socelars | 2aab8d83f5c4c2ca50ab0cf0418c6b2dc6685fd302826d8c999b5f1be7317ba8

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Size

1.4MB
MD5

09b950f451b5ea82a536f2b9792f8bf8
SHA1

0e9261eaddfb7dd7a7bc087566dc5fa7a8194bce
SHA256

fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8
SHA512

669e9655d32a42a9e6dbc0fe917807bb2bca26214079fe5e29e393f99b5e43f3e2bfd7651d02808d7a6571b34bd817dd094b276aa26f08a72a5c79c98587382c
SSDEEP

24576:Hh93Gpb7GggFpiCsNm/xIReKdyIiJxplFRyxaNI9chelnaecXTC6K/8e9mV:D3GpzgDiC/iR5dWXzR1NIGklnanX+6+y

Score

10^/10

socelars discovery spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Socelars family
socelars
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	iplogger.org
4	iplogger.org

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
2052	taskkill.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5908	chrome.exe
5908	chrome.exe
456	chrome.exe
456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeAssignPrimaryTokenPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeLockMemoryPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeIncreaseQuotaPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeMachineAccountPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeTcbPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeSecurityPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeTakeOwnershipPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeLoadDriverPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeSystemProfilePrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeSystemtimePrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeProfSingleProcessPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeIncBasePriorityPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeCreatePagefilePrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeCreatePermanentPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeBackupPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeRestorePrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeShutdownPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeDebugPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeAuditPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeSystemEnvironmentPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeChangeNotifyPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeRemoteShutdownPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeUndockPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeSyncAgentPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeEnableDelegationPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeManageVolumePrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeImpersonatePrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeCreateGlobalPrivilege	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: 31	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: 32	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: 33	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: 34	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: 35	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeDebugPrivilege	2052	taskkill.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe
Token: SeCreatePagefilePrivilege	5908	chrome.exe
Token: SeShutdownPrivilege	5908	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5908	chrome.exe
5908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 4936	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	89
PID 3816 wrote to memory of 4936	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	89
PID 3816 wrote to memory of 4936	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	89
PID 4936 wrote to memory of 2052	4936	cmd.exe	91
PID 4936 wrote to memory of 2052	4936	cmd.exe	91
PID 4936 wrote to memory of 2052	4936	cmd.exe	91
PID 3816 wrote to memory of 4844	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	97
PID 3816 wrote to memory of 4844	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	97
PID 3816 wrote to memory of 4844	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	97
PID 3816 wrote to memory of 5908	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	100
PID 3816 wrote to memory of 5908	3816	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	100
PID 5908 wrote to memory of 464	5908	chrome.exe	101
PID 5908 wrote to memory of 464	5908	chrome.exe	101
PID 5908 wrote to memory of 3168	5908	chrome.exe	102
PID 5908 wrote to memory of 3168	5908	chrome.exe	102
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4608	5908	chrome.exe	103
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104
PID 5908 wrote to memory of 4024	5908	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
"C:\Users\Admin\AppData\Local\Temp\fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4936
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2052
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5908
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffdd971dcf8,0x7ffdd971dd04,0x7ffdd971dd10
    3⤵
    PID:464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=2000,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2140 /prefetch:3
    3⤵
    PID:3168
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2088,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2084 /prefetch:2
    3⤵
    PID:4608
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=2348,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2544 /prefetch:8
    3⤵
    PID:4024
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:4100
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:5684
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2400,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3688 /prefetch:1
    3⤵
    PID:3712
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3676,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3724 /prefetch:1
    3⤵
    PID:3236
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4596,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3164 /prefetch:2
    3⤵
    PID:5656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4600,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5056 /prefetch:1
    3⤵
    PID:3192
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5156,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5208 /prefetch:1
    3⤵
    PID:4936
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3828,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3692 /prefetch:1
    3⤵
    PID:1952
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=228,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5672 /prefetch:8
    3⤵
    PID:1196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=5548,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4212 /prefetch:8
    3⤵
    PID:704
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=5532,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5740 /prefetch:8
    3⤵
    PID:540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4856,i,7289035015610701758,9218820711772219106,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=732 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:456

