad0a96f9d00eb39c4171b9160c43

SHA512
1b8602e9f58a4c2b6379e79a56f9d427791be2ff626fd53dffcebd3c729fccb50ec6b47725d6e70a843bca51d4d364886deb6eedd5a30adbb94137489d633b8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008

Filesize
129KB

MD5
97b9dbe5331b503807c2e3ed523bf8b0

SHA1
2329aa2606034d5c1d0cc948d3d967d10e377573

SHA256
24d693f97cdae89f1684657f598e03a951cbff383f99f901cc7259c22a3ff43e

SHA512
d7267c85fd1080d671d01daecc120724733340d96f1892cfc1bd88d59404b837f88191a360f9b0cfd051272abf1e6c2c562d7f390a4dc76c1a7cddde0492b35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000f

Filesize
17KB

MD5
5a3f455c25f945a0270cded54c282f25

SHA1
440c7c856eff4de60bf58790baadd8d8c9895c30

SHA256
e3bc6c79ea3c1a2da587c38337ebe6c2ef52018957a941fc9b7f646d243b9251

SHA512
97e5bb73f0b5843288b47e1edff9d6416b2c40b85907b7cf114863bc15d3af90971cad45aaf1481838d5a5b690f7fd0c9c36099872bee70ffb72f31639b852c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000010

Filesize
55KB

MD5
415d201c414b7ab86b53406fa06548c2

SHA1
fc45351471c23a28de9629be74ae685bcf733ef3

SHA256
9249f83ee6cf2f6e60ee501b844735315c626e34d2a6678ab9690cb3ad4f25e3

SHA512
1915bf1af8499b0af6257cb4ba2f5e424fff416cf076d64e48c93b810e8e2e5e6984f96e14d8eea29dadbbe10590322a0e0f33e145f817a805b1350d9b31f9da

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000012

Filesize
27KB

MD5
6508e2a5b8172772bb0bd2df73493db6

SHA1
b69ea78954e40b8b17f9fdbe46c33054d5beb419

SHA256
239142f2d191749d335e0004b7c1e8198977cfb0608de7fbc873c7e55f98033e

SHA512
1bad80c417dadc4fd3512744aa0fdcc5659c5e099815cc5e0698b67f5aff98dc45d869f402ffa756d2fa489bfc1c0cd2877c85051fd8d4ffe37c02fe44d9e988

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000013

Filesize
73KB

MD5
d24775a71047623db5a029d2a29eb48d

SHA1
9f89c8371a8b70fbed98be0acae02a7c068c9b7e

SHA256
0f40e5333e95bcc321b57f7611d98850a6602fdc682480ae4563dbd0829d1c06

SHA512
1fe8a2225cd787202d95430534722b82e9da7e1dd50e997ae60152fdf837e7d0ab87576e4a1b28b24a2e1e3abfb014dca65b6f930ee976de2deb71e5c290e0fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000014

Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000015

Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000016

Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000017

Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
b5560a84d81c538a18e928e75191e565

SHA1
dec318d55151f94a9d8815c1f4bfb749b7c4c3b7

SHA256
6b9644a3bef6721dcbccb938645dc3e3ebc603c7fe3fa0e8f7d19b5d1b5c07d6

SHA512
9697c303e30fc23018672c5bfef9f97c0a56684a383ccb3733a7192b0be290ad7348fa8c8b1c416bc9e4cab9cbada3d8b8e4085d062350af19dae99888e9ee8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
97d3df416dcc237466772f1ee378a14e

SHA1
caca4e0be21301090c1b3354108034d1cbbd75ae

SHA256
475f413e9454bf16c219397e0b947f5f8f4774da10e4ed44b8cf28dce973ffd1

SHA512
8d92a50137e86690b1f33b14698d282af223f13934b33f35a535ee469323f46457c87ad20d4a663f5579e5a4e5fe060e66c028916dd668cb29c48eddc4e0dfa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
906eaa74a13c40284aa06c99ceda0c0f

