socelars | 2aab8d83f5c4c2ca50ab0cf0418c6b2dc6685fd302826d8c999b5f1be7317ba8

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Size

1.4MB
MD5

09b950f451b5ea82a536f2b9792f8bf8
SHA1

0e9261eaddfb7dd7a7bc087566dc5fa7a8194bce
SHA256

fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8
SHA512

669e9655d32a42a9e6dbc0fe917807bb2bca26214079fe5e29e393f99b5e43f3e2bfd7651d02808d7a6571b34bd817dd094b276aa26f08a72a5c79c98587382c
SSDEEP

24576:Hh93Gpb7GggFpiCsNm/xIReKdyIiJxplFRyxaNI9chelnaecXTC6K/8e9mV:D3GpzgDiC/iR5dWXzR1NIGklnanX+6+y

Score

10^/10

socelars discovery spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Socelars family
socelars
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	iplogger.org
4	iplogger.org

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
4584	taskkill.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe
3316	chrome.exe
3316	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeAssignPrimaryTokenPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeLockMemoryPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeIncreaseQuotaPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeMachineAccountPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeTcbPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeSecurityPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeTakeOwnershipPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeLoadDriverPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeSystemProfilePrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeSystemtimePrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeProfSingleProcessPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeIncBasePriorityPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeCreatePagefilePrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeCreatePermanentPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeBackupPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeRestorePrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeShutdownPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeDebugPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeAuditPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeSystemEnvironmentPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeChangeNotifyPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeRemoteShutdownPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeUndockPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeSyncAgentPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeEnableDelegationPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeManageVolumePrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeImpersonatePrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeCreateGlobalPrivilege	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: 31	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: 32	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: 33	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: 34	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: 35	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
Token: SeDebugPrivilege	4584	taskkill.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 4056	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	88
PID 1832 wrote to memory of 4056	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	88
PID 1832 wrote to memory of 4056	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	88
PID 4056 wrote to memory of 4584	4056	cmd.exe	90
PID 4056 wrote to memory of 4584	4056	cmd.exe	90
PID 4056 wrote to memory of 4584	4056	cmd.exe	90
PID 1832 wrote to memory of 4492	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	102
PID 1832 wrote to memory of 4492	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	102
PID 1832 wrote to memory of 4492	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	102
PID 1832 wrote to memory of 3924	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	106
PID 1832 wrote to memory of 3924	1832	fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe	106
PID 3924 wrote to memory of 2068	3924	chrome.exe	107
PID 3924 wrote to memory of 2068	3924	chrome.exe	107
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 5192	3924	chrome.exe	108
PID 3924 wrote to memory of 3936	3924	chrome.exe	109
PID 3924 wrote to memory of 3936	3924	chrome.exe	109
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110
PID 3924 wrote to memory of 3544	3924	chrome.exe	110

C:\Users\Admin\AppData\Local\Temp\fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe
"C:\Users\Admin\AppData\Local\Temp\fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4584
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3924
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb5e02dcf8,0x7ffb5e02dd04,0x7ffb5e02dd10
    3⤵
    PID:2068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1868,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1852 /prefetch:2
    3⤵
    PID:5192
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=2244,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1580 /prefetch:3
    3⤵
    PID:3936
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=2360,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2284 /prefetch:8
    3⤵
    PID:3544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3156 /prefetch:1
    3⤵
    PID:2840
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3200 /prefetch:1
    3⤵
    PID:3224
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3664,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3676 /prefetch:1
    3⤵
    PID:4280
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3708,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3728 /prefetch:1
    3⤵
    PID:1420
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4696,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4664 /prefetch:2
    3⤵
    PID:5540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5020,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5008 /prefetch:1
    3⤵
    PID:1964
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5016,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5140 /prefetch:1
    3⤵
    PID:4520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4168,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:4480
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=216,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3776 /prefetch:8
    3⤵
    PID:5436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=3784,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5844 /prefetch:8
    3⤵
    PID:4576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=5588,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3684 /prefetch:8
    3⤵
    PID:3308
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4748,i,17192546757680513749,9939704439901653987,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4708 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3316

