socelars | 0046f06d419e3a965c3e115a64ec32c78e35004e344798d3f23d8f5248309284

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Size

1.4MB
MD5

a26b1a5af7e93bbda77b5f1639815d77
SHA1

38773c74da5bcf9cf59ac849507d5491ac13f838
SHA256

4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f
SHA512

68a484b2818dc99be4a32e6bc0fda3f98e9220bea1eb83d935b5a7010d15f6f942e4268117b7d085ee32c590c96bb105051199e0c5e621f449aba34d4ea95d01
SSDEEP

24576:F0tmpAQc251zzwym+vQgDrOVkpmCu+cqlbbu0ywIcbyjpJ76H0T6+rzJ:2tmp151Pw+v1DiVCK+bhyw5wpJ76H0TP

Score

10^/10

socelars discovery spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Socelars family
socelars
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	iplogger.org
8	iplogger.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
4732	taskkill.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3400	chrome.exe
3400	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeAssignPrimaryTokenPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeLockMemoryPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeIncreaseQuotaPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeMachineAccountPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeTcbPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeSecurityPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeTakeOwnershipPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeLoadDriverPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeSystemProfilePrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeSystemtimePrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeProfSingleProcessPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeIncBasePriorityPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeCreatePagefilePrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeCreatePermanentPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeBackupPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeRestorePrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeShutdownPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeDebugPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeAuditPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeSystemEnvironmentPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeChangeNotifyPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeRemoteShutdownPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeUndockPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeSyncAgentPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeEnableDelegationPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeManageVolumePrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeImpersonatePrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeCreateGlobalPrivilege	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: 31	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: 32	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: 33	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: 34	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: 35	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
Token: SeDebugPrivilege	4732	taskkill.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3400	chrome.exe
3400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 2496	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	89
PID 5048 wrote to memory of 2496	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	89
PID 5048 wrote to memory of 2496	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	89
PID 2496 wrote to memory of 4732	2496	cmd.exe	91
PID 2496 wrote to memory of 4732	2496	cmd.exe	91
PID 2496 wrote to memory of 4732	2496	cmd.exe	91
PID 5048 wrote to memory of 2720	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	96
PID 5048 wrote to memory of 2720	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	96
PID 5048 wrote to memory of 2720	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	96
PID 5048 wrote to memory of 3400	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	99
PID 5048 wrote to memory of 3400	5048	4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe	99
PID 3400 wrote to memory of 2404	3400	chrome.exe	100
PID 3400 wrote to memory of 2404	3400	chrome.exe	100
PID 3400 wrote to memory of 3088	3400	chrome.exe	101
PID 3400 wrote to memory of 3088	3400	chrome.exe	101
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 4852	3400	chrome.exe	102
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103
PID 3400 wrote to memory of 1284	3400	chrome.exe	103

C:\Users\Admin\AppData\Local\Temp\4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe
"C:\Users\Admin\AppData\Local\Temp\4dadde2cc75cc00a99017299ecfe878299c6c6742ce3abbb198cb440b6b3ce4f.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4732
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb355cdcf8,0x7ffb355cdd04,0x7ffb355cdd10
    3⤵
    PID:2404
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=1568,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2064 /prefetch:3
    3⤵
    PID:3088
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2032,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2028 /prefetch:2
    3⤵
    PID:4852
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=2392,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2536 /prefetch:8
    3⤵
    PID:1284
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3156 /prefetch:1
    3⤵
    PID:4432
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3204 /prefetch:1
    3⤵
    PID:64
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3660,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3696 /prefetch:1
    3⤵
    PID:3028
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3672,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3736 /prefetch:1
    3⤵
    PID:1312
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4672,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4684 /prefetch:2
    3⤵
    PID:4404
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4992,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5044 /prefetch:1
    3⤵
    PID:2348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4156,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3124 /prefetch:1
    3⤵
    PID:4428
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5184,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5136 /prefetch:1
    3⤵
    PID:2168
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=5644,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5648 /prefetch:8
    3⤵
    PID:2956
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=5628,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5684 /prefetch:8
    3⤵
    PID:2040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=5620,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5724 /prefetch:8
    3⤵
    PID:4580
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5672,i,16895486048237747463,10364927099313214054,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5680 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1932