SHA1
4c3cf94863bb777b78cef477e7c7a33d6ec8fb05

SHA256
97321aeb9274b1dfe2cbe4c60279ce948a1d716ec11db82a431d927eeaad0b92

SHA512
e0e71463d84840588e92e5a31bd7848e1b82717acaf0a4922121fd9a12d1d9c5b8441c2fbe59c80df5c6f66b6338f559cb87e1fc0ebda8cb39c803dbaae3045a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe584d50.TMP

Filesize
96B

MD5
e9ee2e5ed243f35c12103a0b528c0b2c

SHA1
bba3f7649642966c920a49e5df692a84161818bf

SHA256
1a7b5b1e165310aba181988f35ef089634c52981745996fe758ea3e1e0214ae0

SHA512
a70e9eca2752a01265c91baa9203c25ea755cfa56062597cf607dc559af9ecce15bfa2512574a8982bd560d228f0a6040cdd0ee7188ceb15f12ce6b66770f2f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
2f8948f690a4e808b6e42e6f2a8d04b0

SHA1
0122542c3af68af20b3dbda1c18f45216d65adaf

SHA256
23c063dccbffce0d7d6aade6b79c7a241b4dc5a9b69bd6183019afa86d2e362b

SHA512
92a5a7f6501fd4d8a46a87a95dee475bbd2aa6a8077d793908dd2969a60347fa4b9fad2317b7eeda08f90ca666bc8798204f1ab3dd55472ad8b1f0d0f42eedbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.82.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
b40e1be3d7543b6678720c3aeaf3dec3

SHA1
7758593d371b07423ba7cb84f99ebe3416624f56

SHA256
2db221a44885c046a4b116717721b688f9a026c4cae3a17cf61ba9bef3ad97f4

SHA512
fb0664c1c83043f7c41fd0f1cc0714d81ecd71a07041233fb16fefeb25a3e182a77ac8af9910eff81716b1cceee8a7ee84158a564143b0e0d99e00923106cc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
160KB

MD5
f310cf1ff562ae14449e0167a3e1fe46

SHA1
85c58afa9049467031c6c2b17f5c12ca73bb2788

SHA256
e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

SHA512
1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
531a2e050215547ba87cc04654169f2e

SHA1
d94a56defce37335e582980024f84842dec60b63

SHA256
f82d07e1d85bb50b20bab448df641106ebdb6519496bcd194800674804bc81c2

SHA512
87c598e83064628589fc79ef4d14280742c0c0a6f32fd586ad2521c7272053daf3d3752dd1c2a2fb5e9ee8b5f78042342d3ec25776381345b68ee3a83e1b4c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG.old

Filesize
289B

MD5
8933ef3b44cd9ff02d0b44584b90eb80

SHA1
6a5778add58c263f753c1740b5cbc6017ae7088c

SHA256
e5045366ff7bf819e595df222bf3752340e21e229d8cdfb5aa1fc30c5c73af08

SHA512
6bc9480d44b4827ef143127b76f51e2c82251e92c541b9c522e63a6a281b545dd9eaf3721a3f6392dcbc363ebeeccb2fbec1127eb0779197ce387968e4a4b94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
71e4327ee0836e90187727e5bde406cb

SHA1
61ab8ff023958d170b4bd22e402d1b1828bd90c6

SHA256
0e87173bd895d491ba2baf652a7567ce0c9e4398acda3dff705c08b8f151ffa6

SHA512
2a48444cb99a589961e46158ac7c2f27b7a96aa8c52ec241385614cb12d08144c3b57d44880e9824034e465b32873863d41ed70e86ef94e41257c53386d1c2cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
753dc3e13034bef9a57cf1edad3d1ff9

SHA1
6768a5ce9f14b2dbabf3954ebae2e38d7e387cdd

SHA256
adbce39bfa13a92d907814cd440804b50efbb1a35a8252c62ebdc302b6e7b764

SHA512
efa6fdf9219d95d7b583f2129ab0a01a57ac26f7b84ea77dca830734bcb65f903e91cb017018f263c108fa02ffc200fa69c486b75243c6b18f4d1049c76ccc82