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
15KB

MD5
6959f1355be9703f12551694426b68e1

SHA1
f12cce0c5949562e51d74d5a1c8d95f2b058d3d2

SHA256
f37cf94b77c54d9ce87bc253029e6fcf18a3a1b90da7981743866233ef212879

SHA512
92748e606de65d1e7102253af8b49ce6bd4fd063435989f51220e30972224e84a65a9579666c6cb6fa2b5ca437213d5da3038f20b80a17210ad17a642842cff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
26KB

MD5
029c53effaed86331055c63d264c3316

SHA1
859bb39d27b462a73fc9131f694b69c8c118b3cf

SHA256
3c1453cb6fe4c7ae8945d96db6c19e3eb58702df65ee0244f8f2444b20e93068

SHA512
68d115d79428c906ca377091f30c207de92ee9450e22e94a35fd7753547cb582ae36434595f1c0e444bb19d5c6dcc214fe58a9987f690486800c8ad91c9642d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
19KB

MD5
b6d7516c00bf9039f6bb1c10c907da30

SHA1
b016a53f4efae18e91a08ef900f43bc2b12c9f89

SHA256
5b6c1ae0b38399967c2c4b2582a27d4ab76e198e2bb34afd04ea1bbb80ff5399

SHA512
051f641e4c16d9839396e80657766166983d0381969d6e6cdb22c62f419fe19aed7a9da639d76a4da1de01aba609877cf9a94444519f91ed2aa9b10cd93afd05

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
34c29bdb9e41b1f47f2d2786762c12ec

SHA1
4075131b18c3487e3e848361e112009c897629c7

SHA256
67ee11b51cd6f637795e31ab501f135ed595c8459bce885735f08b0418513a17

SHA512
ca3a978798e77b2ced27b379f38e935ef18beaa7ea23e34270a9af20b37e1b1c5edf9478606311cf1acabd83992766cb3da8444de9394c674d5955bdbc53c0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
da7f47b4cf9038b38109538ab8dff665

SHA1
6649d2e72f37cd3e5f9a77c901c22cc0d5cb1a4f

SHA256
8da66a7b8a67293020903af9ccb96057dfb2dc2dd6acb8e22640752181cd143f

SHA512
4cead15c1f649eadae9f21f976b8fe5d97c8403ac7b0cb8526f0968c06d6ab702757a7a303d7f3c75a28657c38eead749f34ad448439fd29b74cd6c5148297ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
52KB

MD5
c94f7e7abfc9942bae7098b53def6fee

SHA1
6d794aa9208322c25e8530f8cc19749bd21204e6

SHA256
20fb68d08674a2fa9fcb64a6cc6b299ef0112429ea96bee5d48d883c0a7aec2f

SHA512
413b32b89063541e92fbf42529d22ee6c0acd03b365c7ac94916e1b5af13ae121d6d6fc0478d4e44d8b8bc831310dee3399b2b539a8f1409a19cc9e1cff0c714

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
da8fe797166506840f66666c6bb4b700

SHA1
20959178371c067f4b2c9ec5d2c9a1b623b30697

SHA256
3ef6c4fd9f7d7c4ada2967ab1aa9945a74eb3d3ddbb7284d44c8b9dbcb9b93e4

SHA512
9bb4fff38d7af8622f806fdd87f6908eabf0ba479f788991edb7298eaade1f3f03d36e73f41ff2ce6b9ef26f31a71cf6ce32032897fa1194bafa1af39c6e8038

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
0480db233fedc377473f64393d598e1a

SHA1
611d96d5bd9edf9e84dd04c196f29ea591f10a78

SHA256
12c7ec403a1bd9540791a5830d1c8ff0cfbd982de01124b127c4b8e3d9be30ae

SHA512
1c3c41a490cbe0a4927bc703f847d19453fbf03b6e7fe9ac19253da8402331f420a0222e7b541d0d6e5c5fcdc03140ddde938aba255c9b07861e55c902213bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ee458c576462501c24c686fa33f18aba

SHA1
cb4a9dc7b3c52f336e88c021af0cac280926dd0a

SHA256
e1c79b14eac2491beece3c695ada02114397e4baadae0836a0c0e98cc8f50241

SHA512
68064cc7726877d3ee65921339b9ae613b90b29b8d3b362a694720e968582a6244a89e6a4b1ec8cc636a50c5cb38c51d6f1205dc355eae4542dedb3fbe4b19cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
1e2a43097079a70cc9cbe602998ebfe1

