socelars | 7b2a6dee11980f0299c99497b96a50bcce91ed4576912cbe4ae49081a6070c18

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Size

1.4MB
MD5

87b6aa9999f339367e81cece5164cc61
SHA1

0f0cc9bae58961ceec44d77c09f7670b6e6dcd32
SHA256

88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212
SHA512

f776a2f99d1446d010afa38a41d8401064329efa76b95c5f5150e7dc695105a834b286e71df6d349a9164936b4e57def370882e71f076ff1be310580b91b66a9
SSDEEP

24576:3m41pME1MkEW13A0u7lYRH0lKFhruS8YyB/Vze22q6pJr4Dt19pqQUuyt3XW4:W41pM2EG3u7mRUlKINzuvpu39pqNuytW

Score

10^/10

socelars discovery spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Socelars family
socelars
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	iplogger.org
5	iplogger.org

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
3484	taskkill.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
3744	chrome.exe
3744	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeAssignPrimaryTokenPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeLockMemoryPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeIncreaseQuotaPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeMachineAccountPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeTcbPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeSecurityPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeTakeOwnershipPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeLoadDriverPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeSystemProfilePrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeSystemtimePrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeProfSingleProcessPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeIncBasePriorityPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeCreatePagefilePrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeCreatePermanentPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeBackupPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeRestorePrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeShutdownPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeDebugPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeAuditPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeSystemEnvironmentPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeChangeNotifyPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeRemoteShutdownPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeUndockPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeSyncAgentPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeEnableDelegationPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeManageVolumePrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeImpersonatePrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeCreateGlobalPrivilege	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: 31	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: 32	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: 33	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: 34	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: 35	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
Token: SeDebugPrivilege	3484	taskkill.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 2472	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe	89
PID 4968 wrote to memory of 2472	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe	89
PID 4968 wrote to memory of 2472	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe	89
PID 2472 wrote to memory of 3484	2472	cmd.exe	91
PID 2472 wrote to memory of 3484	2472	cmd.exe	91
PID 2472 wrote to memory of 3484	2472	cmd.exe	91
PID 4968 wrote to memory of 3616	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe	96
PID 4968 wrote to memory of 3616	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe	96
PID 4968 wrote to memory of 3616	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe	96
PID 4968 wrote to memory of 1924	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe	99
PID 4968 wrote to memory of 1924	4968	88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe	99
PID 1924 wrote to memory of 4732	1924	chrome.exe	100
PID 1924 wrote to memory of 4732	1924	chrome.exe	100
PID 1924 wrote to memory of 2728	1924	chrome.exe	101
PID 1924 wrote to memory of 2728	1924	chrome.exe	101
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4332	1924	chrome.exe	102
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103
PID 1924 wrote to memory of 4628	1924	chrome.exe	103

C:\Users\Admin\AppData\Local\Temp\88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe
"C:\Users\Admin\AppData\Local\Temp\88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3484
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1924
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fd2bdcf8,0x7ff9fd2bdd04,0x7ff9fd2bdd10
    3⤵
    PID:4732
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=2100,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2132 /prefetch:3
    3⤵
    PID:2728
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2096,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2092 /prefetch:2
    3⤵
    PID:4332
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=2376,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2528 /prefetch:8
    3⤵
    PID:4628
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:3692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:3960
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3660,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3720 /prefetch:1
    3⤵
    PID:4136
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3704,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3756 /prefetch:1
    3⤵
    PID:3672
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4656,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4696 /prefetch:2
    3⤵
    PID:4456
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4304,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4668 /prefetch:1
    3⤵
    PID:2824
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3472,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3200 /prefetch:1
    3⤵
    PID:2616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5052,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3652 /prefetch:1
    3⤵
    PID:1568
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=5668,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5664 /prefetch:8
    3⤵
    PID:2028
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=5660,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5704 /prefetch:8
    3⤵
    PID:2152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --field-trial-handle=3560,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5744 /prefetch:8
    3⤵
    PID:2000
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1000,i,2184180279357297435,16892760572532522606,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2624 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3744