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
3KB

MD5
bc7d6c8cce13f5307ed5d07d2cce6a06

SHA1
172422018b36ab9b94be97e4f735d27e5c7ee78a

SHA256
53f6de008a2128c3773fe09e7c951f608c0698896bd4ac65bce419494e6b2f1c

SHA512
8c3e94a4bce0f23327614c583d9541f754e999266a7619a511726ea876614a24d64764fb194b94229f95580ac42e1df6d450f5d5ed9cdf869e978f57a4435297

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
0e6a0113314e2b6453f3f502d5178031

SHA1
5cce9a69b49359783b4d45a8ce1fe2cdbdc2c371

SHA256
d3e25dcd7f893eb49d7484811716c0ccbb7c41d01fbfc943d4a55bee10a14e70

SHA512
e53134323d626faab416621736e08ea0003dac5d8878f8336b64482cef3e3e3e67f611745fdb9d1ce4857d9053602ef5f290cccbb1ae685c8658e92497a36edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
356B

MD5
e884bd43df9468e6a4c699e9e853ebbd

SHA1
dfc970a6aaf5d6633cf17d829a1786f13b065c20

SHA256
170d0d4290c8ccc2fdc30b56d7740ec9bf66e100f43c672ec98e56683adc376c

SHA512
3e94d24415b4048020b26d1b73806f0ce54b30016a9eec50dfda12123df225a7e1f95df790acc1432e700760f767fe5855da516ce653e3e6494b88f3fa94684e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
691B

MD5
4e55bc501867d243b7452969c1c052da

SHA1
0ff93f5a9bd09dcc12fd3bf3d12bff14effc93cc

SHA256
c00562b3b1607411bc523540148913ffc5743079f21722eb3edf9f6156d7c9ab

SHA512
6ddf099d10512d6bed242d148ce5c8eb214cce8f0257c4fef2b4b766b206f662f7f08a97a85bbef42b4901b99d70d46e8a2e18367105b8dba6ce60b5b7e28912

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
691B

MD5
94f2262d312ed335b2ab78d8e926bd83

SHA1
f7faf7e86cd13b8a6130e8d1d6f001512de135d4

SHA256
6ab9aa4f1ea61720f6d0076d2a1cb1b24a05143b1a82c179f2542728b0bf337a

SHA512
4fbc6d671c3e9fdaf7fc8ddb4cbd44ad6c5f69c67808442083c418e0d3753d5241dd2ed23b3c5ffe53ca18cf1f1d590247ecf34dd2a9a1b190d14105d1daf47c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
691B

MD5
d4b6464dd3e7bad39d448296ad9d05a8

SHA1
fbba56f82d3cdd28fd218a918e2bb22dae888d87

SHA256
a9c1af15c02a06577bd5def2cf90be5033cc8c8dac4e789434bc773b9753516f

SHA512
0954757fb87c333257b6d74ca0dcbac367fdb8a02e8c17a828ecd4093fe010e73a5325f2662b17333e5221a53b0dbca8389ea1276d9c6e745d651cf5a7441519

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Trust Tokens

Filesize
36KB

MD5
767a7db34589653629c0d4299aa9eb7a

SHA1
57375ca0b80b3c856b76b3b080270686c90ccb8e

SHA256
78a4734f08b47286a3736c88c6fc481f76bd2b1a46e29d0920939f088ce899fd

SHA512
a01b63edaceab16394320bd2d9152faac7f0c3971001049e8e931b6403f97d8e5e6f4e9020a446cfb573241321cfd26c3d982f30139799fa7fc32617cd1ec859

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
7KB

MD5
5d3eaa89311fbe963624502dacc5e6aa

SHA1
b50258fb9f5d6ad36a4b2575d91dc3303ae2feea

SHA256
201d5714a992281343cc63de661336bbc2f39caba8a70f0c40be84d84c42a941

SHA512
0384509a839a3f13032beb07036278589a4be2ce5c1ea87b49cc540f0fcdd908e7200123236c54104809b182888f27ea33cff701d89f083b62c1f6143c2ffb9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
e60b50f310829d765d607eafeb093907