SHA1
4d1781ea6ee7aaa4cb37b94bd6d1d79d09ff2e5e

SHA256
233b28d37c86ef40bafae1f4c1024fca1511e09b67e5e23cd8895b1a1e63fa93

SHA512
f2af7183ebab4bf312c93c2b540f54d0ff515449cbd5bbbb28f679ecf5d1e06aeaa94dfbf963bb6a111ce70e381b172d5949d0baad476cb32070b0bbe57d156c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
c8a14a9de994b06e39dbc1b5f131037e

SHA1
49fbb6b59b478a03cd283df2cc6a44185f462de2

SHA256
c98e2a86dda7d425171a8a92e30b3407211ecc0ab49d63d1fee801a54fc1eb3a

SHA512
f7a1984882de8da2e4f5c7f9c44be48ce4c5667655af3e677d5359151c908ecf407f42280db5b3072350bdc01c33026fb177b87dbe1b6c0dd0f72ddc784675ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
38KB

MD5
0dc52d5156e0e3423a20671f85112a3a

SHA1
de63219e966279d23d5d9ebfb2e3c0f612a814a0

SHA256
55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f

SHA512
de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
35KB

MD5
78d2de0d6645c0ccfa728c51bd4af94a

SHA1
ca88b3f0748a006c573f9d8670b79ca5239795f8

SHA256
50c3170ff1be575050a18117a1befd3936e4d3d8711e156ce11081d09d905d4f

SHA512
62b3cbba2820e1b3eecabac5aacffc2692e383c704bcf4861e6e7d68c4137b3ecc56645f0a030e7824c9cacf433efc7506833d3f9c53d9b575d75409a4315028

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
576a54005886fed73885b41e10754b5f

SHA1
ee9882386da4f4433fcad2d4add577e6d6258832

SHA256
4c9514d9d4128fa9d8ec7aeaccd2a96f7a8316b74275bc19ca196cc1e601d5be

SHA512
55e4fa52b7d6c6bc831a45553e59498c8d703a1ca0a5707dd6875f96ee3679ec3e8c02673ac0080187bfcd92efe3c5b34a2a5989e43976f899a3a8c88a000562

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
438481425a19549e6d13e5f72c651aec

SHA1
d4dbd25b0221ddc81488b5c8b122f2875e24ada2

SHA256
608f7a7d814a081d1b629298a64d13d02b516b35e84cb09f96a227446fe656a6

SHA512
6e4935f7c025169472649ba7a8aa12f6aa7a6f710cd500f1b8e4f160521339ac01961f9b9e58e869b923f074680981f99f3e1e2a8c5cd0145c69d83d92619954

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
01169b85f45950adcabfa577afe846dd

SHA1
c16cd9a5b2c4c4914373a09696e7c393a4f36e9c

SHA256
d2074a41a86eb3840b05cf8749167d63e67a0088e396c1db41849a3d8b9a539f

SHA512
314a9356c4583d70fbb10c6768f5a49131e9581fb2a687df462a99d83ce9d0fa4aa1e6f78e90371b0b9ee5747bcd9e21baeba8a0c287e62ed2a645427356e898

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe57ce8b.TMP

Filesize
96B

MD5
972b61fc1aec60c6eb7330cafc5272a2

SHA1
7349afa6e743a5a4775b5e2d3ca5e0ebf539baca

SHA256
464164092a0e85711256c011f2c76d67ae1505bbdee104d683bc03ef848f12b8

SHA512
636fc4b8cc1fe3b06be470097f74e67a76e6d7fd37db5fe518288055c7e79b77eb68117388d9f9aff2ce14d9a797772996809599ff896e89a7ad8889954306c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
bded039648322761ad50780a89d85f57

SHA1
0b811e32b0754582d49267c385525a61e24eaea6

SHA256
12c5a41bc4291ec693e87832bad20cf90b9dea0af5498ef2cd1ab68d9d14810f

SHA512
40bc49ec47e4b7c5b84ecc378aad72506da99c14aca09b1cdf480360e911583ff47913a0bc09d6037873dd260fcea3796304ab17a26821dd94177d59fd15d7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\index

