fabookie | 261b33850dd1404b22acfd5fe7e46806dce68f710f9b21b7ec00a264804e2137

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_installer.exe
Size

3.5MB
MD5

d9bf5a4a57360e80dd0674d8d127c906
SHA1

ada3ace75758cf3430d1a61575afda752cd12d89
SHA256

99ab43493604011b133c4a11a4e737359aac4a74ad33b6eb88ba5e2171ffe1d7
SHA512

e72b6b111b8ff17d2077f6a9f7a64033ce6f80e24d37811f4c246e3717454dda85b566bfda8899fb8da371a9bf3424d209816ad5d4e6f89ecbf2dbb2c794c665
SSDEEP

98304:x+YWYM+AQt8ONp5oeL8hK3oVOpMoZFCvLUBsKpM:x4Yt8opyeiK3oVOtZ2LUCKS

Malware Config

Extracted

Family

nullmixer

http://watira.xyz/

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

vidar

Version

39.9

Botnet

706

https://prophefliloc.tumblr.com/

Attributes

profile_id
706

Extracted

Family

redline

Botnet

ANINEWONE

zisiarenal.xyz:80

Extracted

Family

smokeloader

Version

2020

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

Signatures

Detect Fabookie payload 2 IoCs

resource	yara_rule
behavioral4/files/0x000600000002324b-75.dat	family_fabookie
behavioral4/files/0x000600000002324b-83.dat	family_fabookie

Fabookie
Fabookie is facebook account info stealer.
spyware stealer fabookie
NullMixer
NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
dropper nullmixer
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
loader privateloader
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral4/memory/1372-156-0x0000000000400000-0x000000000041E000-memory.dmp	family_redline

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 1 IoCs

resource	yara_rule
behavioral4/memory/1372-156-0x0000000000400000-0x000000000041E000-memory.dmp	family_sectoprat

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars

Socelars payload 1 IoCs

resource	yara_rule
behavioral4/files/0x000600000002324a-74.dat	family_socelars

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Nirsoft 9 IoCs

resource	yara_rule
behavioral4/memory/2300-124-0x0000000000400000-0x000000000045B000-memory.dmp	Nirsoft
behavioral4/memory/2380-127-0x0000000000400000-0x000000000045B000-memory.dmp	Nirsoft
behavioral4/memory/968-154-0x0000000000400000-0x000000000045B000-memory.dmp	Nirsoft
behavioral4/memory/2608-160-0x0000000000400000-0x000000000045B000-memory.dmp	Nirsoft
behavioral4/memory/3856-181-0x0000000000400000-0x000000000045B000-memory.dmp	Nirsoft
behavioral4/memory/3856-183-0x0000000000400000-0x000000000045B000-memory.dmp	Nirsoft
behavioral4/memory/2120-186-0x0000000000400000-0x000000000045B000-memory.dmp	Nirsoft
behavioral4/memory/4892-206-0x0000000000400000-0x000000000045B000-memory.dmp	Nirsoft
behavioral4/memory/700-210-0x0000000000400000-0x000000000045B000-memory.dmp	Nirsoft

Vidar Stealer 3 IoCs

stealer

resource	yara_rule
behavioral4/memory/4912-137-0x0000000004900000-0x000000000499D000-memory.dmp	family_vidar
behavioral4/memory/4912-140-0x0000000000400000-0x0000000002CBF000-memory.dmp	family_vidar
behavioral4/memory/4912-714-0x0000000000400000-0x0000000002CBF000-memory.dmp	family_vidar

ASPack v2.12-2.42 5 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral4/files/0x0006000000023251-32.dat	aspack_v212_v242
behavioral4/files/0x000600000002324d-39.dat	aspack_v212_v242
behavioral4/files/0x000600000002324c-40.dat	aspack_v212_v242
behavioral4/files/0x000600000002324f-46.dat	aspack_v212_v242
behavioral4/files/0x000600000002324f-48.dat	aspack_v212_v242

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation	setup_installer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation	sahiba_1.exe

Executes dropped EXE 21 IoCs

pid	Process
3772	setup_install.exe
2956	sahiba_1.exe
4548	sahiba_2.exe
4448	sahiba_6.exe
888	sahiba_4.exe
4912	sahiba_3.exe
4948	sahiba_9.exe
4624	sahiba_5.exe
2808	sahiba_8.exe
3612	sahiba_7.exe
5024	sahiba_5.tmp
1560	sahiba_1.exe
2300	jfiag3g_gg.exe
2380	jfiag3g_gg.exe
968	jfiag3g_gg.exe
2608	jfiag3g_gg.exe
1372	sahiba_4.exe
3856	jfiag3g_gg.exe
2120	jfiag3g_gg.exe
4892	jfiag3g_gg.exe
700	jfiag3g_gg.exe

Loads dropped DLL 6 IoCs

pid	Process
3772	setup_install.exe
3772	setup_install.exe
3772	setup_install.exe
3772	setup_install.exe
3772	setup_install.exe
5024	sahiba_5.tmp

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral4/files/0x0007000000023255-120.dat	upx
behavioral4/memory/2300-124-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral4/memory/2380-127-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral4/memory/968-154-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral4/memory/2608-160-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral4/files/0x0008000000023255-179.dat	upx
behavioral4/memory/3856-181-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral4/memory/3856-183-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral4/memory/2120-186-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral4/memory/4892-206-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral4/memory/4892-204-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral4/memory/700-210-0x0000000000400000-0x000000000045B000-memory.dmp	upx

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	sahiba_8.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
27	iplogger.org
28	iplogger.org
34	iplogger.org
49	iplogger.org

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
13	ipinfo.io
14	ipinfo.io
18	ip-api.com

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 888 set thread context of 1372	888	sahiba_4.exe	113

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2212	3772	WerFault.exe	88
392	1372	WerFault.exe	113
4756	4548	WerFault.exe	103

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	sahiba_2.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	sahiba_2.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	sahiba_2.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3720	taskkill.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4548	sahiba_2.exe
4548	sahiba_2.exe
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found
3556	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
4548	sahiba_2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe
2592	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	2808	sahiba_8.exe
Token: SeAssignPrimaryTokenPrivilege	2808	sahiba_8.exe
Token: SeLockMemoryPrivilege	2808	sahiba_8.exe
Token: SeIncreaseQuotaPrivilege	2808	sahiba_8.exe
Token: SeMachineAccountPrivilege	2808	sahiba_8.exe
Token: SeTcbPrivilege	2808	sahiba_8.exe
Token: SeSecurityPrivilege	2808	sahiba_8.exe
Token: SeTakeOwnershipPrivilege	2808	sahiba_8.exe
Token: SeLoadDriverPrivilege	2808	sahiba_8.exe
Token: SeSystemProfilePrivilege	2808	sahiba_8.exe
Token: SeSystemtimePrivilege	2808	sahiba_8.exe
Token: SeProfSingleProcessPrivilege	2808	sahiba_8.exe
Token: SeIncBasePriorityPrivilege	2808	sahiba_8.exe
Token: SeCreatePagefilePrivilege	2808	sahiba_8.exe
Token: SeCreatePermanentPrivilege	2808	sahiba_8.exe
Token: SeBackupPrivilege	2808	sahiba_8.exe
Token: SeRestorePrivilege	2808	sahiba_8.exe
Token: SeShutdownPrivilege	2808	sahiba_8.exe
Token: SeDebugPrivilege	2808	sahiba_8.exe
Token: SeAuditPrivilege	2808	sahiba_8.exe
Token: SeSystemEnvironmentPrivilege	2808	sahiba_8.exe
Token: SeChangeNotifyPrivilege	2808	sahiba_8.exe
Token: SeRemoteShutdownPrivilege	2808	sahiba_8.exe
Token: SeUndockPrivilege	2808	sahiba_8.exe
Token: SeSyncAgentPrivilege	2808	sahiba_8.exe
Token: SeEnableDelegationPrivilege	2808	sahiba_8.exe
Token: SeManageVolumePrivilege	2808	sahiba_8.exe
Token: SeImpersonatePrivilege	2808	sahiba_8.exe
Token: SeCreateGlobalPrivilege	2808	sahiba_8.exe
Token: 31	2808	sahiba_8.exe
Token: 32	2808	sahiba_8.exe
Token: 33	2808	sahiba_8.exe
Token: 34	2808	sahiba_8.exe
Token: 35	2808	sahiba_8.exe
Token: SeDebugPrivilege	4448	sahiba_6.exe
Token: SeDebugPrivilege	3720	taskkill.exe
Token: SeShutdownPrivilege	3556	Process not Found
Token: SeCreatePagefilePrivilege	3556	Process not Found
Token: SeShutdownPrivilege	3556	Process not Found
Token: SeCreatePagefilePrivilege	3556	Process not Found
Token: SeShutdownPrivilege	3556	Process not Found
Token: SeCreatePagefilePrivilege	3556	Process not Found
Token: SeShutdownPrivilege	3556	Process not Found
Token: SeCreatePagefilePrivilege	3556	Process not Found
Token: SeShutdownPrivilege	3556	Process not Found
Token: SeCreatePagefilePrivilege	3556	Process not Found
Token: SeShutdownPrivilege	3556	Process not Found
Token: SeCreatePagefilePrivilege	3556	Process not Found
Token: SeShutdownPrivilege	3556	Process not Found
Token: SeCreatePagefilePrivilege	3556	Process not Found
Token: SeShutdownPrivilege	3556	Process not Found
Token: SeCreatePagefilePrivilege	3556	Process not Found
Token: SeShutdownPrivilege	3556	Process not Found
Token: SeCreatePagefilePrivilege	3556	Process not Found
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe
Token: SeShutdownPrivilege	2592	chrome.exe
Token: SeCreatePagefilePrivilege	2592	chrome.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2592	chrome.exe
2592	chrome.exe
3556	Process not Found
3556	Process not Found

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1372	sahiba_4.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 3772	4476	setup_installer.exe	88
PID 4476 wrote to memory of 3772	4476	setup_installer.exe	88
PID 4476 wrote to memory of 3772	4476	setup_installer.exe	88
PID 3772 wrote to memory of 4056	3772	setup_install.exe	102
PID 3772 wrote to memory of 4056	3772	setup_install.exe	102
PID 3772 wrote to memory of 4056	3772	setup_install.exe	102
PID 3772 wrote to memory of 4176	3772	setup_install.exe	101
PID 3772 wrote to memory of 4176	3772	setup_install.exe	101
PID 3772 wrote to memory of 4176	3772	setup_install.exe	101
PID 3772 wrote to memory of 4972	3772	setup_install.exe	100
PID 3772 wrote to memory of 4972	3772	setup_install.exe	100
PID 3772 wrote to memory of 4972	3772	setup_install.exe	100
PID 3772 wrote to memory of 4760	3772	setup_install.exe	99
PID 3772 wrote to memory of 4760	3772	setup_install.exe	99
PID 3772 wrote to memory of 4760	3772	setup_install.exe	99
PID 3772 wrote to memory of 3928	3772	setup_install.exe	98
PID 3772 wrote to memory of 3928	3772	setup_install.exe	98
PID 3772 wrote to memory of 3928	3772	setup_install.exe	98
PID 3772 wrote to memory of 2228	3772	setup_install.exe	97
PID 3772 wrote to memory of 2228	3772	setup_install.exe	97
PID 3772 wrote to memory of 2228	3772	setup_install.exe	97
PID 3772 wrote to memory of 4112	3772	setup_install.exe	96
PID 3772 wrote to memory of 4112	3772	setup_install.exe	96
PID 3772 wrote to memory of 4112	3772	setup_install.exe	96
PID 3772 wrote to memory of 656	3772	setup_install.exe	95
PID 3772 wrote to memory of 656	3772	setup_install.exe	95
PID 3772 wrote to memory of 656	3772	setup_install.exe	95
PID 3772 wrote to memory of 892	3772	setup_install.exe	94
PID 3772 wrote to memory of 892	3772	setup_install.exe	94
PID 3772 wrote to memory of 892	3772	setup_install.exe	94
PID 4056 wrote to memory of 2956	4056	cmd.exe	91
PID 4056 wrote to memory of 2956	4056	cmd.exe	91
PID 4056 wrote to memory of 2956	4056	cmd.exe	91
PID 4176 wrote to memory of 4548	4176	cmd.exe	103
PID 4176 wrote to memory of 4548	4176	cmd.exe	103
PID 4176 wrote to memory of 4548	4176	cmd.exe	103
PID 2228 wrote to memory of 4448	2228	cmd.exe	111
PID 2228 wrote to memory of 4448	2228	cmd.exe	111
PID 4760 wrote to memory of 888	4760	cmd.exe	110
PID 4760 wrote to memory of 888	4760	cmd.exe	110
PID 4760 wrote to memory of 888	4760	cmd.exe	110
PID 4972 wrote to memory of 4912	4972	cmd.exe	105
PID 4972 wrote to memory of 4912	4972	cmd.exe	105
PID 4972 wrote to memory of 4912	4972	cmd.exe	105
PID 892 wrote to memory of 4948	892	cmd.exe	104
PID 892 wrote to memory of 4948	892	cmd.exe	104
PID 892 wrote to memory of 4948	892	cmd.exe	104
PID 3928 wrote to memory of 4624	3928	cmd.exe	107
PID 3928 wrote to memory of 4624	3928	cmd.exe	107
PID 3928 wrote to memory of 4624	3928	cmd.exe	107
PID 656 wrote to memory of 2808	656	cmd.exe	106
PID 656 wrote to memory of 2808	656	cmd.exe	106
PID 656 wrote to memory of 2808	656	cmd.exe	106
PID 4112 wrote to memory of 3612	4112	cmd.exe	109
PID 4112 wrote to memory of 3612	4112	cmd.exe	109
PID 4112 wrote to memory of 3612	4112	cmd.exe	109
PID 4624 wrote to memory of 5024	4624	sahiba_5.exe	112
PID 4624 wrote to memory of 5024	4624	sahiba_5.exe	112
PID 4624 wrote to memory of 5024	4624	sahiba_5.exe	112
PID 888 wrote to memory of 1372	888	sahiba_4.exe	113
PID 888 wrote to memory of 1372	888	sahiba_4.exe	113
PID 888 wrote to memory of 1372	888	sahiba_4.exe	113
PID 2956 wrote to memory of 1560	2956	sahiba_1.exe	114
PID 2956 wrote to memory of 1560	2956	sahiba_1.exe	114

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
"C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\setup_install.exe
  "C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\setup_install.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3772
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c sahiba_9.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:892
  - - C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_9.exe
      sahiba_9.exe
      4⤵
      Executes dropped EXE
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
        
        C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
        5⤵
        Executes dropped EXE
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
        
        C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /DeleteCookiesWildcard "*.facebook.com"
        5⤵
        Executes dropped EXE
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
        
        C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
        5⤵
        Executes dropped EXE
        
        PID:968
    - - C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
        
        C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /CookiesFile "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Cookies" /DeleteCookiesWildcard "*.facebook.com"
        5⤵
        Executes dropped EXE
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
        
        C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
        5⤵
        Executes dropped EXE
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
        
        C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies" /DeleteCookiesWildcard "*.facebook.com"
        5⤵
        Executes dropped EXE
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
        
        C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /scookiestxt C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt
        5⤵
        Executes dropped EXE
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe
        
        C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe /CookiesFile "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Cookies" /DeleteCookiesWildcard "*.facebook.com"
        5⤵
        Executes dropped EXE
        
        PID:700
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c sahiba_8.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:656
  - - C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_8.exe
      sahiba_8.exe
      4⤵
      Executes dropped EXE
      Drops Chrome extension
      Suspicious use of AdjustPrivilegeToken
      PID:2808
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c taskkill /f /im chrome.exe
        5⤵
        
        PID:2204
      - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill /f /im chrome.exe
        6⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3720
    - - C:\Windows\SysWOW64\xcopy.exe
        
        xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
        5⤵
        Enumerates system info in registry
        
        PID:4748
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
        5⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        
        PID:2592
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1872,i,8907091802541167419,9934998239357479574,131072 /prefetch:1
        6⤵
        
        PID:3152
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1872,i,8907091802541167419,9934998239357479574,131072 /prefetch:1
        6⤵
        
        PID:5048
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2264 --field-trial-handle=1872,i,8907091802541167419,9934998239357479574,131072 /prefetch:8
        6⤵
        
        PID:4648
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3492 --field-trial-handle=1872,i,8907091802541167419,9934998239357479574,131072 /prefetch:1
        6⤵
        
        PID:1404
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3472 --field-trial-handle=1872,i,8907091802541167419,9934998239357479574,131072 /prefetch:1
        6⤵
        
        PID:1764
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --mojo-platform-channel-handle=2176 --field-trial-handle=1872,i,8907091802541167419,9934998239357479574,131072 /prefetch:8
        6⤵
        
        PID:2840
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1872,i,8907091802541167419,9934998239357479574,131072 /prefetch:2
        6⤵
        
        PID:1596
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5024 --field-trial-handle=1872,i,8907091802541167419,9934998239357479574,131072 /prefetch:1
        6⤵
        
        PID:1940
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4240 --field-trial-handle=1872,i,8907091802541167419,9934998239357479574,131072 /prefetch:2
        6⤵
        
        PID:2488
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c sahiba_7.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_7.exe
      sahiba_7.exe
      4⤵
      Executes dropped EXE
      PID:3612
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c sahiba_6.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_6.exe
      sahiba_6.exe
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4448
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c sahiba_5.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_5.exe
      sahiba_5.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\is-93JE6.tmp\sahiba_5.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-93JE6.tmp\sahiba_5.tmp" /SL5="$601EA,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_5.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5024
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c sahiba_4.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_4.exe
      sahiba_4.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of WriteProcessMemory
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_4.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_4.exe
        5⤵
        Executes dropped EXE
        Suspicious use of UnmapMainImage
        
        PID:1372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 12
        6⤵
        Program crash
        
        PID:392
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c sahiba_3.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_3.exe
      sahiba_3.exe
      4⤵
      Executes dropped EXE
      PID:4912
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c sahiba_2.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_2.exe
      sahiba_2.exe
      4⤵
      Executes dropped EXE
      Checks SCSI registry key(s)
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      PID:4548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 372
        5⤵
        Program crash
        
        PID:4756
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c sahiba_1.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 556
    3⤵
    - Program crash
    PID:2212

C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_1.exe
sahiba_1.exe
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_1.exe
  "C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_1.exe" -a
  2⤵
  - Executes dropped EXE
  PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3772 -ip 3772
1⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1372 -ip 1372
1⤵
PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4548 -ip 4548
1⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff945e59758,0x7ff945e59768,0x7ff945e59778
1⤵
PID:740

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js

Filesize
15KB

MD5
e8fcd3e6c62bc18bd8a69a5d278fd834

SHA1
509ce669b1c727d0cefe93643c60514fcf119353

SHA256
fff861be5fdee55e5d2bd0ca2c12a1704bece5a9ae7c7a4709404f8cbb4159b4

SHA512
7e680b7734a558d02958043f0077bca9f265cbdecec095238f63d775f1e62ff9564dc2effba0e812ddb7762dd61f0a08eeb8fee35a3e4f245dd5ffaf9421fe5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js

Filesize
14KB

MD5
dd274022b4205b0da19d427b9ac176bf

SHA1
91ee7c40b55a1525438c2b1abe166d3cb862e5cb

SHA256
41e129bb90c2ac61da7dac92a908559448c6448ba698a450b6e7add9493739c6

SHA512
8ee074da689a7d90eca3c8242f7d16b0390b8c9b133d7bbdef77f8bf7f9a912e2d60b4a16f1c934f1bd38b380d6536c23b3a2f9939e31a8ef9f9c539573387b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json

Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
a76be3aeb0938d4369d3906711d42111

SHA1
fa4f6e1de09eddfb84918d62df9bd265352a5345

SHA256
29dec1a17e45069f4a385e0c7405f9ff279090a0a932ffe5e0a573bc5685b568

SHA512
b9fd61344777c53bd1d40cc666d022df4fde2ca4cb8f18ba97640ae2a5274935d30ab1da5ecb0aaccd4c5377fd8c23aef223be321918370554313386c56cb7cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\libcurl.dll