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
15KB

MD5
930a7d7be9f1129cd7c59e6e1aaebfff

SHA1
27735bbc5617339f38c27bce37126bab62a5c9e5

SHA256
bdeab027673c08b889e490b40ca289da9bc58ff428e739e7df1e421b7ed25531

SHA512
f12c9edd55f87f55dbaf576aaad295b22b322ffe662893b8744c3eef06be347df7d124a067279da21fe1b9c44f4bde007f0da04cf35bb95e68abc0500d125db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
26KB

MD5
029c53effaed86331055c63d264c3316

SHA1
859bb39d27b462a73fc9131f694b69c8c118b3cf

SHA256
3c1453cb6fe4c7ae8945d96db6c19e3eb58702df65ee0244f8f2444b20e93068

SHA512
68d115d79428c906ca377091f30c207de92ee9450e22e94a35fd7753547cb582ae36434595f1c0e444bb19d5c6dcc214fe58a9987f690486800c8ad91c9642d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
19KB

MD5
37d8c01b3c1c8c5336081354eb64d3be

SHA1
ae949216465fab2768d3e051ab3133b60dce6a1c

SHA256
b85ff617646984d73fd5d203c2ad1f8f05ae986bf9fe900a3baced2c894e8648

SHA512
7473d279a7e0966e95fc904cdb2002685ce7ca9f55ce832398a5171997914934926c15aa4524a8a30790fc3bf83e6aec48028abdb720d9cd13d51b098b2a6c33

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
34c29bdb9e41b1f47f2d2786762c12ec

SHA1
4075131b18c3487e3e848361e112009c897629c7

SHA256
67ee11b51cd6f637795e31ab501f135ed595c8459bce885735f08b0418513a17

SHA512
ca3a978798e77b2ced27b379f38e935ef18beaa7ea23e34270a9af20b37e1b1c5edf9478606311cf1acabd83992766cb3da8444de9394c674d5955bdbc53c0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
a25349293e27bc6087fbc8e3c7ff0ee3

SHA1
80a0f7ba91bce27eccf942f47f05ce6f175f3878

SHA256
576caa302dad778d34f1813e3f35e7fa7f22e0210409a169ab42e16e6a7fbfa1

SHA512
abe77b4fdc9efb25c5f9a8a59414ec1e26f175a5dbd137925010a1a941c0b3ac2b3c0f8bc16e2e5fc7998ab9872f4d04bd70f70ebcf36dd7da4c198c3e5245b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
52KB

MD5
c94f7e7abfc9942bae7098b53def6fee

SHA1
6d794aa9208322c25e8530f8cc19749bd21204e6

SHA256
20fb68d08674a2fa9fcb64a6cc6b299ef0112429ea96bee5d48d883c0a7aec2f

SHA512
413b32b89063541e92fbf42529d22ee6c0acd03b365c7ac94916e1b5af13ae121d6d6fc0478d4e44d8b8bc831310dee3399b2b539a8f1409a19cc9e1cff0c714

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8a80f475e71d561c2b3ac39072b68bf4

SHA1
b174fcfebbb0c788db869490968fc9dbe53cd7f3

SHA256
a404379fa36363d4fa7fc8beaf01927ac3a386244fa24d0822923e99a38236fe

SHA512
2957965a02b0ceb634277f2a8777933b160c9c62935b21de8c6b7d4bf6f38da467aeddd1001799add491c7e8b65fbadabcddb25a02ec537531ae86b908e943d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
eeea4ab4c2f7db8623c9d063493cf247

SHA1
7c8f2ef187ab120489f954eed856418bc1855ec2

SHA256
46512394ee7df5cfb3bc75efc53dc5e9fe96322a2b5a3552ff75deaf385eb488

SHA512
c58242bce4975641d3ada73ca37f424b555d5025c6dca4b5334f7feeaa6812289ef2cf448374a90b4395921f77b520160175cf03e5aafb998e923ba26b7321ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ee458c576462501c24c686fa33f18aba

SHA1
cb4a9dc7b3c52f336e88c021af0cac280926dd0a

SHA256
e1c79b14eac2491beece3c695ada02114397e4baadae0836a0c0e98cc8f50241

SHA512
68064cc7726877d3ee65921339b9ae613b90b29b8d3b362a694720e968582a6244a89e6a4b1ec8cc636a50c5cb38c51d6f1205dc355eae4542dedb3fbe4b19cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
e6c865af447989af23406a8ed9965dbe