Filesize
256KB

MD5
deb8a2d2e76b3199bab04db1b7ed906c

SHA1
c0b7e0ae561e55ad9af54c865f3b12e21eb3560d

SHA256
57776d12161d94048e9f2a1c9472ea1ea2f6d577bc09459a66cd3a95e1d8a51c

SHA512
e9942b03442a02549a2abc87546a01e362b3903a9211d423cfe0514af4c4e2e4cc2211f8a92b650af47a832b88dbde1e4e95270c405ac0f477d49d2bd02b33c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_metadata\computed_hashes.json

Filesize
5KB

MD5
eb95daa26abf3e1769719f72665ba30f

SHA1
77515d76b6e9429ffd64105cbc345b600ed3bf2d

SHA256
0f2c124b4d0f11ce0bc64d6f9799650c1b9e54d443b0b17028094fb9d68f7dee

SHA512
a02ae7ae2d904bd3b40e1b93dde103d41e49242dfb32479c4b3e3bdde41d917a6418ab4c3695635fcdfedf24768d832d697b13c8acb5e1fbd99f9a79210c9db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_metadata\verified_contents.json

Filesize
11KB

MD5
8f99e1ef2afc5f73d9391c248a0390aa

SHA1
dd15dcd68ffb7cba69c6bba010df57a75390c64c

SHA256
d57215628af1ecd1ecd8f83da69245161e4e0a2ce24846b2fff6b35da232709b

SHA512
8f4aa8ce2ea90958bec430cd46f1e76d8e7617c0735d8ab896f4da1f84f3220920cca6ca2da2d7559355423ec115342183615f7e62e72ee6168a5930a078948b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
babd43551f1b29eb82e221460676126a

SHA1
e9bff307613a14b35830893bdb6d1ecc931b425d

SHA256
46b5ecada4edb2585f87953f7847aefc938be2404b9d9455c772b97295b7b1cb

SHA512
5ab681c170dbd1d374bd66edd02cbe21272819ef7389ad1e886bcba112deb91eb68fa930747986da5ca794881939570013e38edd9f8e6f718f7d202e74a82f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
160KB

MD5
9b85a4b842b758be395bc19aba64799c

SHA1
c32922b745c9cf827e080b09f410b4378560acb3

SHA256
ecc8d7540d26e3c2c43589c761e94638fc5096af874d7df216e833b9599c673a

SHA512
fad80745bb64406d8f2947c1e69817cff57cc504d5a8cdca9e22da50402d27d005988f6759eaa91f1f7616d250772c9f5e4ec2f98ce7264501dd4f436d1665f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
40KB

MD5
dfd4f60adc85fc874327517efed62ff7

SHA1
f97489afb75bfd5ee52892f37383fbc85aa14a69

SHA256
c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

SHA512
d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
3c183f23dfcc2ea7fe9f9218a1bc53ba

SHA1
98896b6f0e2dbff0cc3cdcb8c65cf6e5881d1ad8

SHA256
9162bfae240681d862622877874c9fdc2221b021f23c3927083242bf6d2657cc

SHA512
5e991729c05fc683fe6144a9a7d70715b6fc70f5da166787e087a3542a576f301e745d741cf4aa6c3b1c6014aa8ba15e05bdae052da32f2280e10ec7d7667f65

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
a6f97f0e05c4a5d5fc43487a866b3f77

SHA1
a73261da93eae857821e1fbd0f47d9024134167f

SHA256
b9c699f33be9da15140dbc651cc5c48530b5e17906dfc2c0625f0eda559fe6b0

SHA512
44e22149a993ba2e4304fde87c41dea0c355f7afabc762222052edeffd84a68b387903026c2948f8535f3d8de18a24807480bfa27cc5e99cfe8723835b6d94ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
3KB

MD5
df80649a2e5effaf7fc70b68a17fc97c

SHA1
9eb8f4f38347189e3fcfc9d75761fb596bc1eac2

SHA256
961a5bf85fe0bc974665c3780827784bce2ed08a1ac5314e0294faa09871d0fd

SHA512
e4e0f10c59874f1c0fbaa9358e0df3885d3af3533469d0a3251f210d2642157ac9df3a7bca47ca607da3c698c61e47ac87f5ee86e805f8380f0e1b636b340ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
c7d185ebf9e2d3ccb2a6a3d7e4d9fee2