SHA1
0ae335e03de7837121194ccc09801bf3fc77835d

SHA256
a130dff292c1a7fc21c0b56005df2ff07a85c6c7a3906cdcd21aed9eb7bbc2e9

SHA512
17d140f72760801164ffa6fe31c8f3d53f52e1bcebe581f6a57e60a6ce22c40c92500f1f8299079130134e7771a15ca96b1c638cc9b1f6304925daa1be57e207

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
d71da8f0ae332694f32ce7abbc674cf3

SHA1
c2a39b66da203d6cc86948a1e1002da6e6414077

SHA256
f3e3e7552d6520acfa21730d1d05718d9ef85310918ba0ee115cb5095aa13545

SHA512
d6f3baf04d1e7e879a3e50711cce3cd06289a1faf484c839add852c70c28de325fc220207241584f71702bb43bca8a9b0f1ebc8e3db10ec0700fa18833869a94

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
0bcf4585158454e9db24b434c861d595

SHA1
8717c7fd5d27814872fcb95742d7d610cb833daa

SHA256
ed741e0614d89c9810ecea877a765bda9bc0a8c136af369d88191d500beaae68

SHA512
a1926e08c3103428ea00a8ade150993d397a3de8846041613c835609ca8e197c362bd293ff959c9a0c1e60c2044d990d6b55b4702912814471ffb2d2ab8c6e4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
8bdb7d937a3eacdd574d6338c46e1e30

SHA1
907bfac196edaf179011338d3ef6989ec3fa0e0b

SHA256
7217184bdbb0da727047c281ef7f1b0059b8a14a17ee4e9e3537c9cfeffd9862

SHA512
af0de464f9fe44da3d348bb43905cd46f34faa13e3f8eacbab6d727de0ab2f11e8a486c9594d6db19b849850e8003a35d331d7559fbcca3594c9641c25beaef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
baec8241ca825d710bcaf4f1a9b52adb

SHA1
d3525b5d9e0cf07edbfc8f36c5bbc6062b8377e2

SHA256
75f52451380f8527e28ce237bd38a6cbe4383794798c6c67cf73c6b83e9aea0b

SHA512
45dcde33f718de12750006f7ccd11e7233ef20673f2a8ad1bd793b23a58bd42c15970c78b333dc3bbb2886e13e649914ebb8101ad1ebcbae6ba5ea12d818d986

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
b0369413772030f887f51a8cd8e98446

SHA1
6eb15f104a96b514eb4cec600dada1ff025a93dd

SHA256
e845a448e13695f28e43e5f664ee9e37fd40dc07b14974d9df8d816fc0b35359

SHA512
b66787e1e1d182dc4a8d17469d2f643be158caa943f6065cc98c756950f78eb228fe29fd53c01960af22712799e3ed5a7f2b242b75454808f58fcc20d4a6920c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
692d0226680851f73da56ec95c3df118

SHA1
a9cc5d22ce59ba15230b966ecb24d72e9a5338c3

SHA256
6158229788cc26350db351008d27e527bac2fd20cfecfcd0f79713300f7ff695

SHA512
7a5d374d35ff594c560575b29806209dd9a4e7d8ac69295a533b6d78fc85fdfb8b483e4e4f46898fd680ed17e5b886aa6a4bf0a90eafa63a7956fa855b2406f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
19KB

MD5
c07bfa0f555a696ac37a9f443ea3b550

SHA1
d301c80dcd83eb85ba8e0f82dd7361e32483b2e0

SHA256
90147444877431f6e210ce54e53c369cc99ed4f6ca80ec96fa45bbd7c733717e

SHA512
c75c46e0a0de0e5d3582b3706f2cd5e5f365f73a7c6cbaba39259356e46f1f92006124fdbdd81673990f15d99f9dc0526a1b7d0416251c203998b55cb5527fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
479dacf01e2c1d1cd281d2e69834b78b