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
41KB

MD5
815860e7344a367f8c327295d1cc72d2

SHA1
22c86304b77074a3ca5038cba79a529eda42f049

SHA256
3da50106864a6355d5c7a076995ed79d707ec7a45ab74ad310d898e097704868

SHA512
d4ffa4a42343b75149b45d50f9afda9843c46c03fcd20eb7d1c0edf2199a47de30642ea14301749158a40552fbfe493b2713d18613d6134314c9b5c372c7881b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
25KB

MD5
9aa03d2270232eb3c6c417642644e704

SHA1
5bbd5ac9fbad01b440030dfa109a1ca233afc69e

SHA256
621186e128b94ee938b6225abaf17134aeaa6ff56cc900221250d988259d9b35

SHA512
0de7e225fcf5e619cee774de999f3a1a58e768de18f467dbe2337dcd16d5d8994dac570afe7004797c3475b65a636188f91c113cea1658eb2e9409328e84878e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
19KB

MD5
cbcf9822976b20ba471bf1837fa7cf7a

SHA1
27ad5584a8af66753aa4accf7de2f8df5e5afecb

SHA256
d8045388349a680a3f3c041f90670a23b24e66973273765e6b20b320fdc9be86

SHA512
d958c799bdab022d06ef60cc9d85d51f48e78d57312f69bfcccff1615d4bf70f7ed697e46ec8a5256b8a66082b47ba52f2879a507bec538b7bbb957209691f40

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
34c29bdb9e41b1f47f2d2786762c12ec

SHA1
4075131b18c3487e3e848361e112009c897629c7

SHA256
67ee11b51cd6f637795e31ab501f135ed595c8459bce885735f08b0418513a17

SHA512
ca3a978798e77b2ced27b379f38e935ef18beaa7ea23e34270a9af20b37e1b1c5edf9478606311cf1acabd83992766cb3da8444de9394c674d5955bdbc53c0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
e7db135220febbd26a01b6533c672056

SHA1
79061cfb5607327d005e741fa9cba3eab5ec23a5

SHA256
d6f76cec9b0d8b02a4bee869492e47877060b3d5add6bb9938e1255a4ce3b93c

SHA512
f372ac7753ef6e7f8fe39fa1d8dbafced927d43c4d02bc7e3450e93cf70bb15bd4d2f0622e828dede7433fae0a2bb71c3b89c046c4e17827a8032858841d42d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
52KB

MD5
c94f7e7abfc9942bae7098b53def6fee

SHA1
6d794aa9208322c25e8530f8cc19749bd21204e6

SHA256
20fb68d08674a2fa9fcb64a6cc6b299ef0112429ea96bee5d48d883c0a7aec2f

SHA512
413b32b89063541e92fbf42529d22ee6c0acd03b365c7ac94916e1b5af13ae121d6d6fc0478d4e44d8b8bc831310dee3399b2b539a8f1409a19cc9e1cff0c714

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
4b75808a8e4f0d8c6eda780ec92613a8

SHA1
6a0086f5e3853b811043d894ebc643a263afa0b5

SHA256
8654091edbe4313a086a7de035a1935dba18cc2dfe947272814810b4124ea750

SHA512
9687560de58a9078adcd46f04901d273fab9f0fa2a20e0cdfa3f504ed51ad39ce49e3044e9cadada57e134082bec972e0bcf293945cd3fd93cb7e248cbdf622d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
8cd5934168af2b7083fe3eef6abe955c