SHA1
7ddc9c1b5d842eb3e758a751911f6c6a9929d823

SHA256
2c5d0f66f700f7caff25bcf99c17a826c7a248435fbc010a5342ce2030d6f448

SHA512
90c225544bdf5fceeacdbd93da53642b3eb5f9acccc1038410fe3d9abc0e8ed38b93ae475fd6f8f7e06c4fc9912e7e67634ca77269d724eb773797a9dcfa51f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
11KB

MD5
a25ff6fdde21b2177f456c8c217e845e

SHA1
a4b72f693960388a0123cede88ed76b4f0448d22

SHA256
5e1b0bc086ec2aef183d87b24e78db854bdeb062da0b132ebe61682e53cf1029

SHA512
61916940f6b6c1563765cba13ac4079fb40fd15ce4e4eb0187cbfb8e7c36f69fec23143c4a32de8617dd016e74f2782ac853366bd4ea7119e12fbd50fc5015b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
11KB

MD5
bf62cc3ac124f7f9985f22aacc8af403

SHA1
7c5208401aabcc3e38e480661a80a7d33caafe34

SHA256
b2aa45f9fe867e22156f2db9276c9f1062f3eec5dd0e1b7629e3f7d58aa0422e

SHA512
31b2f4127c9e0f011f4d9f9ebb864064c7bf8d606e76af55e364fc13bf11dc6aca5141d7bcc2d643cfdc0d5f2c808ecf76534e2d6e200fe4b11bf15c9bf80634

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
febe8b30c72b9ed5786ae265ebaf844a

SHA1
010452344e00fcf8609b9df083803311efe683e9

SHA256
72d049174f8bb874a5db67735ce76cab400f25a72391ec557ef2720785b4c4ac

SHA512
01863fd726d2bb344f368673a31df809a58c810940200a8cf02d1be09ce92f1d097419fffabbada9651d2977948111e0916e2012d92974f96ce7c942ef01732e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
19KB

MD5
dc0dc36a066f3bfdf4011838b6c5a66c

SHA1
1fa5291f8878ba908332f9765e485f29432c7de1

SHA256
aa88f9fa4e2d0f8a4f3710331db65b8cba21ad0874d97be8a8a72ccee80ab0e4

SHA512
1a53668b8c3c6f0d14c4bf13819ab67cedc8019f45881722d6ddbb39ae0b5134ebe5efb90971e0e8e7b12ed9ccc007f9fb2cb2720503431d5c745805441875f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG

Filesize
333B

MD5
2548a3f56c15ab1cb0db466400ac90ef

SHA1
1e2476683f8c3be4b34d076f73f59e5f53428f02

SHA256
7c5c482aadf74276f699be54b0c16f4ba81981879e1d13bfe9669973953c4f40

SHA512
0a56a3ce96b0bbd4dfcc977840aea9f94448a690b79a3586c487af5bca2e5fb061986752da3fa3666e6d4380d522eabf0dac06187e264e89473f440f6632cbaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG.old

Filesize
295B

MD5
bfdbc47802f9f93dd9cb9380c907eb50

SHA1
b227ac31dfe6fa8d5836799a6a2677e9d6c54282

SHA256
a0091b6cf233b1ebc438b171e4ac30fbf51e8a4446f9562bdc6b220522b3fcf3

SHA512
ea5ff6d9f283dea50296a79d7fdaccb47ae08d76ee7d93035cff49a6faf3e0ee5766d531f5825b4945481d911b40d325833fee442a7f15325a243c1d676370aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d82f009e8ea751dd3f3d03ae73ac7236

SHA1
1fd0949581979db5acf8cb5fb11b70eeb0f0a3c6

SHA256
a7664b75159055c86dce9636df8b2427e6a1a1e619178dcf44e4cea90da407e0

SHA512
98eac5e1e00b6f5d1f350252daa1130da16baffa0a678c15040a3735164fa7507ad7e6161fc634a1465db15129d54b9a5044dcf445ceb793b06cba400fe2a956

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c10e.TMP

Filesize
48B

MD5
fd033529c5dbdae9f27ebfa81ffe04b5

SHA1
5c6d43a82b09f40c2d59968bdeab1ac5b002fa9e

SHA256
e80d7cbb1ecd2429929f17841708a0b83ee5f0658007c7b8f4e92228592004d6

SHA512
c2868a7d916b1d5b067dcb826c1f0109b60b4ffaf3494cedeee451c888f366936d73998cb652cfcb9c931521dfe5e088acdf611fdbc8c860d215281c8f855591