Filesize
218KB

MD5
d09be1f47fd6b827c81a4812b4f7296f

SHA1
028ae3596c0790e6d7f9f2f3c8e9591527d267f7

SHA256
0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e

SHA512
857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\libcurlpp.dll

Filesize
54KB

MD5
e6e578373c2e416289a8da55f1dc5e8e

SHA1
b601a229b66ec3d19c2369b36216c6f6eb1c063e

SHA256
43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f

SHA512
9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\libgcc_s_dw2-1.dll

Filesize
113KB

MD5
9aec524b616618b0d3d00b27b6f51da1

SHA1
64264300801a353db324d11738ffed876550e1d3

SHA256
59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e

SHA512
0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\libstdc++-6.dll

Filesize
256KB

MD5
a193ffdca5964b12c791db8c3a33f5f6

SHA1
3003e03561588215f677cfe88862ae0a3c6c3300

SHA256
4d47641be71c5f4a3abc7781e9d1c591fde5f8475fc0ca0f5e1c0ceb884a097c

SHA512
d2ca365c1ea37df490a54dc4f3ce3a624f6164cfa150fc541e39f6eada13ba52de4a23a7760b7417ec8fb4afd248094157c0641e6b4226a6c86b8a4461210590

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\libstdc++-6.dll

Filesize
647KB

MD5
5e279950775baae5fea04d2cc4526bcc

SHA1
8aef1e10031c3629512c43dd8b0b5d9060878453

SHA256
97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87

SHA512
666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\libwinpthread-1.dll

Filesize
69KB

MD5
1e0d62c34ff2e649ebc5c372065732ee

SHA1
fcfaa36ba456159b26140a43e80fbd7e9d9af2de

SHA256
509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723

SHA512
3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_1.exe

Filesize
56KB

MD5
c0d18a829910babf695b4fdaea21a047

SHA1
236a19746fe1a1063ebe077c8a0553566f92ef0f

SHA256
78958d664b1c140f2b45e56c4706108eeb5f14756977e2efd3409f8a788d3c98

SHA512
cca06a032d8232c0046c6160f47b8792370745b47885c2fa75308abc3df76dcc5965858b004c1aad05b8cd8fbb9a359077be1b97ec087a05d740145030675823

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_2.txt

Filesize
173KB

MD5
6f7b424313d15e08395e1664f3c2402f

SHA1
a76445807230f860a6c2d05b5ae784177cd7322c

SHA256
2a809a37cf2284be58d6dd03b2df2a9bd129ce0d4c035fbbe8b15b329cfefd19

SHA512
15a4265743091f9208ba6546792893e3be7ab3cfa5cb65a39b6a54014c5848f61c934572f5173856e8f565827173bb8636874a3244fb6e2b710cb03dbd947448

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_3.txt

Filesize
540KB

MD5
843b024c6e300916d24c8b26d185a38e

SHA1
945db22a89c8bc328c2504b6a32fa5c4fabe514c

SHA256
3820f614a5bc93944f9ab3c53ecb0a5608e0b60994a4cdeab1ec1b04626ab97e

SHA512
9fc2e374a6c6fcdbdb9ccb3ec8f6f76a65512ca4329554f1d37bb139a84b857e6eee4b7902250c878ca42a0ac9c5a5c6c6112ddc6f30873c940f0af6823d443c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_4.exe

Filesize
128KB

MD5
23760ffd260279bb5be2cdec328bfffb

SHA1
d44e9150d9d6257b9a7c195f46ed8147bed533fb

SHA256
8bf32ef7f78ebc61a54c935fa6f73728feab0cc75d077a60cb5718a3079b5f34

SHA512
1a497a6b10ce9ae4ef5a710597ae8a727e3784ac6ae60ced60194b48099667a9d5e875444d4f4ef3335449150cc6efeb60b895639b0fea3d9cf02112164c8e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_4.txt