SHA1
4c56cf64b5ea43b1ada13aebc10acdd078aa7292

SHA256
dc1a7604e9d1d29f45971df248ed36aae6f4aa6630b1b7440d1cc95af0110e5a

SHA512
d5752e4233f71b83c4211567fe21b906e561688547965ae0f5fb24a0ccea395a950829e14212d0a4adbec4b17393d716fad54c94c89073a8e935640356a9dd24

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
c8a14a9de994b06e39dbc1b5f131037e

SHA1
49fbb6b59b478a03cd283df2cc6a44185f462de2

SHA256
c98e2a86dda7d425171a8a92e30b3407211ecc0ab49d63d1fee801a54fc1eb3a

SHA512
f7a1984882de8da2e4f5c7f9c44be48ce4c5667655af3e677d5359151c908ecf407f42280db5b3072350bdc01c33026fb177b87dbe1b6c0dd0f72ddc784675ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
38KB

MD5
0dc52d5156e0e3423a20671f85112a3a

SHA1
de63219e966279d23d5d9ebfb2e3c0f612a814a0

SHA256
55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f

SHA512
de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
35KB

MD5
5f7068b574ceeaf1027fc4c6c116e85b

SHA1
a745532b555c1611a5d1902da6fa0207e31c2950

SHA256
9ae63666a7a2da2e4b7494a192771250757c3ed8b1690f520aad99f7138da0d3

SHA512
9584c7c9fd2419b147e2ddff5857c05e2f7306bc6933dd3221f7af8d8d2272671766b6769195e9f05cceacd769064182804a31b1d6f68b4c8952b3b738020de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
b7a098273dd5a61c44b350166a32907b

SHA1
29c188e9295bb37bcac772ecb4738f4ad333acd4

SHA256
2a9770f3b14cd26121832e4911400432587a0eec641d4e40d553fd5bca6912f4

SHA512
0a617fd80599e567c908a369d412f24b941d3bb876694df01ef94e500289a619c46bfb6de04d1e9bd6787b866a8e74bcb38d8b6f49ee0ac087b0399c6c1926c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b8cabd7a1fb50fa2d6d28ffa43e78d25

SHA1
2a47a5dc4adcb90f200927079810408bb94add24

SHA256
4e532076c2a0c5d6fc2b77927948c3c811fec1f230434bccb7a01f39aeed7f22

SHA512
78f6499730e1e97ef4b77cc8cdf6cd0db41fe7284a4ad9dcf2c8ff87d72b0ade1994fbc56aec73b18297e48baceef658ece5b84110dd494f8a0aeb2a90c72d04

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
99007ed24da8f6d1ff0ec4b29030b6be

SHA1
c0eb98759d76b6ce67f34686133d65a33d2ea5fd

SHA256
55a354cd350412c791ed20ef0c2c37519b10a429fa44571298d7195c329e3412

SHA512
e228e9c833db5f4602f61972ecce3ee0ca2133a5c410be4acebc11962c25b7d95cd50aedd68bc06644983655cefea862ae3e14ee13dcfc33f36d4c10c65c5db9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe57e697.TMP

Filesize
96B

MD5
e035173c4ad41a7af78424816b7a68f7

SHA1
2b850448982075979f836996f0100cdaa123f287

SHA256
65062362391090d3e4a8cf42b98a50061593ff153740fcdd75077d825faf7dc0

SHA512
8812eaac14600d4e4e930c7fa4d63b8a472634d99b62fbeb3d4f15fb361a4b9990f17b1723fd2b06cad5648a470064d8693da3270d923e22989ce2ee8ef501c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
7b819e603fd6c554dae67c6b1c3845e8

SHA1
e9504f8a9b343ef5ab7e850dcf7032e90ac20e54

SHA256
86166821bcb9a618942df37c91b0b72d6c907b59ac51db57b539a24bfeeaa9d5

SHA512
4dd53469ed7ba5961302a3fc0145086bf478ec0dc60fee5a34b65d26c894aaf51ee87ddc453572d72927b1397533edf5f40c671c1b9c780e5d233b3209f21031