SHA1
40fe4fa088fd4dcff8b5153990673fdaf9809fcb

SHA256
45272f51d22cbbd100c72b7c9a00eddb7796bd443ec678f097caaa3949d24442

SHA512
dfd5def405b5a26e53979007238083e641c123766e3012f3d50336bac090242f30ed0bf1f3b855796f7f1deda3efb8378f6259640b4e1bada96aa79dbb0ce3e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG

Filesize
333B

MD5
078a3dd3ede82d38cd41382de829e5ac

SHA1
93414e9a6a3917e2566445d36d8de3ba4ced3181

SHA256
0eecda8873657ef714eb8e427b31825aa79dc92bdf221e6067b387f540381d65

SHA512
df57feb25acbe140e11f276b8321d2c6ffd57bfce0905adeef86d52ef6e3e6c376d8e42076eec9a391e2dce1b1137548ac2149fec1566976b5234919c2d68a14

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG.old

Filesize
295B

MD5
243e24acbcaeccabc79aa7b489eaa237

SHA1
ebd7d1d70ac80a1f32607ddeb4b8989532c21bce

SHA256
8b19913177c6e840f10ea3a9c14f123459a6b350b5429f4d08a2495ebcaf627e

SHA512
d32de6cc9fc39e1d173828feabc6e939c1f3d83f10bbf5b1cbc30084973ea6976ca6ad1eaa8dcab8fcd6d4bfbef64bd38bac4f38fa7cbc5c97ee84fbeac5b2b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
40d150d5cfc93c8e4a3595ddd87951aa

SHA1
6064a21f429f80dcb5999604163aaf4778999b68

SHA256
45cbd0d2717b68fe7459d4c1d807c1c59e4fe0beed4b3576b4700e6222a993c9

SHA512
d0a24121c8d135e39c129e2e4224f87387c2082965294bf896d0ce7ece0af3fccc62405a3d13f6e4cd00e7e2e3d19ca0f86a3b3cef155b08c883dbfc6d553a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Filesize
256KB

MD5
ee5562aad8ccb6188477b5927bc6d6e0

SHA1
cc1515ec3a4829d35e3e9b31b01a813fec5d6c2d

SHA256
994a828a1befd222a2d64207d39eae6ecf64ad0735e690b8eb947e703d05f7e6

SHA512
9a80fd1fd780898df0dd4ff75ae09939f411dcf227d33b098448fb58d54a93386eba07cc20ff843464ea46067e9a59fa6deb1f065c334804b599de416c9e44f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\db

Filesize
44KB

MD5
491de38f19d0ae501eca7d3d7d69b826

SHA1
2ecf6fcf189ce6d35139daf427a781ca66a1eba9

SHA256
e58156bca5288238d341f5249d3b6c91ab37cef515358953b435339100d0596a

SHA512
232f5df71e8ec35e500ac81aa54a87b3523fe8a32168096a2a76f08e5c7868100b3cdc5155786ead489aac440beee3f84ffa43d226a5b709c66012923b20c696

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
1783b1618c5c9c3db8fffa8d96af1373

SHA1
7096dddaa10ba2ea94b05b7abe3197b43bb17048

SHA256
0554f73859337a2ae2dec00a8264e63ef7e62040023990b9b69176f2aea94e56

SHA512
df4dfa20f1bde62d325d4017afe833691fd6c9f69aaf40b7aedf08c43553b6538cfed4ad3a3f746d7c3674808f3838b7c11f0fb4f4fd8fe6b08370aeb9651de3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
4e139c01f6856e1810ed5152f81774e4

SHA1
141676d5fdafc9faafc7b21f617211f5253aebc7

SHA256
026455f28fc08ae38660c424e387c8d0fb479174a3ba8c99e8d9639452e37782

SHA512
a98eab9e1db618011a9846cc434e53acebab09ef024a31b23e0a8c9c8ca2319a0c25258dbc3436200f177a40b0f3a5dae695c08ac1267912519d2d2dd1c1d6f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
281B