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
60ae6b608a7651613ecfaad508ed4989

SHA1
97deb90f337fd75aad6136c2903286e52abc4722

SHA256
780a18c97975edc8d41704461b036249d7323c463eca1db88f99f2263841a9e7

SHA512
a760ec43c34e87a14af6f605088921bb4e9a64856887a06837c9419cb8d341e76f2e60b40d2678e6ebe774b44dbb5a47c525514c4b458a57f4c4379ad6e98c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
dcd5a1395ab515ba12b863d95c3f061e

SHA1
871b084374814506a208cd9cb5c8c902a3808c3e

SHA256
04ed7f3c7b983fdaf36ac20dc369525a9da71b1be6447ac63f1eb1318bdfc0e6

SHA512
e3a0b3969a884ce3f382a900cd170fd7a78332d1c3832adc0b4d7ef8b7b3e5d2598175b87b7c3227114ac0ffb27af9ecebb997bd8892acdb47fdd04319f8e224

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
307B

MD5
c4ab6f3436d75cb8620f42a0dc5c9e2d

SHA1
143f9fa8f410b97757f267f506f8908fb0e36425

SHA256
56bd3259f3826a8263d577bb5506374624f509a81c493be7f31e7f8dc718f275

SHA512
7ff451401937ec45ea6e2be2e590c296d557fb37a1378f105042cf6b88de6544575d5d386a14a9d6bf7285514dc1ae11ea2c30e44204284742069b1023abd4d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnWebGPUCache\index

Filesize
256KB

MD5
2410aaa6625f1c87e9db7b84bf00865e

SHA1
4de3e64ac206544b1aca341f2ebb28c5ef54c8af

SHA256
e560c6c3567b4b80903deba6d9668b5fecf48694bfe915cccb53dc967c2f8744

SHA512
6cf7935e181780f2f150b50e8655ceacedb99da6a189b238be70a956662d7997651069a83e9841bfb41a298a5426dadb8261c19897b7ac452bc13c07632459e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\db

Filesize
44KB

MD5
b581f0ff8f8aa3371ae47b48c95329e8

SHA1
4f588efadf3675f3526cbe762c50eb8e79d9f2e5

SHA256
f8e7cd835195e4eff7855d20676484ca75f7e7e4fe5b13164fc926b365e1dea0

SHA512
e0a79452acb39838afea8ce34e05c7e5cde68f2a786fe4423ddf2588fc6047339e8e4c3140d7e0447f938b2266f52b9ddbdcc0f40c495d833b47b3f27d7996de

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
d8ba3849a4479a214a302a46c136ce1a

SHA1
37cffb7392c1a3268809a308313f089b2e2c0a6a

SHA256
1bb8905da6f5b0202ea5531aa30b122991d42abdc93fc27eb0548d0e7fb36a14

SHA512
6a8d4ef489496441e93bde407cb21053acf0d54bcad8bde9c98f6290168490f6db4d0134c5b7e00c6ea8031fb3a54ad6a0914e829892331935c4b348161f137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
d6a00e00028fb36963a8e65512becb8d

SHA1
d04240ec157b3764e78d77bf76f8688fec4f9493

SHA256
4577593beb03fde1d45be7ee782f2e2d22ebeb0383ade9c9ba0a56e5c67da8d1

SHA512
a1facf61a39834b164a94ace287934ccb357710ef81bf5aa9ed5644da694d073bdf020b2f7a33853a56673a6b5adad110db478b3fec86405a89f5ea4bcd654d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
283B

MD5
bdd2850d55d252dc8cecc7a62859c8a7

SHA1
b264695093fb859e7e7ba5df85ae80e11909e713

SHA256
8794f47d86bd7cae7320b3283b4e9008889b40d4107b0da499b80428e97b0788

SHA512
280b1a29a025fd5e23a4b12bd17d448890aeb750f40ab59bbcb2ee5ec3d6212841638c5baaef10f2c47f1079e41eccfe943b7eab535f7255a34568690b2a1111

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
aaa144adfd2b557064b895fd581c24cc