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\background.js

Filesize
15KB

MD5
3b88cde2d547303192f5a3d3a3f4a68e

SHA1
9eb69402842de99330a6cf2fb6abd4e40ae83e5c

SHA256
f83f1b400db6b3b74f9b09c16aa668739e025c18f896147b031f31935ae164e6

SHA512
b980426c7971220983021f8909af9bafd3e048cc375b1b431009948041c6c4a337a9b9acac8396f07e95c7c7f29fc71d5c655635fd01fd282b615dc1b2eca1c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\content.js

Filesize
26KB

MD5
029c53effaed86331055c63d264c3316

SHA1
859bb39d27b462a73fc9131f694b69c8c118b3cf

SHA256
3c1453cb6fe4c7ae8945d96db6c19e3eb58702df65ee0244f8f2444b20e93068

SHA512
68d115d79428c906ca377091f30c207de92ee9450e22e94a35fd7753547cb582ae36434595f1c0e444bb19d5c6dcc214fe58a9987f690486800c8ad91c9642d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\colgdlijdieibnaccfdcdbpdffofkfeb\6.37.18_0\manifest.json

Filesize
1KB

MD5
6c60a1967cbc43f39c65d563fd100719

SHA1
a90467bcbc38e0b31ff6da9468c51432df034197

SHA256
6afb68b31d74314a31e752c8e0b8bc36946ef783fdc68a0b072e2632a2b752b5

SHA512
91c23ea68ffaa5b5786b3120e78607042fa5fbd00369f36b4719a5bf8eaf480a94b87115df4cc66db5abf419cb57495093f2023b1b9f6d30a85214fc3d347aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
19KB

MD5
eec1e0691e6b2da378a7768bd4ec9731

SHA1
fb09d0f060e62bef550965e92a3540b4e38ca732

SHA256
bce2a20195363802972631d3bedb1576c0b33c9a2d00e31ffc16a55c17f3f859

SHA512
2d7aebab6afc26dd5e9227933c452a7e5c9983acfea73edeed35d7c2f0b4fcc091a12bf3d05d5fde3a731185e3b461c6f6dc390608bae13e8b96f2f2c1d56599

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
34c29bdb9e41b1f47f2d2786762c12ec

SHA1
4075131b18c3487e3e848361e112009c897629c7

SHA256
67ee11b51cd6f637795e31ab501f135ed595c8459bce885735f08b0418513a17

SHA512
ca3a978798e77b2ced27b379f38e935ef18beaa7ea23e34270a9af20b37e1b1c5edf9478606311cf1acabd83992766cb3da8444de9394c674d5955bdbc53c0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
86eccb4f05e29013d46fff96b84e5e45

SHA1
3f17af7b5b8f101ae6f17612f110d06b6b9b5603

SHA256
d1d885a18d732a8194b977e6122929e1cd08b0cfba7b9fd45bf3f0cea1c9ee7f

SHA512
71b3dc8e93b0689cc4acb97fb1981859b1ae4b7aa121703cf5f2f1e7bf2045b6380313a77ca8ac17015938f0aa2f50e8bae873a3789292ba37a67e0339c66af3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Affiliation Database

Filesize
52KB

MD5
c94f7e7abfc9942bae7098b53def6fee

SHA1
6d794aa9208322c25e8530f8cc19749bd21204e6

SHA256
20fb68d08674a2fa9fcb64a6cc6b299ef0112429ea96bee5d48d883c0a7aec2f

SHA512
413b32b89063541e92fbf42529d22ee6c0acd03b365c7ac94916e1b5af13ae121d6d6fc0478d4e44d8b8bc831310dee3399b2b539a8f1409a19cc9e1cff0c714

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8989f302c53f50b1b799ba0940a3d75f

SHA1
06e29cb1765b8610a7a9820adc7ae70360fd2110

SHA256
501dc1c19ff0a7b0e30ad06e1a20be743ef2cf80ca35481403868a96f8b8eb7a

SHA512
fc153af6f8438636b88f6b43122d8d54ac60fb2707bbc4da40e0bfb44cd702117ba16f137a643d88d96122d2255d555d1b7b367c2301c2ca29cd412c57585ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
b7a1d94bbaef1f85cb676e7e657ca26c