SHA1
564281b27f57014f7b7ae1e76fe094a9a5e246dc

SHA256
0cefa26cd3684d6886a1183a603354b3f53ad69612120d0b6bd742ff6b5b2936

SHA512
05ffcc0e36082e8383aff18593e7099e8378465ac5b1893a4563607738328980f4c0bc989b9ee2d4763fbfaa296044ad8ffe89cc88b4fd7bb3bcd59a5678ed4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ee458c576462501c24c686fa33f18aba

SHA1
cb4a9dc7b3c52f336e88c021af0cac280926dd0a

SHA256
e1c79b14eac2491beece3c695ada02114397e4baadae0836a0c0e98cc8f50241

SHA512
68064cc7726877d3ee65921339b9ae613b90b29b8d3b362a694720e968582a6244a89e6a4b1ec8cc636a50c5cb38c51d6f1205dc355eae4542dedb3fbe4b19cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
a8ed3460141d925887276073c66a58a6

SHA1
7be8259bfeac2f819c0bd7cd3731162e91f88cb1

SHA256
b9c8dbf13db3d5c5717ff5e646b0bd6257581dbae42ad24d0de499425ae89b6a

SHA512
5ef145672a20fc4e405dcafffa1a9ebc5a76af088a5db90e1cde9c1c33dbce32c737433f43f81a9b3a7321034fb954c4f8c7d64256efd91c5b6d41311ecfc84a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
c8a14a9de994b06e39dbc1b5f131037e

SHA1
49fbb6b59b478a03cd283df2cc6a44185f462de2

SHA256
c98e2a86dda7d425171a8a92e30b3407211ecc0ab49d63d1fee801a54fc1eb3a

SHA512
f7a1984882de8da2e4f5c7f9c44be48ce4c5667655af3e677d5359151c908ecf407f42280db5b3072350bdc01c33026fb177b87dbe1b6c0dd0f72ddc784675ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
38KB

MD5
0dc52d5156e0e3423a20671f85112a3a

SHA1
de63219e966279d23d5d9ebfb2e3c0f612a814a0

SHA256
55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f

SHA512
de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
35KB

MD5
ee30519b6f881d17ba9745c158078c48

SHA1
94565ba83b806851c18b8cab56e8756db96ee186

SHA256
bb55928ab9458db662fbf8e1fcc6b351f3c0467b67f50ab25a58a7fb9009798f

SHA512
d4c4d32b87cae6e5df6d1e204723d42d6096576bbb235d141084e6ac058cfdc55404cc4e1370beedf1f53fa151ad954fe876176dd6faf27f7543578c3aba518c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000a

Filesize
44KB

MD5
b27025b564bd576a8a23e70ed71f92da

SHA1
1cbb42aea2970f02fcbab1038331491159f7dede

SHA256
ce1ed22fa1069653716baabb47550585a0cbe5e3f6dced8e11a53d1251b2bdb2

SHA512
ecf02ee0ce84674b4f03ab73bfa98c7d910c167dc4c347a74c295ce8737bc907a0bf66276ea27f84ec2e5ae601a1fd3a04031b69965adeb25e1ea99ac9bc0257

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000017

Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000018

Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
71b30b6541c0874dd1729a355def9928

SHA1
c033fcbac46196c21feaf0ac7d2d42627b802b01

SHA256
eda474eefc5fdde934d232af10326897b8ec8cdafce0e7d974ffc3104283da8f

SHA512
c78a8201e07318e4a8f9437d371e761d3e3062f01ea6b6aa120b20c24421df25982e799e9219831026b67710ded9a976cdb2a5c2f722691a7294094d5bc97841

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1ee5089ec5cc0abd688e69f560944a37

SHA1
a55051014b0aed045d54568f5634ef716683b6e5

SHA256
966cff7604f500f503e60b58ef012af748baf26d67777739f264a311c515eaef

SHA512
241c163842f8e80ccb461b67c475c6f399ebd48893bc0893ea27c95874bf3f3323ff935cf8a055b3952b75894a7f44c721fe9e11abe2dd530972af405da02872