SHA1
4f22a74304b073d53c8a3e5a40559b6ca5f1f63a

SHA256
5873bb6f0c644b5a796e768d706a27d223c61d245b763e264e52f8ad55dde75a

SHA512
8af7b903788ff6f27ba88514718a2b0e3447643770bcaec5fa7d9ec51ed2c8cc4b041617fd9f4c862e0e0ceb40c9da0896c5ffe590bcad9ba3c6ecd133d7167a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\trusted_vault.pb

Filesize
38B

MD5
b77fc97eecd8f7383464171a4edef544

SHA1
bbae26d2a7914a3c95dca35f1f6f820d851f6368

SHA256
93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68

SHA512
68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
81KB

MD5
f3ea3cebbb0d96f2c0ed1a841222eca2

SHA1
952e8ae5f1bbf086ee21b4186e1218a7027f0cc7

SHA256
b2e4b3a8b91fbb906e83d6131904a2910a5822292dbc815ee0f131262b0df4de

SHA512
177ecddaf22f83a6a7585e5d8070f0b530de2ac6a4f2ea920745b31494c7d81e68acc44e84b37672dca5091a1d38c20ac8b6e1e109a3bd0bff25d035c80a8d5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
80KB

MD5
eb1874ce460cf4b4b18dd096e003c3fa

SHA1
aacd60d9b3bd553f29048d060d17a440354231bf

SHA256
9c4ee70b67fa69e5c7ce71036edd9ca61ac19e57ab00f87e94efbf8649eba3d8

SHA512
d75e5f5fc456132669ac1ca167a165e2f036800ff1c2de2ba3bbe1742d44a784316b22a10dfed6d6d8c10c7feb42aa9e9069353737347f609d8283cf8e25caf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
80KB

MD5
3bedfc8d75b412a605ba70752d93b868

SHA1
0791641df2a94241bea0e668b99617b25168ffb7

SHA256
0bd57b3c0a34f94354a14850111156ff8c5c3ffb3aec7400954b1467c6471ad9

SHA512
96b42d3141d3821c16e68820dfa53a760dadcbe92232c2e7e2733ab6f904d5be3d3372077d8441444efc11aa81e205063b109847c76a35d096e98eb430824912

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
81KB

MD5
36d16471945561d4589baec236b641ed

SHA1
4db1e6377e20ff358e1f10f46e24d0442252fb4e

SHA256
e762b3625b0d45ea2649b3e92c4fa4b95b1063891b09d9f03f46ce5d1e64d06b

SHA512
49f69b51f5f83284bcf134d0be626a30e5e99df88f41963d6cfefb368bcb20ad1ba4e9e06198893d9355b8df7fe91fd24dbe34dfcebc9c6a8f845aa8f81627f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
b3e102a47dd4926ea275634b4d6777fa

SHA1
4211396e9e447361aa7456696ed4582381171e17

SHA256
e0643b4e2860980d354d86d6b019eece56a459831c3107e583ac5eb7e8d1731a

SHA512
7d333e4345f4ccfbbfdf96736b8f1876a1cd3a1ea3207c0ed22b63e30f0a0882308438fbd4eaad8f34664c1599bd4e7b9f3ee25bb3799dcdad11dfe4eeba7faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db

Filesize
4KB

MD5
b9263bbf24428aaca95d04d04f3aeb6f

SHA1
5346015345f6df766df4bc9b42da076f6fdd440f

SHA256
1fe8f6113488865c546d2faa55b21482662ce4be19d4f505eeefa09bc3131489

SHA512
5bc2978bc96e1347500db552e2a2dfd9e5df25c8e16d3ab57e5519de43cb9c08f5aeefd1a6f6947d7fa253505918763b932f622636fc2a7a429fa72a5b49c7cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db-wal

Filesize
88KB

MD5
9a565d162c477d857d95f8aca34d0c0c

SHA1
29f2d93a08b650665246f7ae9a1500c825ef0c7a

SHA256
db56c23bbea76b17b983aeb81d6bb7e85f5ee5d40b8c2eb6bffad2e18125432b

SHA512
b29be6f2c574de1f1102791c5aa3f5301a08ddd3f7d9698f242772ded73d038abf5c46e088802936cdfe43aea2cd27be9116bf677093e171094180e099b31460

Download Submit