SHA1
8ddc80c251cd1fa47f0f49a4d6d741e0f5c03e3d

SHA256
00c5aa0950c90526cdd6418a742914e1dca02539692111f06b2fe8dbc3cdda88

SHA512
b5427ac65528880ae93d86b0fac70eb8be72a86c08e501fbcc33b1354879d69b49989316412a5feaf0196f4653bc6204fb851e6ad489735a55aea945d00248ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ee458c576462501c24c686fa33f18aba

SHA1
cb4a9dc7b3c52f336e88c021af0cac280926dd0a

SHA256
e1c79b14eac2491beece3c695ada02114397e4baadae0836a0c0e98cc8f50241

SHA512
68064cc7726877d3ee65921339b9ae613b90b29b8d3b362a694720e968582a6244a89e6a4b1ec8cc636a50c5cb38c51d6f1205dc355eae4542dedb3fbe4b19cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
1f301a7178eb0f74a5dd6a70682d9629

SHA1
cf9360c2956b8e01f7ad65df97f5882d484ff084

SHA256
f01e9ee0d7ec4eb1f6d5b9d0e13f265f7c7aa261644ea93e3bc29b6eba68c776

SHA512
52ec77677e9b4a08e24cb4e9eceb87abbde68b8ce53f0587135e483a30bae3744080826d7f668254fb7b8e99bacaa5036469fee97f6bb02e269902c0a2c2ce06

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
c8a14a9de994b06e39dbc1b5f131037e

SHA1
49fbb6b59b478a03cd283df2cc6a44185f462de2

SHA256
c98e2a86dda7d425171a8a92e30b3407211ecc0ab49d63d1fee801a54fc1eb3a

SHA512
f7a1984882de8da2e4f5c7f9c44be48ce4c5667655af3e677d5359151c908ecf407f42280db5b3072350bdc01c33026fb177b87dbe1b6c0dd0f72ddc784675ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
38KB

MD5
0dc52d5156e0e3423a20671f85112a3a

SHA1
de63219e966279d23d5d9ebfb2e3c0f612a814a0

SHA256
55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f

SHA512
de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
35KB

MD5
f34fe30ad853e9f538787effa699d503

SHA1
5900f551e62b733944beacb466b1f84764d2e994

SHA256
7a4b298cce525b3a918342241d3942b2caa7bb8f31a42a41ffc36cdbbb0b0848

SHA512
bfc6c28adc1229836190eaa8953b3edcbac254b171449b21c6a009bf992f578db408103025cdbe14e9887956f55c09f262aa0890caf886077b0d5b93a898c6bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
646de1a116c689fe0e44b33e577b18c9

SHA1
6b918eaecc8a556a6c1c25767ccdd2711c788dae

SHA256
c8c167070b4183d4a6681dca5fecac04438b7bf5fbffce287151f9bb1e670cac

SHA512
404bcfb4ab285867023608cd9056df53bab36b6aef521dff2b19509e3295a7653e0da87549bfac8b2f014e9814303314c7430e4fbe2b1c0b7ccd03a7fe214c82

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b127c11597a39b579ba310ff4525cbd1

SHA1
23fa339ec2748ff7e76b4a5b20b8c00db1346c8b

SHA256
1e39a8c028fd95988ce1998504efa4f7fc284b5e96bb570da26ce2f6d0398790

SHA512
642855e8a015993eb7631460985a2f197708fbbbca65173473db78e528fcf012ab7ccb97647e11d9e7bdc2c401a54346d0f2f39d4561805f756f5d55288633f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d17fc007740288deb3b1a978aa28c2ee

SHA1
e2ce1fae1f627a42c0d48233c554a99d8d459f06

SHA256
7ede93806abbeac11c82ae645ff9475302877f20485144ffedbad7312bac40ef

SHA512
909808d325fd410d87ee5b55a073da0f2705ecd3fe735f4dc88fd92644602ebb1acaf0db59af12444784f6e2ff1d80b6c63d78030d62847667bff2020e6e14f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe580b94.TMP

Filesize
96B

MD5
a2c42cc5319735d3ab310116b3305b23

SHA1
252f7ccfae0068af4f3eaf1a496d884693ea441a

SHA256
4e2c1fc22284d51912f0c930c87a3d9705e9e2e4cba6d952f5a72c474a06c1d1

SHA512
8b62597273a3c8a623b605109ee731d4762a32e4b4925173ff63c3e007e82299b5c2b920092d88968d200b9e330411fd7b567f00fdc98f7963dad800af5e97f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
27e2f3f5a3e78be1b173d4a4a83896fa