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\index

Filesize
256KB

MD5
1b4f7f143111a139bcc1045323c2d37d

SHA1
b0c5923d0a9aa6988c004a669419716815a7b4af

SHA256
4a852fc365bbdf0f1078c6c3a0938a8c7e1e8ad929b16cd75785a1f22bbb8baa

SHA512
3ded65abd0b768f471274fe65ef8a3aa3646e3c2e8bcb607ff728aea463921b0611c201f602f33f7bfd093589a369f0147b5d561db3418d31cae1dc2798303e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
babd43551f1b29eb82e221460676126a

SHA1
e9bff307613a14b35830893bdb6d1ecc931b425d

SHA256
46b5ecada4edb2585f87953f7847aefc938be2404b9d9455c772b97295b7b1cb

SHA512
5ab681c170dbd1d374bd66edd02cbe21272819ef7389ad1e886bcba112deb91eb68fa930747986da5ca794881939570013e38edd9f8e6f718f7d202e74a82f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
160KB

MD5
9b85a4b842b758be395bc19aba64799c

SHA1
c32922b745c9cf827e080b09f410b4378560acb3

SHA256
ecc8d7540d26e3c2c43589c761e94638fc5096af874d7df216e833b9599c673a

SHA512
fad80745bb64406d8f2947c1e69817cff57cc504d5a8cdca9e22da50402d27d005988f6759eaa91f1f7616d250772c9f5e4ec2f98ce7264501dd4f436d1665f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
40KB

MD5
dfd4f60adc85fc874327517efed62ff7

SHA1
f97489afb75bfd5ee52892f37383fbc85aa14a69

SHA256
c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

SHA512
d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
3088bae5e0343d515911e3d4d4370e5c

SHA1
01f651b76b65614c1105c53f5467617845830f7b

SHA256
e4453c3ba7ab409a56e52c601eeed0e05edf3b1cfe32f0f05b00099a93d7daae

SHA512
4d6980611134c55d317b0a6e231845bbb88669935f1864dc346bc8a07790c087e8137a4ca32ea8a188b8e577b09222ff49dd0aa3eb24b87026493442cf41b0c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
159f910112917531d7e83eb67d84a070

SHA1
412bf31b8f146905909d171c89bb56b27430ea40

SHA256
bcfa3cf38f44289441a1f21c36b6b34bcebe8b946f5c85fe6572ae1f1c42c045

SHA512
11479d3712d59cf7ff38c35588c3d2f4bfe30fa83503020775d6f922bd3dbaa64e307cf9c9d41c7be3f8e37644991a643e06dfa6839607421c586dd324178aa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
3KB

MD5
6d8961cf7fae495c368de27727d728b9

SHA1
c0646441bb59f30326a6a5c5151a31d0a068818f

SHA256
a09e26264a94d990adbfe337dacccc1c13794c0c5fcfdf579f68b49833a2ebad

SHA512
9f4342e028e401d73e0578ae0211d550dfc3f8316af0cf6d4b81c1259bf9d3723cf0677eb981fd50d044492906840b15ff9366debc80b0a2e78c6c8036c0be48

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
876a9a916326d7b262633013950dd45b

SHA1
02430efcfddf127d39a6525bf6d3f5cc884ea518

SHA256
b3720d943bb64ae1c41be32f6c3970b4b7c62cd8e8871a85c2299c2853fdf1bc

SHA512
dc9405dee95d26dce2e20d199e0597a6760ca41b88c46aa60addc4bf7ac6f90b12069efa93081e834eb27444e6398b59266491555fa3b0796852ebb3b90a07c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
356B

MD5
6f370cab2aef88070de63742a9c861da

SHA1
aea3e78342ab8c4b7f13a6893dd038d29cccf84d

SHA256
a23c3d047c76ef31574a88b314fe3b3eedfc024916c49a120050dd596a27db4d

SHA512
a1afade6b30c0c9134b4bc8202bbfb7a59cbf82eb8d70e1d473cf397e03e6998118e93ec4d3b8cdd1ff1d23f25cb95d3e7dba34f6d0699be0f5ce9b3bb8116e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Trust Tokens

Filesize
36KB

MD5
d59c2d0f794872da30b2170ff414b3a3

SHA1
a8a18552f4e7a48ad2b5373176b67818744feae9

SHA256
d772e24f4fbec8a21439ffb57c335e6f2c945dd9f70fb56e5a84115e752e3797

SHA512
057f2ee470e79ba6aa5129ae716d18f28f737c0e651be1c52fed0db19075dbdaee09e3f7d3b7ee779dc73cdc51cf72a6d70ec22cafa6e5520dca46dfda9c0659

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
11KB

MD5
f86963953d1841274be2ae15c4b70daa

SHA1
4c7ac69a1920ac0e670c18f084cf3124bac1b198

SHA256
8874a2ccdc14e63b6123c6a35828383a623599a043791c8ec1cf9031ee1e5894

SHA512
aaf513db9c2c931f321e3580439d4d73ef7303130f47e5b599e050094ad16f7baead6979e5cb9ad7377e1d1b37157021d43d81e3a7aa5febf945fe1613b62d7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
11KB

MD5
c1965d5c98b26f7901c460844485c6c8

SHA1
4f118694d9fafcc289581922e7af1502b538071a

SHA256
97c800c3c8dcb2be00d0bd9fcbb8bb478525d9e02910c47aae33326d48eb6fe9

SHA512
ecd030aeadb3c4e1476d40a97402cae0b425ca8cf0371fcc03b38a6333c1b5acc2b3763a5a217812cf47d601965f1e8c2f0ca4986f8cdd6edbd203b95e1863a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
19KB

MD5
f3c2458b4443c52cf337548f1009d582

SHA1
f9152b10859ddbdfdd0355ae428ef21d463d3bae

SHA256
e46a1f014947e870806e991501f54d429408f87a9a5e3349020b7edc84595529

SHA512
8037d62ae07d41d92d2ae7494482e90323165cd0d3c0ae4571b0bf7db1d034e107b691579b28ece994211922bbf04f903c497c1435731de523aee1af2578cc75

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
8f470ac4a92768fa9ac7131de1a4a7d7

SHA1
0dcee8e6f86133e4c79012232da6900c8ffc8ba6

SHA256
f588d26df4527d271e1b50470942b7a9d34350c7828671570bcf35913eea6f0d

SHA512
92ab6cc8da445d3392ebf63429bec4bf378417f7dc9f612b90bc33ea192d6bf2bd9c3eec0d1d01763f3ff4d16bfead2a19c76a8c596ab9b7fe6458cb7942a165

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG

Filesize
333B

MD5
0f400bffabcde3fa8f95575df640b1e1

SHA1
b1c96a6bffe631176645b2f7a2183b294673fe11

SHA256
b817dfb3dfcdbb60586c0f761946a1d71266c811d8deed0942df24a3941d6cc0

SHA512
482a73f06a850bc5634d6f9f8c90cd2982af67709afffbb724b14d010bdf460f6f55754196e078c7e98f9888cd0720eeadfbdb1c6ab8d4959146752486831994

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG.old

Filesize
295B

MD5
2bdfc3ef4afeb76a17380ba1bc73639d

SHA1
a53070bf2d335c36e9f0deacc6fc50c750c401bc

SHA256
f9cfd70ffdfd34ff23ceb57552b8e66b2b06a4c3403e3c344847907cce3a230e

SHA512
0eed8a5336a754c44f25ad0f07c020a30029ce70fd01eeaa99656a4ccb502aefd2ff87f81e334a77c2fb6421f2edaba5d4ce395c2f272534c81b5c59583ae745

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1341d4091ddbd74767b5e4b4e730ff01

SHA1
ee92671b38c83ebc0d5634bf650c678afb173a26

SHA256
06094a6f8c9af80e6b97dc8aa4da0d871375649758120e2b785f443703c11e18

SHA512
8e345c033163669e3bceaa9bd51d9f67e8e02f8236b863705c9929f4eab1cb560171899e18f712f4423a232e111e11405cdb0940a31f42c666423b8e48d6e8b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dd60.TMP

Filesize
48B

MD5
9e25934942bbb497d3effb4f7136c9eb

SHA1
ad54b8da6e1307df8534bdfd2f8a5b95ce4112c9

SHA256
ecfd846356e030f89d0f31ed3bfb12e31df681bc1f70edd4e1bfe32454a2fdf1

SHA512
840bf0068ce9985ed22a67faaf01782d855a195eef5a821c9a6d817bfa91065dbf43da88ad0e967402372c67f8af11152b8a917ccd91a5790e94aafac6cc666c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
4be7a0b07b1796de823d4a542502b3c6