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ea58ba86103835c8a1db032a5d775d43

SHA1
6bc1eae825a24ebd4348f52280f51a83b39f3262

SHA256
ede65d824befb8d22bf449943db09e48bd865c854c31e51a13da185e2b541000

SHA512
e28e41ef409e0fc2b71af1563fdef09b26d1c6080172d587256895dadec9a6f52d4810ebd1b792682d144ec1816c6a34b6836ba147c61f061acc513304e4686b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe57f731.TMP

Filesize
96B

MD5
41160e5c81d224e2ac04b7a9022e173b

SHA1
9363e333df954d30ef2435bcab7facde21260d48

SHA256
1f09b8dfa83f2f4cc29dc33520d74a769b89e6c9f8bdd394e8976f82befb8a0a

SHA512
72c8e44dfc140eb7d3be11b204450b71d81f1e51af95666b2821522163429d26caa73bd70d6f89039f32e175725927c686f6d818f700a4fc521b63c90805e5a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
0a1b9617504c4229b47a7b42e8d1f490

SHA1
2463a15bc320cc34c4b40a6afae25dc226c6c1a7

SHA256
116040fb01439b69d4a2f75c2581ba4473d633b96ace349b44461ad4f937b6ae

SHA512
8635fa3171bd2d81bbd0fab9aca28394d8e33712dfd3ed1ebef7d3790ecb6979d48b6914a4006040fb9903e35ccadb8e2f427e79b89a3f70b9d3590a378b773b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\index

Filesize
256KB

MD5
c17cfe1b119ea796bcfef365964819a5

SHA1
ef8a00cd8f583a505c6465aa2f07308c33c5637c

SHA256
f38413453ca65359e74598b33f0e4627963d519654045b195da00b8a28407e33

SHA512
729728f10e9ddf7c2f0efd5701b6c5925f653e5a6d9e5ae6e4e58874a20931eab9ce9f779fd22550c0d3f961ee1067e534414bb7aa3e8341ed90383b1af10de9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
babd43551f1b29eb82e221460676126a

SHA1
e9bff307613a14b35830893bdb6d1ecc931b425d

SHA256
46b5ecada4edb2585f87953f7847aefc938be2404b9d9455c772b97295b7b1cb

SHA512
5ab681c170dbd1d374bd66edd02cbe21272819ef7389ad1e886bcba112deb91eb68fa930747986da5ca794881939570013e38edd9f8e6f718f7d202e74a82f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
160KB

MD5
9b85a4b842b758be395bc19aba64799c

SHA1
c32922b745c9cf827e080b09f410b4378560acb3

SHA256
ecc8d7540d26e3c2c43589c761e94638fc5096af874d7df216e833b9599c673a

SHA512
fad80745bb64406d8f2947c1e69817cff57cc504d5a8cdca9e22da50402d27d005988f6759eaa91f1f7616d250772c9f5e4ec2f98ce7264501dd4f436d1665f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
40KB

MD5
dfd4f60adc85fc874327517efed62ff7

SHA1
f97489afb75bfd5ee52892f37383fbc85aa14a69

SHA256
c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

SHA512
d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
5fe946b50f50671b58e01acd3f32c154

SHA1
4f0922a90dfba2e200c6b83985388037d8b7fe5c

SHA256
0e5d2a19290aaf2999d750b286a6ac33ae17d58bf2463a64af094a3c164813c4

SHA512
dc7eca1c60f70abfde8ea4dfdf08373d8889eeb2d93280de1a34d69593047d1967ef3bbc0aea9fce6ab0cde7eb8d0435e357ba173d9d8c86c9ce54448b2666b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
126f478d07f497922bd47f72144e9e17

SHA1
0f135fb54cbdc05850dd573bb5c06be7dcefc117

SHA256
0e7038ca68df5cc4f02e4c3d7aad39daf6086375828624fb434ac6b1ace3b913

SHA512
7c9569120279cd4d7458e295fea51a6b32a4c73bdcfe67e94e785d04b4f1c3a1188eb871c9f3eb9f435b130be79682c19c71e2723e264787185ce94edf8291fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
3KB

MD5
fa8bead11ae6b4688cc05179a6766d1a

SHA1
f3b10e860071c01adcaacdc9906bc2344b24d614

SHA256
4d8020d354aa38fe4fae5381f39191cb7f53a1308a297d6f28a23224e287a970

SHA512
bd9435f4dd7f37b14efd0a0fe3ef18c6a9accb002fef94d3597632276e3e3e1fa75b67efbd864c28658fa7a7b20272e47478393c533975cf11040b6a42bb2d5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
3ba2339c4f4b114ba0e14baf75d3fe8d

SHA1
90f645449b61c469bea0bd0459caacdbab7312eb

SHA256
666d96bf8e2ccef5da9ec03ee68e915fe1c251b51eec0946964faeeb08516024

SHA512
585ebf910e65e701d7fdecb7c1687a7b5365597686246e164693d58d4f2c1e854b34ddca3a335dffa28c8d0430b47a6e4cfcd84ccfe7f6ecca4b6b0109b7b11f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
356B

MD5
1f946dd30dd7102341a991f103fa159d

SHA1
42071414a6b36e7ed6ddefb76bc99ac07417b29f

SHA256
011eae6b9f5744270df8900b70df7dce2583aa5ef45621f49487832fcce90387

SHA512
b7383d98efde0f6df44ce86b8f70ae62fde498d628cc9b8146223b9439c052ab7f0da0e88fd6c6f32fabe691c40ac9aca5f59bf55f595c25e379e25cee6bcb33

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Trust Tokens

Filesize
36KB

MD5
d59c2d0f794872da30b2170ff414b3a3

SHA1
a8a18552f4e7a48ad2b5373176b67818744feae9

SHA256
d772e24f4fbec8a21439ffb57c335e6f2c945dd9f70fb56e5a84115e752e3797

SHA512
057f2ee470e79ba6aa5129ae716d18f28f737c0e651be1c52fed0db19075dbdaee09e3f7d3b7ee779dc73cdc51cf72a6d70ec22cafa6e5520dca46dfda9c0659

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
11KB

MD5
2851b74b6ab860b0d69b16d56c5c064c

SHA1
ff7217a42d5f1bb54193c478356e2f0731bf2750

SHA256
b0678fedc545936aa43089f854e84f987e226e1cf053bc2e7e6b7c9d19cbd832

SHA512
375984eb0519f47ffc0d4ac1538f8aacf49b447fa64af856af39ba290ff6a23ea43a696058ef1c2922f1cd782b4a1632643dced1c146ef8b76fd4164da23ca92

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
11KB

MD5
4f73ac5d8302f28dda1618afd36a9975

SHA1
6e52b951166c1cd97b1a2fa888e629d23f84be19

SHA256
a5248d9e6630b1fe851cfeffc6f82a6cbcf980d991ae9507c5a09c422af14583

SHA512
739aff01494c9e36827c97408aa3067bd8f68290be736d8a4b4582f79af52e5267a838163de72621d8cab8ad05837f4836c10a3da2402a3bc04687c822d4ce9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
febe8b30c72b9ed5786ae265ebaf844a

SHA1
010452344e00fcf8609b9df083803311efe683e9

SHA256
72d049174f8bb874a5db67735ce76cab400f25a72391ec557ef2720785b4c4ac

SHA512
01863fd726d2bb344f368673a31df809a58c810940200a8cf02d1be09ce92f1d097419fffabbada9651d2977948111e0916e2012d92974f96ce7c942ef01732e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
19KB