SHA1
071958d8a159686cccb462731608f9337a21ef53

SHA256
a26c2994a825a62c690e5ff6910f57bf32be894faef0d69a3d643009f9e6ea58

SHA512
6652da6d1173639e08928dd37ed39752a85e9f8d0440e371f8077cba32553d3e612e49a36d86cfd6e1804b0b3f5defecebd31d28dcf923afa3c8b0ff4e4d2213

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnWebGPUCache\index

Filesize
256KB

MD5
756b308cc4583786df367db2f4a841c6

SHA1
137171bacbb4012c7b538310a79741e61c41526e

SHA256
ea47fa1a255f7fa4701d599fc9ae300d3f158a97cb025d676bb7b029a76d1c06

SHA512
577f4e8a1cefcbcbbd47dcd47e50590d0ab08683048d940c022dd64ca335a3b09b2bcbebf749167d1b9430b2d62a9c8307dab576115283312ae78fd71819e719

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_metadata\computed_hashes.json

Filesize
5KB

MD5
eb95daa26abf3e1769719f72665ba30f

SHA1
77515d76b6e9429ffd64105cbc345b600ed3bf2d

SHA256
0f2c124b4d0f11ce0bc64d6f9799650c1b9e54d443b0b17028094fb9d68f7dee

SHA512
a02ae7ae2d904bd3b40e1b93dde103d41e49242dfb32479c4b3e3bdde41d917a6418ab4c3695635fcdfedf24768d832d697b13c8acb5e1fbd99f9a79210c9db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_metadata\verified_contents.json

Filesize
11KB

MD5
8f99e1ef2afc5f73d9391c248a0390aa

SHA1
dd15dcd68ffb7cba69c6bba010df57a75390c64c

SHA256
d57215628af1ecd1ecd8f83da69245161e4e0a2ce24846b2fff6b35da232709b

SHA512
8f4aa8ce2ea90958bec430cd46f1e76d8e7617c0735d8ab896f4da1f84f3220920cca6ca2da2d7559355423ec115342183615f7e62e72ee6168a5930a078948b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
babd43551f1b29eb82e221460676126a

SHA1
e9bff307613a14b35830893bdb6d1ecc931b425d

SHA256
46b5ecada4edb2585f87953f7847aefc938be2404b9d9455c772b97295b7b1cb

SHA512
5ab681c170dbd1d374bd66edd02cbe21272819ef7389ad1e886bcba112deb91eb68fa930747986da5ca794881939570013e38edd9f8e6f718f7d202e74a82f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
160KB

MD5
9b85a4b842b758be395bc19aba64799c

SHA1
c32922b745c9cf827e080b09f410b4378560acb3

SHA256
ecc8d7540d26e3c2c43589c761e94638fc5096af874d7df216e833b9599c673a

SHA512
fad80745bb64406d8f2947c1e69817cff57cc504d5a8cdca9e22da50402d27d005988f6759eaa91f1f7616d250772c9f5e4ec2f98ce7264501dd4f436d1665f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
40KB

MD5
dfd4f60adc85fc874327517efed62ff7

SHA1
f97489afb75bfd5ee52892f37383fbc85aa14a69

SHA256
c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

SHA512
d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
846e79035d3847aa16a65b00ddcdff67

SHA1
da0f645565ca09623658bfd55a25a6c666379c73

SHA256
4a7022a0711157de9eee08b806ad8b14b28a127321b2fc4dc7aa4b33c9d8d6ef

SHA512
e9223f31b94a5983ecbf2d98b32321cc89dffdeae185daaf861b7671e4e92d4761c4c7b99c6ee25e4bc626440f78799714463fa1cfc2aa4545215aae8bf4bcb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
3KB

MD5
5d36fd44af8d5162c4bcf7ab933fabe5

SHA1
e85fc759d9dbeb201cf81762e21a4997221a8248

SHA256
2ac73e4f8ab7587b72e9cf20bea8abc7b5ac67ebbdfe0fa771863913c8d4e8ff

SHA512
d1111a44604472861a5a2e0b60681ca0660cb5ce8103d736b1b0c292f2ebae4571200b5aa4bf50665ef6f64b58ee3e10336497b75be1ca71d049473c5573f598

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
11KB

MD5
36eceaa59551a3efc3008c9b972ee019

SHA1
2dfc29c0cf2d8212849b1847c83727794b554d4c

SHA256
3ba9f2f765e826bf4e7f9e7f9972f68dfa723e6678948e9741e25b468aa300a5

SHA512
c23280e215c676056404fcc3f813ef853afb0f58cd21d84857940d51dfff9e6249c875ed1e0450ec753bf209ff9e4e192bd185caf81238795a3b3bcf41e2abee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
11KB

MD5
b687f9165df25be667a9bd2eca0b8e79

SHA1
89dd11697114352bbfe63aa3e5f388918042d92a

SHA256
88a3d0de226f3d03db5de8a6311506c81ebda06ca65b323715b0c69744125ff3

SHA512
9d68f4f140d6920a935c71ac3c7d3ce67525b15af6637deefb4cdeccc2d71a12910390a8f4dc7b438a18920632b1d55a8e28e5290f11813e400ad1ee389db5d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
febe8b30c72b9ed5786ae265ebaf844a

SHA1
010452344e00fcf8609b9df083803311efe683e9

SHA256
72d049174f8bb874a5db67735ce76cab400f25a72391ec557ef2720785b4c4ac

SHA512
01863fd726d2bb344f368673a31df809a58c810940200a8cf02d1be09ce92f1d097419fffabbada9651d2977948111e0916e2012d92974f96ce7c942ef01732e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Secure Preferences

Filesize
19KB

MD5
2755963431a18686e2fb4432f0cb816a

SHA1
c2dbbbc35073cae6acac49bd40348fc375408099

SHA256
cf3b9f4966bfce043fb0386becc167f8be0ec68b1f26a9496ad4edec52b7a8f3

SHA512
7ca3451dd467e66f78fe6479ef276a9fcdf0cbe360e2c1f613c702acabb0e8f3e674fd1f51e667fd6fb58c3ba2a6cb127bfe94002d5c44fec6e38fdea57fc714

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG

Filesize
333B

MD5
8006543bf5cf88125ed8911ca312b1c6

SHA1
cbb50ed316ba16942f629547d6e7b2a17d2b1823

SHA256
c10dc3bef6c066d49b0056fa4133762e3e3a1ec363e1bc969b682f88411f1279

SHA512
d333580a57b12c1a8a905b71adf90f4217bcc2889ef0c4f6124387a7051638a558a6622771a41abf3f0de0cb48f682e99d3d54e4931fcab13bb32c5183594f9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG.old

Filesize
295B

MD5
4455bd6d0e7549f3a9dd2795968a9114

SHA1
c860aa322a153fa6ff21f05d7d92067fde54e0ee

SHA256
b112bdacf76507e7c1ae94e4adae1e78d238d67ed9dca22b293e1375363208c3

SHA512
b768b352fdef10baecdc2822a09d23c9fc5adb3116c195b34209b2ed84bb3f14a8a71287f3fe014954a45782deee40448b16b618d429f077e2e992b3cb548ac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4fd0e1a48103a6adf9a49c99c8ba8a36

SHA1
c95007d1550c6b24eaeb81bace9dad0e36c2f9da

SHA256
63c68b644c9dd5efea10e3059212b614d7799e6ab34919157b496fa3934e8c84

SHA512
48a5a9aefc187e3c9b13595f3f7b95dbe32014c2c5db78e36ab157bfeb3c807d6f8a70e0c05c408458b59fe57905688059bfc014bc916202bd9a3370186a917c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580182.TMP

Filesize
48B

MD5
e49beaf6aa357511a15c43efced3d11a

SHA1
e94b230403dbe359e44ce0f62219925b95563ce6

SHA256
127cf87473381936ce2dc72724bca4e2f02a4fc28474c10dc23c919e796ce979

SHA512
c75b4d933fb86f90a5fe6a79cd9241561222e847a3cfd3a6b27ab8e5d4405c3eaf3f2c07fd399ae0ac07b75635d18342150069d61ac1877636ce05e9c44af158