SHA1
ecee1309e15a6f73222c8e63dbed4a22779859c9

SHA256
d425f368b4888caf037c98b5eae0d262304427c1925be943e0f651ae2abb483d

SHA512
758bf0c9d97b431cb814008c7c691c857b8938dbe5d433be2fa2ffe9cbd5f3da3813274f2bb20a182fd980bb8863c4eb64ad7584b511867f35ea178fc284ecae

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
a8408d606e771526072656478fa0bb8d

SHA1
7bd2285a37add8aef6841a21d3942b91f7648626

SHA256
7f05535ce0c7cd4b2d01ed8fc602ff5de27383df6857473c182e378a1c07e72f

SHA512
dd6eb83617ea7096820f97dfc3c8cdad9ba577f505bb391e0c5003d79c06b21cd0254a7027bed5a6b1a2047a46318ba88ad64bc26f2a383c70b02775b776d14f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
307B

MD5
09416bbf0aea8a696ca4a950bb6993fb

SHA1
2b7d588dd1cfaeb0e4d995b2baa4d0c92fc01774

SHA256
12fda5c678a3468fc3d3fb3ea08757d9179c0e8d9280d1c41473207d90082e9b

SHA512
427a795859e003e355f47b820615985176e6db1247db01ba9ce985f7eed5788256caaf77e73568b63d7e4fcb4e12a368862cbebaca4d42477d0a7bc9707515f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnWebGPUCache\index

Filesize
256KB

MD5
189093ab72b2cfc211e0aa5e6c57f7a7

SHA1
06cd33e9c63e4bbf4d87c2c5f32ff562dd6eb5f9

SHA256
1e6c8d1fda72fd76d0604542167bfbbf5bbffdefc8d3d6a0f819293cb80daa04

SHA512
66185781940a149a124bd7fcdd46d1873362ebfae36d77c61f2cf87b7828b92f1a84338d3a701c9007a577ae125cffbb37268b8303c163f4d350bd1aaaa858e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\db

Filesize
44KB

MD5
b581f0ff8f8aa3371ae47b48c95329e8

SHA1
4f588efadf3675f3526cbe762c50eb8e79d9f2e5

SHA256
f8e7cd835195e4eff7855d20676484ca75f7e7e4fe5b13164fc926b365e1dea0

SHA512
e0a79452acb39838afea8ce34e05c7e5cde68f2a786fe4423ddf2588fc6047339e8e4c3140d7e0447f938b2266f52b9ddbdcc0f40c495d833b47b3f27d7996de

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
d8ba3849a4479a214a302a46c136ce1a

SHA1
37cffb7392c1a3268809a308313f089b2e2c0a6a

SHA256
1bb8905da6f5b0202ea5531aa30b122991d42abdc93fc27eb0548d0e7fb36a14

SHA512
6a8d4ef489496441e93bde407cb21053acf0d54bcad8bde9c98f6290168490f6db4d0134c5b7e00c6ea8031fb3a54ad6a0914e829892331935c4b348161f137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
18255347c3d1131539ad46b143debfc5

SHA1
ab3ede191f46c0a7621c5a815af234549f3f6a3a

SHA256
c220f39cf5efa90f83a77b7ca6e64f136a52e9c943b536d121e67502e802e66c

SHA512
e9fd88ff94a2d9e4c6ac85b12138accb207a6046f17a582eb2b76c9f988379dc9d35a745eb98116fd302ccc19b231b94fabd4de9a34bf26441300e4c0d099ea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
283B

MD5
92f9a26b983f6573c5263dce62da6847

SHA1
af2fea88ee0b338b7545c9d791db9ea0af3db925

SHA256
a7bbf9c6a17490fcdd2770f4e7469d9bf24c96a37dbc91b5943cfcc5708cf9b6

SHA512
6807fc28dca9080541b2afeeac7cf23e1262d60b3267815e885b15c10fbc6afbb09a59a4a4040abf0507ee73cd25e73907a32910b1841d01da17aa429c724853

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
a57d831ba8245bdeaca3280d740105d8