MD5
167ca3340cbc108d8bb86b3530324ead

SHA1
77f23606de7a61dc3aef55156e3eb3a0e930c12c

SHA256
75c36632a951a8a7b9370ef4bf3d4bd62607beda8d6784260afa3e7a40bf5cbc

SHA512
0a61ba98bdffad823524a0f7c95acfc9e77ac3fe974e3e8b254d19826ba5a63d283f5397d40b3ad6cf71c86fe70fcb0b848cff81ba391a91465f0b492978cec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
6bc18e4cf265d5bb256755fbf0eff845

SHA1
a9d5f117526be115731ac8e68005d1ee57cbd845

SHA256
f80ae0544e98bcb46f0810e8a182495a4d5e905e86885d5f0beb90292da808c2

SHA512
c86722424182d6a1ed587a11dd3402925c5294b1bb7f63a9a6ca40ad3a54d59055e7005db604c431a5ad8ec75a9981bf8e410e60e2f875221ce4a985c21c680a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
114KB

MD5
2dc3133caeb5792be5e5c6c2fa812e34

SHA1
0ed75d85c6a2848396d5dd30e89987f0a8b5cedb

SHA256
4b3998fd2844bc1674b691c74d67e56062e62bf4738de9fe7fb26b8d3def9cd7

SHA512
2ca157c2f01127115d0358607c167c2f073b83d185bdd44ac221b3792c531d784515a76344585ec1557de81430a7d2e69b286155986e46b1e720dfac96098612

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
7415272d87c21f0d3df8509c10f5e82e

SHA1
6fbbd067b24abe504b634092d26c1340dddb58fa

SHA256
4d46ed9cd46c81bebc999e82ed607c22ddde9c34342536dc66181b2a336de4cc

SHA512
e046d2d8fbbee3e78dadd480cd1917e2ee931f7d594ea9619243e50b3f52d08042c3296818ae0895a853a380bef0be267ce60fdf71ec2f26ab8f166c1924cefb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
1553f0490e606221d77272e5a1d4dbe1

SHA1
137045f846fcdbf5f57cf02d6872481a4e88f813

SHA256
6cef4784d9e4d601ce99922aa440f8ff819b7a80f9315357124084f4d8a8c85e

SHA512
0094d7b6dea66a233e8112975aecf9d25c1a82bf62169eeea2b849bf159e67b86ba87f2fd100813117c23a9267310087167cf9fd4d542cf740e1d79c40bbb3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
5fac3e8d0a81f24ceffa39b77b868cc0

SHA1
283c45ca5071d31aa4583bf57b18a47bb9658a58

SHA256
8cc8e090b01f4d6ae9d0a541b6de1523f010c65cdf7f7191dac20488c062922e

SHA512
ab288181862def2e371f224b93c94295d130f5b9a81e11f87121e2c92409cbee98dc27043c056a9564ef066fab4ea0ca854849859a72e21689bb2587a69b44de

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
f59229629d2e16607a60e2fd3f77737e

SHA1
8dc7afe80b11becd69ec32e32ce6a8386cb30ec5

SHA256
b4d916e5c65b93d351be6530ee714c776676c760c3bb94b2f94d25b22767a323

SHA512
39da7acbd5db2c4e5f80124474defc09b1c743414019348bcd59e84ec2e14dec40fc75ec17cfeced167f1b385969ea62838df4b8c2fb82a02dba8b0f7a7e2572

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db

Filesize
28KB

MD5
3979944f99b92e44fa4b7dbcb6ee91c2

SHA1
df2161c70a820fe43801320f1c25182f891261a4

SHA256
001d755b2b560945440023bf4ebfbda797cf5106419ac7dd270924b322f3ecf3

SHA512
358e6dee698a63c2490c2fb5206516766fd8ace8f3d523509c29ff76aa6a984cb6381468f15bb4b9c084d9a470298b4cc11b0970e671ce0316243069ac4c8590

Download Submit
\??\pipe\crashpad_3652_XFJQJCDKPXAGGCMP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit