socelars | 0046f06d419e3a965c3e115a64ec32c78e35004e344798d3f23d8f5248309284

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Size

1.4MB
MD5

a26b1a5af7e93bbda77b5f1639815d77
SHA1

38773c74da5bcf9cf59ac849507d5491ac13f838
SHA256

4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f
SHA512

68a484b2818dc99be4a32e6bc0fda3f98e9220bea1eb83d935b5a7010d15f6f942e4268117b7d085ee32c590c96bb105051199e0c5e621f449aba34d4ea95d01
SSDEEP

24576:F0tmpAQc251zzwym+vQgDrOVkpmCu+cqlbbu0ywIcbyjpJ76H0T6+rzJ:2tmp151Pw+v1DiVCK+bhyw5wpJ76H0TP

Score

10^/10

socelars discovery spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Socelars family
socelars
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	iplogger.org
5	iplogger.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
1380	taskkill.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeAssignPrimaryTokenPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeLockMemoryPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeIncreaseQuotaPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeMachineAccountPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeTcbPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeSecurityPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeTakeOwnershipPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeLoadDriverPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeSystemProfilePrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeSystemtimePrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeProfSingleProcessPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeIncBasePriorityPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeCreatePagefilePrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeCreatePermanentPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeBackupPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeRestorePrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeShutdownPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeDebugPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeAuditPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeSystemEnvironmentPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeChangeNotifyPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeRemoteShutdownPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeUndockPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeSyncAgentPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeEnableDelegationPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeManageVolumePrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeImpersonatePrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeCreateGlobalPrivilege	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: 31	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: 32	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: 33	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: 34	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: 35	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeDebugPrivilege	1380	taskkill.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2372	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	91
PID 2740 wrote to memory of 2372	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	91
PID 2740 wrote to memory of 2372	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	91
PID 2372 wrote to memory of 1380	2372	cmd.exe	93
PID 2372 wrote to memory of 1380	2372	cmd.exe	93
PID 2372 wrote to memory of 1380	2372	cmd.exe	93
PID 2740 wrote to memory of 4880	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	98
PID 2740 wrote to memory of 4880	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	98
PID 2740 wrote to memory of 4880	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	98
PID 2740 wrote to memory of 1180	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	101
PID 2740 wrote to memory of 1180	2740	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	101
PID 1180 wrote to memory of 5872	1180	chrome.exe	102
PID 1180 wrote to memory of 5872	1180	chrome.exe	102
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 4944	1180	chrome.exe	103
PID 1180 wrote to memory of 4944	1180	chrome.exe	103
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 3616	1180	chrome.exe	104
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106
PID 1180 wrote to memory of 2896	1180	chrome.exe	106

C:\Users\Admin\AppData\Local\Temp\4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
"C:\Users\Admin\AppData\Local\Temp\4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1380
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1180
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe08d9dcf8,0x7ffe08d9dd04,0x7ffe08d9dd10
    3⤵
    PID:5872
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=1996,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2184 /prefetch:3
    3⤵
    PID:4944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2032,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2028 /prefetch:2
    3⤵
    PID:3616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=2192,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2556 /prefetch:8
    3⤵
    PID:2896
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3232 /prefetch:1
    3⤵
    PID:1944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3260 /prefetch:1
    3⤵
    PID:5816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3700,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3716 /prefetch:1
    3⤵
    PID:5096
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3664,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3688 /prefetch:1
    3⤵
    PID:4100
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4408,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4428 /prefetch:2
    3⤵
    PID:376
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5084,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3668 /prefetch:1
    3⤵
    PID:4812
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3044,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5180 /prefetch:1
    3⤵
    PID:4052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5340,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5292 /prefetch:1
    3⤵
    PID:3688
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=5920,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3280 /prefetch:8
    3⤵
    PID:5304
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=5928,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5944 /prefetch:8
    3⤵
    PID:4492
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=5936,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3476 /prefetch:8
    3⤵
    PID:5268
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=732,i,1862125199489063595,842486049896516830,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5060 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:452

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:6068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
41KB

MD5
ac55210fc7db85b49b74b35b5e6fcda7

SHA1
e90df1a4ee45ba331474152725f016f50db02e2f

SHA256
ec33efee95639cefd7de83b36596a0117b0289af8aa7912a23ef5c8fbdecea35

SHA512
cc8cdda273bc0fe4ad17e5f34d5f850981ede91afc6e20e0ceccf6ceb989c1830286086f679c0bfd39653ab0966f100a5cfafc0c1aed13a22b41a5d4a93e2c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
25KB

MD5
9aa03d2270232eb3c6c417642644e704

SHA1
5bbd5ac9fbad01b440030dfa109a1ca233afc69e

SHA256
621186e128b94ee938b6225abaf17134aeaa6ff56cc900221250d988259d9b35

SHA512
0de7e225fcf5e619cee774de999f3a1a58e768de18f467dbe2337dcd16d5d8994dac570afe7004797c3475b65a636188f91c113cea1658eb2e9409328e84878e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
19KB

MD5
019b73c701967cf33ac250594c0f2684

SHA1
16c4bf93d750d6e45e807ec9e5c14cfcf5e5efaa

SHA256
79b5a3cd240483def1b41255e53d78e869ae3217fdde06cf98a86a87a7762047

SHA512
fe9355ba923c594f692eb5284fb159b4aca680a6a4bcb6a89ff3077e4fb258ce656bfae1b388ddfc95813d26cda987d7c489ec0efb82d76617a5e1a6eb542b01

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
34c29bdb9e41b1f47f2d2786762c12ec

SHA1
4075131b18c3487e3e848361e112009c897629c7

SHA256
67ee11b51cd6f637795e31ab501f135ed595c8459bce885735f08b0418513a17

SHA512
ca3a978798e77b2ced27b379f38e935ef18beaa7ea23e34270a9af20b37e1b1c5edf9478606311cf1acabd83992766cb3da8444de9394c674d5955bdbc53c0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
0792092a8affb9c9b08c0c6f46dca0e4

SHA1
0100a83f5b608ee1bd8376d3e2561ac44eec6328

SHA256
4b4c804b4afd7385d172358f481b45fb5eeeade16251d036555fc4c1abbadfc8

SHA512
78255472767630ce1e81dc72349c40060bd1bdecf0d970335a0e8e6e6098b282d422280e9a358c52f3dc989ce4bbf326a5e9606910f9739e17ec030334617062

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
52KB

MD5
c94f7e7abfc9942bae7098b53def6fee

SHA1
6d794aa9208322c25e8530f8cc19749bd21204e6

SHA256
20fb68d08674a2fa9fcb64a6cc6b299ef0112429ea96bee5d48d883c0a7aec2f

SHA512
413b32b89063541e92fbf42529d22ee6c0acd03b365c7ac94916e1b5af13ae121d6d6fc0478d4e44d8b8bc831310dee3399b2b539a8f1409a19cc9e1cff0c714

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
624b809d4539f382afa09b7f1c57449b

SHA1
62f0c55655effefcdba51d3c737c193178468962

SHA256
7daa63c8888d5d42436d2a15511b4d5b9164f2a9764085f56eb1c28b95c551f9

SHA512
57667a9e0f5267df85572fb35c94ea84afe97796e009b33a96ec47f0bd176ccc469b3b532c6c49dcdb237ac81d704a46e7f1c12ed3438a9f5880cdcc359edc39

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
084e6defed73fa5faf4a3486a490b68c

SHA1
40dfa233b1401801a6e590549b787a069c938d43

SHA256
59d941c47e2d97adb5148607f1e3549e2ee79da1b63f609ad24f2a19a150a81e

SHA512
585a0312a83b2a7a85977fe9e7dbf4e3918a29293083a53d48727322cf369f89010569e7a27a8c4180826c5c63f82e37b021f524ab09266f5299f35c9716bef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ee458c576462501c24c686fa33f18aba

SHA1
cb4a9dc7b3c52f336e88c021af0cac280926dd0a

SHA256
e1c79b14eac2491beece3c695ada02114397e4baadae0836a0c0e98cc8f50241

SHA512
68064cc7726877d3ee65921339b9ae613b90b29b8d3b362a694720e968582a6244a89e6a4b1ec8cc636a50c5cb38c51d6f1205dc355eae4542dedb3fbe4b19cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
3afd75d683c631148ff6d7e94d7accec

SHA1
32640c21a32daacc9bc42c1050469d36f724b083

SHA256
71e129780817bc27973a618fc5d5b4ce57d254f77cda393771d7211c7ecf385a

SHA512
661ab8e31a0ffb368328cf8839b5bca32bfcd4f534dd7761213d5cc99b058edf4fe5e2d45421e6559697fd0aa9b7e0e9975e9c79929294031ee007a2d6523636

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
c8a14a9de994b06e39dbc1b5f131037e

SHA1
49fbb6b59b478a03cd283df2cc6a44185f462de2

SHA256
c98e2a86dda7d425171a8a92e30b3407211ecc0ab49d63d1fee801a54fc1eb3a

SHA512
f7a1984882de8da2e4f5c7f9c44be48ce4c5667655af3e677d5359151c908ecf407f42280db5b3072350bdc01c33026fb177b87dbe1b6c0dd0f72ddc784675ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
38KB

MD5
0dc52d5156e0e3423a20671f85112a3a

SHA1
de63219e966279d23d5d9ebfb2e3c0f612a814a0

SHA256
55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f

SHA512
de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
35KB

MD5
1e1cf778a049bc54c05d420e42b688fe

SHA1
db37cd8f2b91ac66e1d17ee5439fc8574522f111

SHA256
52dbdce3aeb59eeee2428e72776cb4e3127b76fb7433c77e4548b46174346b2d

SHA512
0e655ee62e7c151ec52db751afd976363de33c97809f5117155b1f70a77373de154909ea36df178193253820b509758a280dabbc2ee3abe9f461702588adc315

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000008

Filesize
56KB

MD5
9714741ad95f5102289cf11f1aab90ce

SHA1
435c7c895c5b6cf7c39c960e1dc41be7a74cb23a

SHA256
b2cdd13a619b6ed8ab64cedf1aef1f32197996319fa30b0c552ea2f5a66421fb

SHA512
72749ee52b1869b3a7a17c97e17d8ffbf4ab755dd7e7ee215338d8e392d3ccb550b5111a86b3d63fdccf0c2b8ed7e41b864984bfc4b71d1e394365389658010d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000017

Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
9e0051209546c63bbde7a4df1fb2e7b8

SHA1
1996f25b6a36bb56980bdcc367fffdd9da87ced3

SHA256
b6d9c27a33b3fb0c46fa4cce06db296abda7f43ee8a5fc26afbc9625d7449fdc

SHA512
89b98fa9cef3be2bc859bfd8e88fea665deaf3db133e9271645a9e83c59f0ff581e76807fb704515a988b70c109f2c0c83b7aadcb8ec4b9cfca9d2ff0b86004b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
af8af46935f7ef11cf2726ed948879ee

SHA1
88fb0472381ade23341558658ea9182a3438a745

SHA256
400f78e937040305f74946038ddb99759906b2da5289335eb2812e0194cceb39

SHA512
2f80f4be52096907c4e0d804ea71fab4ea914cd76f7bd4cc8ea8b8b0a063a110b67e7a1524dab7cfd21978c53dfed4ba1beb008d6186f3b77d46bed22213653e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
abb5991d58e508792ef718407709bbef

SHA1
30fa1f07a31c7d7501b49e89c7a0e52b256a0fc2

SHA256
68cbd192c93a48c3bf3713c8274df122babeda00d8af71134d1ddae2acceff5b

SHA512
73b2c0216eaade64a720f9b1190a21aa1f1f720919ec7dd8c1929eb63ab3a2283e123a4dd998688aab3697229b457d4125f7f4b55636ccbd0eea7bd384475fbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe57bedb.TMP

Filesize
96B

MD5
9aafa3563623438d42b906517872e607

SHA1
f9b362299d44789ec6a3d9729b67cfe35da7d64d

SHA256
c57cb065f936a4e6107e3320591bfe3f433e96b31dfd64884199ac47a1296f5e

SHA512
f765cfd5b30d1ee0aebdea4bc0f666251752cb55c5e7a17d8546553d3ca42fefff53173f9c7f4ee8179d7bb0a584080d18ad7190b2f266eac48d0a517b76d790

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
14ea39967526311c8203ea3d9d4182d5

SHA1
621e8cf64723b1e42c7099d0c622c71860f40003

SHA256
0f67579c6f8f10bc39cf14921c97b398060b9610ff52fa77490e6ceb8db69838

SHA512
24748d516e38b763efe3653e837ba1ffe4a18a5b1b3b942f4083406ea20f3230670743235ddc749fc6c322a5e0fe8eeaa45d3a741d2cc05fd10e9e13f6af4c3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\index

Filesize
256KB

MD5
2248a83a76d1fbdee8dff7f21a0f0f76

SHA1
97eca0d33641950b6920f3b367c53dd84bdb61f3

SHA256
f873aad0a69af0779db921c44d562601621dea249a693671933611cf1fd96ddf

SHA512
2dfb41de4fd86ade73f5183e1fe26cb5b6f81cffe5f88c2586c185e63fad936240dd01557b52ef442d162f2743e8d1e3a3b1ce905d847196f019d79b37683b0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_metadata\computed_hashes.json

Filesize
5KB

MD5
eb95daa26abf3e1769719f72665ba30f

SHA1
77515d76b6e9429ffd64105cbc345b600ed3bf2d

SHA256
0f2c124b4d0f11ce0bc64d6f9799650c1b9e54d443b0b17028094fb9d68f7dee

SHA512
a02ae7ae2d904bd3b40e1b93dde103d41e49242dfb32479c4b3e3bdde41d917a6418ab4c3695635fcdfedf24768d832d697b13c8acb5e1fbd99f9a79210c9db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_metadata\verified_contents.json

Filesize
11KB

MD5
8f99e1ef2afc5f73d9391c248a0390aa

SHA1
dd15dcd68ffb7cba69c6bba010df57a75390c64c

SHA256
d57215628af1ecd1ecd8f83da69245161e4e0a2ce24846b2fff6b35da232709b

SHA512
8f4aa8ce2ea90958bec430cd46f1e76d8e7617c0735d8ab896f4da1f84f3220920cca6ca2da2d7559355423ec115342183615f7e62e72ee6168a5930a078948b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
babd43551f1b29eb82e221460676126a

SHA1
e9bff307613a14b35830893bdb6d1ecc931b425d

SHA256
46b5ecada4edb2585f87953f7847aefc938be2404b9d9455c772b97295b7b1cb

SHA512
5ab681c170dbd1d374bd66edd02cbe21272819ef7389ad1e886bcba112deb91eb68fa930747986da5ca794881939570013e38edd9f8e6f718f7d202e74a82f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
160KB

MD5
9b85a4b842b758be395bc19aba64799c

SHA1
c32922b745c9cf827e080b09f410b4378560acb3

SHA256
ecc8d7540d26e3c2c43589c761e94638fc5096af874d7df216e833b9599c673a

SHA512
fad80745bb64406d8f2947c1e69817cff57cc504d5a8cdca9e22da50402d27d005988f6759eaa91f1f7616d250772c9f5e4ec2f98ce7264501dd4f436d1665f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
40KB

MD5
dfd4f60adc85fc874327517efed62ff7

SHA1
f97489afb75bfd5ee52892f37383fbc85aa14a69

SHA256
c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

SHA512
d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
1b3595911b97e9b38d24817a6cdb6661

SHA1
aac5e122eec5454e58a1e5d4e251d2b59fd5d51d

SHA256
2c13269bf82257a92fc9b042aa8dbf89f5eeec49a98465a26dab3bc89b69cea0

SHA512
c0a86aab65b346da5b62791e5e76167105abed1a60f3861d430a26abc49aa3ae908d93c16dad45f77555c61dcaff9319a88d0cbef47382931875f9f6f030860a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
8fe1710cf1cc2932559db48f9414e0d6

SHA1
5d5001cc3e2dd521ebdd63f6031cadf386fcfcba

SHA256
f10d7d666347debcd59fa9a3f76dab49034c69f4063ea259e8ceac939045f00b

SHA512
f8e665076ce6ca731a8b0b612a0f83beee1a05417accd2b891b2e3d5059a4908013af34d0bde3eaa01faa1acc7d1958f00c7171ad8dcaface653d64fb6075ac1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
3KB

MD5
240c9939c2dabc28853b38b3f72fcc5a

SHA1
a429ed3ef652614d5a629cce15132c17b3595f12

SHA256
17acdf1b344bc13eb8a5920a591064c242a87df5d3e79ab6ef5bb456adc5c1ff

SHA512
174a32702d44c357031490a485ff19536d18def03722802ebe4b9989395546363e25064966a5ea069e6b9163967b5ffc7ce2fcbf6de188a6a5aa683d71d12a7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
b56e0ec032670335dca33864d9691676