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
c0deb2309da5c696c386b0b59ddbe94e

SHA1
e0b08df9237bad058891c82b226b48d1a605f4b3

SHA256
a0915ae5342bb0e7cffab9b121eb1f1a76bafcaeda5f4889b30c779bbc1aadd5

SHA512
33c52f12f6a878f5287691654a237f45ddb6981f4e2146cc11f3fee55fee55c83768a20a84ab3b37a927e6ac2414f798d0c2ec2107658ca46d178867327e5016

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
7741eee53c7f7628c5e4c73ec0248163

SHA1
581d8fbc4ebaf51d513e5a888ad6740f4bf9228d

SHA256
7487cac2fd57af12e578970912dcd2bf327d50e726e482508977ecddf2f006a8

SHA512
d9119ef34d4876edf207299df2e85852ff74aa1c359b719fa5ada9c8284519d4ae90df249be1a96b9f17b05934a41628e4f6f875c21f61d32ded8805b74d2940

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
307B

MD5
911619fd58bac4d5f457142f21ab7896

SHA1
1ff9b3aace5402459ac64de0e100a06996fdc00a

SHA256
9c63e40cbff2b13b4af64c1c561a2c96b1b573b0fe01f19351987ea1ce7f7f41

SHA512
4fb3c1c5dbd28dc4c8c471c06499c24ae9bc288c3928d2cc475af39ebee51e453d5c77f04b51804d72a7e43461040f8204ac463eddbae7079ba67c06476058c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnWebGPUCache\index

Filesize
256KB

MD5
84c70654b44dceed7897e7f62ad54ed0

SHA1
19622de636230457c03382da245069dc99940610

SHA256
2c3eb020570b34b527128ca15f24166e3c4a078166b4d5d3acea486330ccc203

SHA512
a4c06e63573352c851719f6dfbe430c0788d49d322d92bdc87e798cbde554167977f14d87c12f9d108414cd0192752410a9b376a5064254d698bd43b4d8de47b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\db

Filesize
44KB

MD5
b581f0ff8f8aa3371ae47b48c95329e8

SHA1
4f588efadf3675f3526cbe762c50eb8e79d9f2e5

SHA256
f8e7cd835195e4eff7855d20676484ca75f7e7e4fe5b13164fc926b365e1dea0

SHA512
e0a79452acb39838afea8ce34e05c7e5cde68f2a786fe4423ddf2588fc6047339e8e4c3140d7e0447f938b2266f52b9ddbdcc0f40c495d833b47b3f27d7996de

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
d8ba3849a4479a214a302a46c136ce1a

SHA1
37cffb7392c1a3268809a308313f089b2e2c0a6a

SHA256
1bb8905da6f5b0202ea5531aa30b122991d42abdc93fc27eb0548d0e7fb36a14

SHA512
6a8d4ef489496441e93bde407cb21053acf0d54bcad8bde9c98f6290168490f6db4d0134c5b7e00c6ea8031fb3a54ad6a0914e829892331935c4b348161f137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
83cf2194b1e984d2a4055060c5392791

SHA1
31220326be1366f021071b5384ba7b9b085c0971

SHA256
91d25c2b6be9c03c1a4d99e4a94a46c0ac27ab5edb57c87210e2bb2ec87ab4de

SHA512
a9e037a58155f7b37a81ea58000a8056a304ada459f3820bdf4c4c770806c6228e3dbaab226e8ec625e992dd03430c4fe7ddd2b7a75ec7d093e571b21d65578c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
283B

MD5
b31a61c9118cc50e2b901b605c24d4c1

SHA1
bbd955836dc58e61b1e00815d639ffe8c8c81115

SHA256
15364af072ab5d95c3c42c26b3bddc13e0f73ade74921edd616af3ef50945c3a

SHA512
8368b482a472d0dcfe27ce007f09e80898e6c3557454d4979f1b2e69203265a8c24177a3f8b1e7c61569a859a5cd903a0ec1f6c8d367a3e7614c0d81f447a45b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
a1674eea41e8b4f8ff27936690e54fdc