MD5
355ac55ecd4e8173958ac7174a7361a1

SHA1
6a436d50b2538307f02ec6b7e6f33344765b337d

SHA256
6666e9cbfa8a06f12ef0a768f91356171bd37f01e368a9779a2c2e6661c67b21

SHA512
c630b5b9556b96b39705f7b5106878d3b3fb530d99cc6911b00b1feae5fb6a919724f66969d19ba1a1e92979fd397beefa5b4784b7aee49ebab48f91b766f751

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG

Filesize
336B

MD5
68f4ee2df2b8ab70361ff2cf5a607478

SHA1
7cf379ace5304fe8b4be566a447dc3a82f9880ac

SHA256
2dd8bddec554ad42d879e126be3ff0950dd9e051e196b1db0f084e724d82368b

SHA512
af6b05a23eceb6e5824a2ccf10fe6a4b53a46ff683801880585a9631e3125fde3d1c9d6d8e44c2f5365c89a1ecc1401e86ff106d1becd6ba9663d935a3fca358

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG.old

Filesize
293B

MD5
9364fd75615c5cf775dc8c4f4b45ea47

SHA1
12936544942f1344721d257533882054cffcbabb

SHA256
a6e8eb288f20a96248a747fd852228ef078e3da88f2fefec96f84f6e68040075

SHA512
c3ab9e7f3e60872c4b49b41b6f30d0f52364210785acd0bc491e069fd41008f45b3d862e5f1f19c4cc6d8f62bc920b56d51353f113ecb3ff49c3a9791167e975

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2e065e04517ca9bb5b77e20f64477595

SHA1
6f49ec0d21aa4a8efb476e02e977fd379285cbc4

SHA256
112203cc29c05b6d69b57312921bf9464332bd81cccf5b95fab09f3bfdf73889

SHA512
4f0a735f0dd0221bb366f1e303a8f1be1882c2595090d4f1f6380d1d369cc8e8aa8d83edc52ca779b9e33915ad9bab3c44226259f566f6c92d213d38d42a737f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f01d.TMP

Filesize
48B

MD5
ff1801263afc171724dfdbf11d80298a

SHA1
2f45b8cfd73712c95a142ce66c598a9311a73ccf

SHA256
1d394cc2b3f7b52c56ae08fa5d79ecc08ecab63c0f0592142fb05dd56da65b2a

SHA512
0a9970a8611ebd92fb2b3787dfa948233fae98f71145573a53962fcc1362b687548e08f0d8b85aab31e3e77ea5c7d2f49282983d936df6ccb10f3e3d3c8bf148

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
71d796e47d22605eabc1f413109496d5

SHA1
c217382095021f41f07e8b18550ee470a43a8333

SHA256
109b7b3d089474b38092803950df5d676464f27be966773796701496c8170fc5

SHA512
361a62fce9ef19d8060e36b573287e0514510393c3ead827e3b48f3f233043e25aa8c52b1b7f1222e4ba350465614d10f321ad4be57db13614ee1ca1143472d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
5ca5776b2bb49d1821cbf18d30a90bd0

SHA1
40a19ed926fe6fd3f55425b8c5c7a096fa324809

SHA256
d321a8cf66d6047f67f20a8ebcfcbab8bc9fb8d8faa6c80502ddf6ada7346a10

SHA512
0fb5516b176afcd831a00117335237633d3942c6a93391d5492dce5663aa007df6077c30302e52417b7778303c2fd6bd48a9df3999a94bb39360551551324c08

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
307B

MD5
54a1a13081d17f29a56e85afbf8a5064

SHA1
bb13698d6f26062af267dee7aa1afd746661ec44

SHA256
d420f46e832de0957828e75769de56ad5e93c163daef05dcfb2ccd97cc6f7f23

SHA512
279e41ba21c904036177c5bf5cf5fab477e77c84a9fdd9db293f586610ed2e73f5803f916daa4c0455859df8f38d2cfb4c81bb67edf8a1529de05c5fffcc2ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnWebGPUCache\index