SHA1
6b3f1417b4fff88fbf079f5516fd356d12e04157

SHA256
b93019e754d46598b58caee9d1366b2b36599eb00f884d41345740278d21e5c5

SHA512
f2537c3d59d14fafdfa1a6e32e637856c8e59b0c31dc32562de7207e9274f5a12ca1f507139e552caa4ad004d303bd6fe13ca5ca2d6777564ea2a38fa542d180

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
356B

MD5
15b227c5bc5cc0a34fa517ed3287a43b

SHA1
56640d848806770c2ef8622ac5756cdecc8c3a70

SHA256
7c37d4b0c8f32a8c786fad7f78334859a8d777a371e37f9db126b1ee975c3234

SHA512
cc816a249208129a46117af29d990123c9c15143efe672348bcdf281f8a70aec4dddd437faeeed7ac4f205a62cbd5ab7fd70ce28791a391593a206edf5c65c64

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
11KB

MD5
4f681b0329dcfd568af2a9441deb04e2

SHA1
713e89472267b285cc0123bfc203bfc0b36282c0

SHA256
ee3d486230a4c14b01c5deee0d04716be2e58dd2f265796993e8633dc6c17cc6

SHA512
fa80c0b4084bc1419296e6452faef2637fda76efed6e866c9a2ec5b2a71f758c8485d09efbebdb66012f0e19e0b64e50655e481eb9cc774156d9eb4c3a9035bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
11KB

MD5
ca2ec6f79d58f91978c44e4ee6738e82

SHA1
ead7381381776fde901df4bb95055b195df92a82

SHA256
f411c590e196ecf2777cacef84aa658d619d52eb4a903cd0ffa4728638d89c1a

SHA512
92c27a963311142843aedfd31199e88ffbdae92b060c4e5379aea856f4b801fbb02bff980f98eccf8e94489bb91d6cac403837ffc81202db127dd1d8414f0ac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
febe8b30c72b9ed5786ae265ebaf844a

SHA1
010452344e00fcf8609b9df083803311efe683e9

SHA256
72d049174f8bb874a5db67735ce76cab400f25a72391ec557ef2720785b4c4ac

SHA512
01863fd726d2bb344f368673a31df809a58c810940200a8cf02d1be09ce92f1d097419fffabbada9651d2977948111e0916e2012d92974f96ce7c942ef01732e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
19KB

MD5
4fd3878a0938c98361c40ba1ea81683d

SHA1
855737b25aa21eb421508f3a45154e519d3d7bdf

SHA256
90c289f7629a2a305f0e8f3b689a0aa8841bb8ec4383a28600ae69ed1ad53210

SHA512
750985aca561ac28f71fa015d0fb62f793db74c46e9f5a6b90030cef95186b241f46869b807570654bc28d6fce867c21d24831a01726bce1774c1a10d8b5b0cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG

Filesize
336B

MD5
b7569b6d139adc03cc8b4e6ae25bfed4

SHA1
53374ace1989b44a70738adedede4d9e974ae2cf

SHA256
d6191086eabceeaa04f25cb3339b35c21e9394a9158eb1c06428b7b1c89e9ca8

SHA512
176b348cff588559db2e478c7bd901f46d102ae97bcbf587ab0af4477a9a24c128a98710674f776f9e2b438fdecea6732f050aed740cb9ce2a95f3f9a23f6332

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG.old

Filesize
295B

MD5
b58905f7c4b4eecd47eb3c06106107eb

SHA1
14e5eeb5532a8aab5e16d8671d99282a0fe451dd

SHA256
c0fe88fa5560043ebc5c2e0e9f46191841f71e97e298023e53b6afacc182746d

SHA512
972b15330a415ad5abc9477392cb0605ae01bf61d294b27d89f92f38df87e8eece4a9ca7b7bb71b301d965d050f04d6acc2c41e6848e75bcbe9bb7b26c918351

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1e973f645ae0634870d2c118f6d84ee6