SHA1
9a27673041908ff371cfda37639dd384e33a12cd

SHA256
e91fa271b0afaae63c430c4c6c8e23827a58af022066aa1ef81c2feca303b74a

SHA512
c70c8cbfabfc7a6d1e44c71e5154d3cb2c2a789c48c938cae403f1518e08ded9aa751cb24aef77205a02960f837c7a888630ce41fe6de47a6f0ff533c585e7eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\trusted_vault.pb

Filesize
38B

MD5
b77fc97eecd8f7383464171a4edef544

SHA1
bbae26d2a7914a3c95dca35f1f6f820d851f6368

SHA256
93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68

SHA512
68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
80KB

MD5
1d93d26c7f6de5682d0167dd900d1858

SHA1
700a9676744ecd047e643f9505c0cee67511f221

SHA256
1cf3a40d84f5f1b8409035ba448226dae6ce3e70baacb737d6f90ad922688c29

SHA512
fe34e3a1a753410c6ed0a1b0ee25f86295944c25c0c7a385b4e4cd98362cb3bbeb55fd9becbe79d935ab663fc36523a8944a39254a624322562bdb92e576085a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
80KB

MD5
77df5c439c90326508bbcebc15831b93

SHA1
feedaa9a21f0f4bd5a07cd9c07c56be2cd3ba51b

SHA256
4ffa47fcfcc958a5c94faa68227d3263d1991070e2b4ee3e2370b19e440efa6d

SHA512
f6d71baba191e784c44d50e813346283230c45cd19eb6f5339a35f8065d244bf5a1d08ab2a9bb18991f20024e8b25260a7395a57267ca67be39f72dd459a84fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
81KB

MD5
6cde0c0e1be106cc9bc1b67be84c7606

SHA1
f4b377561495126c41d6baba85b000eb17fc5879

SHA256
6daa52f516ef859b54ca354c88d8b74074d9cdb420953b0c97f4fa899390ebe7

SHA512
a94a7b0a5b75f86dfb26aa8ea12480f2a82eacc70e98995732dc11d31e5a8c13d5171702d06c3dcd3e6d3bac2fcdf594a34013b23f365120ef3cccd137b957df

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
81KB

MD5
80c084ab4a9232d031a9adbc69f8b81b

SHA1
16efe7219e87bccb780576ffc52dad72d5a27f51

SHA256
ac1ee1d21ae5de9e07158e21acee7ec30a6bbd0f6e36945402a859a97b6e90f0

SHA512
ed2652d5abf145ee3edef41b437d1b3a9c311548ac117e967c8ee56635c48207e7b484b40a9b4dd5ab6da412ae585939ee85264e0acf7fd56cc4f72313fa0bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
733c157662041f784a00cdfee5fca5d6

SHA1
885f78b7a179a88fca587bcee02d38b359b6abec

SHA256
37ad413fd3205dd244898b7837d9130bfe2bd6860a168ff983942ee938051a29

SHA512
00c82928e6dee19826f5a5d74bf7d838e3cae1e272cdc063e90ba4b321ca488bf9a7e16fb0d75d532c56b1c0ea3f498cd3b9fae87fcfe03ac0c46efd4e8ff14c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db

Filesize
4KB

MD5
b9263bbf24428aaca95d04d04f3aeb6f

SHA1
5346015345f6df766df4bc9b42da076f6fdd440f

SHA256
1fe8f6113488865c546d2faa55b21482662ce4be19d4f505eeefa09bc3131489

SHA512
5bc2978bc96e1347500db552e2a2dfd9e5df25c8e16d3ab57e5519de43cb9c08f5aeefd1a6f6947d7fa253505918763b932f622636fc2a7a429fa72a5b49c7cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db-wal

Filesize
88KB

MD5
a278ad709dc6d4786d4326a7a18fc474

SHA1
5ea2ee8ccb9884b795182a83a255a3f2bb7fcf87

SHA256
614abac516fbbb572e59eecb88638cdaed6d7901466fce38807c9ae98ca67367

SHA512
8c91454919c969fc60aaeca91fbba9ad0b9b617e5870dec9ed7ceca1fb533d941efbf69f64727707d96a489ab3553c584cb3f81bff94c79366f67f51fdba8cfe

Download Submit