Filesize
256KB

MD5
0671077a2d0eaa4c26c6ba6cdec5555f

SHA1
b4300a8d9cb6614a9bff1e9e7f0ec232f4fb1f3d

SHA256
2683a25a876d3a6f4fc434d36b01d3e7947c1281693cd9a9063dbf4a48f32fa6

SHA512
4f1e56bf0a99179de0274d53418083a96b690503ddf1499f84518f5113c6fed2a6b0b2a05995830aff076cc471b19a4a4d440dc3a00348c86f00bf375822c1b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\db

Filesize
44KB

MD5
b581f0ff8f8aa3371ae47b48c95329e8

SHA1
4f588efadf3675f3526cbe762c50eb8e79d9f2e5

SHA256
f8e7cd835195e4eff7855d20676484ca75f7e7e4fe5b13164fc926b365e1dea0

SHA512
e0a79452acb39838afea8ce34e05c7e5cde68f2a786fe4423ddf2588fc6047339e8e4c3140d7e0447f938b2266f52b9ddbdcc0f40c495d833b47b3f27d7996de

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
d8ba3849a4479a214a302a46c136ce1a

SHA1
37cffb7392c1a3268809a308313f089b2e2c0a6a

SHA256
1bb8905da6f5b0202ea5531aa30b122991d42abdc93fc27eb0548d0e7fb36a14

SHA512
6a8d4ef489496441e93bde407cb21053acf0d54bcad8bde9c98f6290168490f6db4d0134c5b7e00c6ea8031fb3a54ad6a0914e829892331935c4b348161f137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
2029a16ea990974fb6b48f3e1b2ef4f5

SHA1
7d2b4681eeed72def02bce2dd752d1f6c4f875e6

SHA256
7845fe32c9799532fb58cdb4c2497a0b6f80248e150c6d3f4baf922a27343f50

SHA512
8f077152a1df8180ea02cfd6b811a604f17d5818f8d693e97eb7227017d7bed53cbeab1f35cbc43094310315769abe92491da371087b914f58ae08928387dda4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
283B

MD5
2d3504ef321e7d0920318b4511ef3e4f

SHA1
ee882b763754345c6b3b69071b81804e4c00b83b

SHA256
cfb00d7b0313348b9e03cec09a04227b712b0d99f6a32041a17fe005d41d4704

SHA512
818802d7260239619f5767dcc4003d4ae56693ba0faf00b5d6950858b65e2651ecb16bf18fa6e4a0b14cec089cd89bd36f2ea6249c1e638d2faf273ed9b76bb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
83b99fecb72b4219799577287af2efd9

SHA1
366a25cbdd423aa88f1d518388a548dca1dcfb94

SHA256
e978a3baf7b7c9a9580e14397058a18f5a9f52d91c9c059d8b33a184587807df

SHA512
8b4cf72807fbebb6447b9d76c4f33ed2ff7697afacee249f2366cf5c773644749f99f7827b54707a241d3ad4644e29c129479fa9e9ad9bf365dae68ce9993c1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\trusted_vault.pb

Filesize
38B

MD5
b77fc97eecd8f7383464171a4edef544

SHA1
bbae26d2a7914a3c95dca35f1f6f820d851f6368

SHA256
93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68

SHA512
68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\GrShaderCache\index

Filesize
256KB

MD5
d3125546f2733d5e997f6cb803609548

SHA1
a9b36b7dbf29f554f924d06b8c445e0584d79d24

SHA256
8259786d71118010a17641f275f37fd17e42f9034dddfb2505ea6d079ab0f45a

SHA512
2a12e618ce46a7951e7962495130b42f3594a7152c13d8114b9382bd83af12a78202fd1716248a416ae9f8896c3a3c86cfa701cc10f6249513349b2d51823bcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
80KB