SHA1
ce29c59c50b002de2786087b197b610f7b325bb6

SHA256
e8eddbb0db67cfef7ce1ecc5bf59bea0ab1966b202dcaa185a3655783d17d747

SHA512
c67fcfd38b5af522c728b803abbf7c95e9eb78fcd5dffc5151eca79bd264253d288fc50c534abf7d0a4d8b3c8312a558fdae43925ad6e26f9ccbd94be2dd4803

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\trusted_vault.pb

Filesize
38B

MD5
b77fc97eecd8f7383464171a4edef544

SHA1
bbae26d2a7914a3c95dca35f1f6f820d851f6368

SHA256
93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68

SHA512
68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
81KB

MD5
52020b94a647c16cf3b8e3ac5daa6904

SHA1
f700ce609d688a8327f9913f42689b5e8e5727eb

SHA256
e61e15ece10ac7fc53e98434f3cf9ba76a21114b0de9ae607f45c6cb38ffc0c2

SHA512
3e38d5a2f17ce5d38535ad6e09c626a9031c755bb3071bf37829366810c04d587751bdd8ee1156ccfdf48ff678c2c6375aa7ef49ed7bedd4a5adf89c118336c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
80KB

MD5
f8002f7bd6aafe6ec6d6ec07950e8359

SHA1
44e1ed92a3186fc5f94f8bf4ef61947c790c07da

SHA256
323be07822a89607377babad280c41ae643146eb551d7baaf1b45c673dd96254

SHA512
e7ef88e10538ff5664d59fc4ce87fec58386d7393aa73bdeca993b4c87120e2c3983823027b5483ba492c0c95204892365e07a7be2defb7a836c2229f00ba760

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
81KB

MD5
facbeae7ad14fa7f91d58ffabf91ade5

SHA1
4d378111e7f4258797a0523cd1b909c8304856b3

SHA256
68bca655155f46a862c05a058986f1569f7d716e378efa97a336623a4fe7b6cd

SHA512
c63fb125f38333b9b716d104811ad916580c6852b8617efd4f09abca953a240a03c886bb9c8779bb98840ed42831e3b10f233c32befbebb51b93ae04720e57ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
79KB

MD5
b684402cc4604411dfbbb6a0a974195d

SHA1
e0958be35bb16ca2e07071144fdd0fbbdf3505b4

SHA256
104c6a1003303d5d74728b77747d5c6c0322e057bb513b06b265c900dd68508f

SHA512
c55fc6b0cd4a98f99a6a5281f1a7d7b41856a35d4d3a88a8ebc8dfe947297fcceb20817786c9a3d0813c9f7e288f46ff4aed0dbb4bb397948b4df5b5facc3035

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
149cee9bd7052b3a320ce9bbf5a4ce3e

SHA1
14fb38ac5ea95f0ef3a9dbc386a7aa6c07ec5f33

SHA256
b072f7b0e72d26f60b97b3706b47fe4f6e2a1c67b4ca622afcb1540fe49d60b3

SHA512
3dfc4151734cb9586e4ae3f3d12e5fbd78e7f150117813349739abd49e5bebace4d96a694431dedeaa0e2d3618677e240fa0761088b1a402512e06c9c553322e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db

Filesize
4KB

MD5
b9263bbf24428aaca95d04d04f3aeb6f

SHA1
5346015345f6df766df4bc9b42da076f6fdd440f

SHA256
1fe8f6113488865c546d2faa55b21482662ce4be19d4f505eeefa09bc3131489

SHA512
5bc2978bc96e1347500db552e2a2dfd9e5df25c8e16d3ab57e5519de43cb9c08f5aeefd1a6f6947d7fa253505918763b932f622636fc2a7a429fa72a5b49c7cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db-wal

Filesize
88KB

MD5
0c54a3b61748eeb0ce32786bd461b3ee

SHA1
d410034f74ae717b9945cd2b251695d11a6487e8

SHA256
4388ad7a85f4266707e8eae1681568dbb0f88c39035df66ceca047c2418c182e

SHA512
7b4a104a1df98f180836183ca2665514f0d3ec1585f35282701fe821f13851dc2ef35b9f2e82accf5bdf7068d83614db74af62757397813fc162bdf7d3674d50

Download Submit