SHA1
cb6bc6368df4e6e95618ea99de23e303d793697c

SHA256
46ca5bd1fbb49b3ff234a835b81c0844ece24541c1aa8bb2ec5830535902b25a

SHA512
d4bf56943f537845fb83fb0f3829470e4a006f552edb9048a90cabf8b93ae7235db7513847617af52cd8f6033100b6647fc4773b98c28a212fc3e0bb81d92f65

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b7f6.TMP

Filesize
48B

MD5
5909ec6c9b89190f71ea32b9166b662b

SHA1
084ada800c2604c260927363ee2ce658c33c7861

SHA256
a87d6875c0aaf069604051d7684a6ee5decb1552f02edecb61e9d2a1f1405bcb

SHA512
8564c49f506d46af008c43f31cb67defd25c52e8abd30a6b0d1ee4eb65ade624b832e93dcf582361d01c8cdcaf35ee630f786ec16860af04b5dbebeb00c9ee40

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
31bc9bb575ede057ce72bef83ec7e3d4

SHA1
3c69256a0b14b8ca57f10d636be30e4f18919240

SHA256
ad44719e2ee22adb4584a4613324a81ba055b1315891f1529c4e40774e3235b0

SHA512
ec968ece3650a8b9b61302ff71fd0c0a53bdc1f54ffb15554ad9741f9b9176a431c77b55284c15235c251950e3863970a7919b4db20f478e6cbc99d2394dd095

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\SharedStorage

Filesize
4KB

MD5
b9263bbf24428aaca95d04d04f3aeb6f

SHA1
5346015345f6df766df4bc9b42da076f6fdd440f

SHA256
1fe8f6113488865c546d2faa55b21482662ce4be19d4f505eeefa09bc3131489

SHA512
5bc2978bc96e1347500db552e2a2dfd9e5df25c8e16d3ab57e5519de43cb9c08f5aeefd1a6f6947d7fa253505918763b932f622636fc2a7a429fa72a5b49c7cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
7066cb23d88d74a7840114d992b9e9a7

SHA1
7f060770c79c1661f8f5edd50d3f79840c60ba9a

SHA256
78cca0c60922233f14c972503515df4b47c30bf393e1b4510b6fe1a7b919e5fd

SHA512
5423a5d8b9712b336dce9c5c110cd36274049d7ebbfa9323580834940378c176d1e1b91c9ca5c62e94dc8e59960100402835a4e73a0e06ecb7d8ca3a235e1f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
307B

MD5
612bc2f9244c810e5ae5e8ff63ff854a

SHA1
208e2dd3ae93e67578d27ad4fb2e9ea656f134ca

SHA256
35c750cadd0d26d7b8c5944c71c6862ae6ccfc1fd8e8957d4d1249ff1beed6a9

SHA512
a82326ab0b2cbf84f708a4ad23d1c58fdaf816f02603c9d8176385c9764c1f15532cf90862efe1907552b8d27f45df0f852afd8f4e06062a0d2f079b38129774

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\db

Filesize
44KB

MD5
b581f0ff8f8aa3371ae47b48c95329e8

SHA1
4f588efadf3675f3526cbe762c50eb8e79d9f2e5

SHA256
f8e7cd835195e4eff7855d20676484ca75f7e7e4fe5b13164fc926b365e1dea0

SHA512
e0a79452acb39838afea8ce34e05c7e5cde68f2a786fe4423ddf2588fc6047339e8e4c3140d7e0447f938b2266f52b9ddbdcc0f40c495d833b47b3f27d7996de

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
d8ba3849a4479a214a302a46c136ce1a

SHA1
37cffb7392c1a3268809a308313f089b2e2c0a6a

SHA256
1bb8905da6f5b0202ea5531aa30b122991d42abdc93fc27eb0548d0e7fb36a14

SHA512
6a8d4ef489496441e93bde407cb21053acf0d54bcad8bde9c98f6290168490f6db4d0134c5b7e00c6ea8031fb3a54ad6a0914e829892331935c4b348161f137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
c3f2157d40d3b77a5093796cf3ead547

SHA1
80ad463d0386b02fe1621de04f22198db7b1c5d2

SHA256
41084a59b276113b5ca97551db9b153c6fd5dfd87e310570ed5a621b09fc6b51

SHA512
d6105cdd4f41ba0ed2fb061b26ebe680039718e5ffd1d4355703b5475c600e8590ea42f2231df60f9f46ff1129b51dd91b723cef6227b17c652e439c2dfbaec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
283B