MD5
81d19fe68cc020ecffee08ac50bbb04d

SHA1
847818603c4b492131ed6230717ab1704399917d

SHA256
ed7097b66ecb9e69361055cc5ee099aa1183de98dd9661a4e8c6ed9ea25b89da

SHA512
c009426fae6350d5db8e4d057fa765ded7c4ed7a821f6684c09153d75e36eb9ac83469d1e4d8ab997d53b8e2fa0a1e8d9fb2a1b83fd7907d2c09460c6f40a363

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
81KB

MD5
ff15216f23ad70beec50360c58800b07

SHA1
9039fed96f67a867bb9dd58ebbf11e1eb022ed65

SHA256
eddd608927b4a63909b2c4e0a68e3ddfd2cf59a7bb7b0203a3a13d0e2efcffbc

SHA512
bb992e7ce5ea9c6df2d714287a3c5fdebc089a04c351e7ea12618861a680c59a46cca284b0a1d302db91324761dc81bc435ffb9d9594f605e581e551f40df2a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
80KB

MD5
65d2410fadbb17620e738c584bf7bf23

SHA1
f7c0b8b483488eee6d4ac80b2662da574472020f

SHA256
9469306d2530d2809d9bd3d7ea43be20d331ce50046cd941b95129291e4675d4

SHA512
abfe579c5fdeef09a4a5f0888dab66a7dc351d292253d632484d9510ae33b54817e9bcad9f168a789bf848e2995f9fa482f89b490cdaedde55b5556ddfbf3fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
81KB

MD5
566c00ece372f35fbe09a1c064a56b03

SHA1
e69163a0d3d0771c16eb092178ca4387d73a5bf3

SHA256
263dafa317e38f89bfe7e5cf444a1b31b08e0925e9731e1aab2d35a598ac936a

SHA512
a2d107d4e59a7dff3cbfa0bcca3b983b888c1d130bf52b682faee3502da4705d9bb0bc2fda2c1f3b41a6983b264b55c5d6acaa106e9d7043c6c73727624b3d21

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
b8a97d789e21ce3fa91929fc9d441e4a

SHA1
636bace17627934e866fd90f1002f7c0496a17f5

SHA256
1fe9494fec63c46d361acca1518e6b928b0aa811f1185be1ef5c71b6b84f83e1

SHA512
ba57e720e79daa4cc5d1090f9083fd83f0018a679880103e109ee8aa1a4820ee9452bf30f3665613786b65d09e723865f890ceef8377e2cd0b546cef9592fc6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
2fed3400ffc7e1641c621750f76c0981

SHA1
7d68a6bcd8fcbb51ae4fa2310133d1e45307e913

SHA256
c87defb2a58e623574e7e0f319d4dee176332f2c185aaf56c7d9acdabb574754

SHA512
084489c8ded3137320c611bf5d8f2baf5ecd88bd8f2afa70e200a8300522c9d320532349df34a37a1ad69b7240b5390dc90c79ee0d93633fb42852a69dc3b853

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db

Filesize
4KB

MD5
b9263bbf24428aaca95d04d04f3aeb6f

SHA1
5346015345f6df766df4bc9b42da076f6fdd440f

SHA256
1fe8f6113488865c546d2faa55b21482662ce4be19d4f505eeefa09bc3131489

SHA512
5bc2978bc96e1347500db552e2a2dfd9e5df25c8e16d3ab57e5519de43cb9c08f5aeefd1a6f6947d7fa253505918763b932f622636fc2a7a429fa72a5b49c7cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db-wal

Filesize
88KB

MD5
e38aeac0cc9ee7994a109b23f511efbe

SHA1
3288a05e668a2ffe37a39990d003dfe4e38cb609

SHA256
6acaa85e306e7fb700f0171a5869185ba306c5b9477d06a09c3297634207aeb0

SHA512
29a7fe1ebeebd2efbb033689aacf26e2ffc810c2324d506f5f0383c641a73d11ee00415e80e5ca930339d2b1a32ee312617ed679533a77e0a4504cd9d70a8540

Download Submit