MD5
7a5d00ad03083c27694c4469f29a229a

SHA1
9e03427816244e6d84152c3d2993dfadae1d6ecf

SHA256
74661d21df481f1a3523f4a0761bb029c510a6f2dce28fea107678a9ac924cde

SHA512
ec579d87b497bd870ed103fcb09d867086d07dbabe6644fd7b52a13d1d617365e80a4b625409b83c6769e1cc882dac9ea9f6d6311f41c44cb56f8664d6a1cf39

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
6c8947ebddcbc8fa888fd14893015711

SHA1
b6f6dd8de7cba75080d611a9d94133e85487320a

SHA256
a5215f421e9358aea400068440fc7c81b22fe0505607ee5c47d8411c0d0eb88a

SHA512
8dc8ede4a0fb6c118e2164d57c65c5663e5e4d685c8ec47832b8a04be74f677b2ad2106db649cfc8d3a0a3cb74675e148fb610bda1972097341e084c5e93fc41

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\trusted_vault.pb

Filesize
38B

MD5
b77fc97eecd8f7383464171a4edef544

SHA1
bbae26d2a7914a3c95dca35f1f6f820d851f6368

SHA256
93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68

SHA512
68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
80KB

MD5
9c7f0c45f3d7a43914b77cd83dcd8921

SHA1
2870cd181d89a75b56aa47ccfe68b2c30c7608d6

SHA256
a89144bdb7a253830fc715a10aa117b208f3950db765a4a942ce18c3d0226ef1

SHA512
86c6e791475326b476bbac94096702ae6e3b41ae2b0b44cc040435f79ebd5daa788a42c73e06bc97a30368a2b37427c3484e5e32eb88fc2673052411eea97770

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
80KB

MD5
42ea1d569e557ef9b406588470ac5100

SHA1
f3f72190c0883903029c53b91017f821e46b0234

SHA256
81d2f6b3de1dbb8a49b5fcfb7a1a4ee448cec20b7a830cac0d583ac61240c019

SHA512
25481012fc992759533a38f59061944b84d2afbf5cc315d5a9305e3ec142e6a5adf1c028475f3c7209f5842b9b19a8bd3e0b99f50be688fbb4fdde218bdb3fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
81KB

MD5
306cff1acd94f69c606a800bd6123de9

SHA1
41405c4cecced324530502ab7d5af730964e2b19

SHA256
843f19c2a327ff3fa430b393e9395c629e28f0d876b0008f5e3d57e795a58a39

SHA512
b3c78ee93d13971a9051931d6b0de4af493cb18f7280f3d904f5de0081634f93feec81ea76a5362f4c6ffe89f8cf087ce96446530939f2726689e36f2d23abc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
81KB

MD5
59bd560237e8fe5c26bdda82ddb69dec

SHA1
59019b5b66d7ddda7b60885c8710b02bcfeee111

SHA256
6bf21006777f074f472f40a3738fa40d30d1564a9a650b4044e9aa61ff417aa4

SHA512
306c5a3d1a3eae1833a3a45888344544419a64073c97253e05c4dffa8b078a9c2e57a55bef218aa4b091ca9f1bb15cc46f5f1ae7ae610f2128ab181d23ab5b33

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
0c0a125b42bce304859c5dc24060ee8a

SHA1
fc73e6837480d2bdf0673216d01b842464c7c5df

SHA256
164ab1ca37546f77c19ced0493705fc4dcc62825121cd204be9b8504d11d2949

SHA512
271c4465b9b53147a505948a9e5d04dc47d9852570f2b47eb865689e62926c4c540e45f46a2c9a0639b5f278260b48ab03b48caf3b56783df8f242ccc9d98052

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db-wal

Filesize
88KB

MD5
3698f3efd926fc5ad01bd2fd08d52c5a

SHA1
fc354c60d4b8b0c4bd9ca004d5ea1c4759da7429

SHA256
4d5ab7c1820abdb3aab88842baa1ad138492096ce5236b56fee87cc7ffdfc70e

SHA512
54ebe06fdb6cdfd33ac9bb107964a4bf0498dd8ca2778397755b0fb2cc8ac7dc19a11033558d79551cfb8c43772f8bdf41aa040fc7d09cc5a40c477eb88f9883

Download Submit