Filesize
397KB

MD5
6e59f2a87fd87c5d5eda76c81cb1b4dd

SHA1
40ec41d0d741be2c1d72090f360398571a2d8cb8

SHA256
cae278dded2dbf48c930e06d333ce32d0d7645d638203892a7c411ea814334db

SHA512
791bbf6ff77ad3d420b31a80b7cf5ba13d17e4e4427a64d4f3dbd6f37f59ab220852b6a859a374bd034a1403c5a6deadb9ffd0f79814a55d0d5e77f630964d20

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_5.txt

Filesize
759KB

MD5
52e5bf9bc7e415e0dd079bfa2d753054

SHA1
086f3ca067952333f587384ec81ac5cfb343d1db

SHA256
19c5cf5343d2ab1b120d41b3c536340ccb8a6c0656ba9567d7ce5afaed18e277

SHA512
f3386dc44073be1f3bdf471a0144363a55311088738a4e0d87250f2038bcf41bd884afbce8a4d98f57a82d7ba8cfe68c9366ef4c5ba9250a0e470806338054bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_6.txt

Filesize
181KB

MD5
3d7cb53c9a570dc454c1f209ac8e33b7

SHA1
40b96a338aebe63c9b794547e840c9dd3470af6b

SHA256
8bcd2b42e543f9638e5027e4e5cb19c46dd2bbed9f2038524b65d882f1775005

SHA512
cb250d5fdbaa90ae715856e791e4d0afb6ee2ba9975e48b9059a15926f481abb296b8340433c3aa36d56288981c6f3b67af503f61c16afc0d75e83e3ebd967cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_7.exe

Filesize
192KB

MD5
c62f783b40ee8e1357555b56f37da7de

SHA1
b7c47a922734800263cafff92942b1b49a60e239

SHA256
c49c6cd87e6093ce4bc74c0880a46b26a21630ea05e814797c34158ce02ba86e

SHA512
fc27baddcb147c510edb1d0d9957dd472ca7420bc79d3a10c08c4903082a90a2e704b20a7d57dc40919d66c35bb97d536a4a53aac31ea6c4c9024535d3640881

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_7.txt

Filesize
1.2MB

MD5
aca9e3d2f97237a4c3dd38a63bf092bc

SHA1
eec122a60c2433ee912c7f15d45be983170de81a

SHA256
fb927a1a69165c7e0dcb5365830d43a8dcb2210036ee121d801d02ee6b7a5458

SHA512
9c9b2387390e57ea68e4f9981070319c94bd2808ba0450eb373ae341d42398837d23a8982811779cb9ff854c92901d10fb37158560231554c07a49e7e3646a66

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_8.txt

Filesize
1.4MB

MD5
3f299a733908c56974074ca13f93d664

SHA1
f450fe5e211b5328c86e8b778bcb9d3cdc6abd01

SHA256
9a71d17c1442de60ac7983848c42114fa21298105b2924db66b2103c584612f9

SHA512
0dc4dfed574e3c3b34725552a5c10d8460536e1dce4ec996f825dd7679776ef61d34ac0b498b6597189d11aad43a943ed035ed1a4897b2d4325ccde5e46828a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_9.exe

Filesize
832KB

MD5
7e46ba975fdca651f03c6761e2529acd

SHA1
15a38d0386e38d528a4fcf5e42ad471eb2d742fe

SHA256
3cb95dfd9c30346630889ee17cbcf549542e09223e831634da8c3d5f2aadab27

SHA512
d112b2169304610ce5aa6225fdc4a090593ed51f4f15ed3228153c9d0f9a191121af74db94a8d1447f5ac4afa721d95b8747a30dd3454c5512c9eff6535dede7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\sahiba_9.txt

Filesize
983KB

MD5
270dd1da0ab7f38cdff6fab84562ec7a

SHA1
cf7be169ee4415085baeb4aeaa60932ac5abf4ac

SHA256
7d7d5ae0fa9286fea65a6f94240389998ff0d08340a2aedc67ef3547e84d64c6

SHA512
dc3d7d112a8e43c34261f3425ef6710d61cb92d797dd4a1e9b04e02971db42a4a2e2488bf5397c0ec9a6a1a6a718cec77c379377647402099cb7e4a5bb381286

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC7112B07\setup_install.exe

Filesize
287KB

MD5
61c61c48cf7df7831fb43bc1b56e96f6

SHA1
53e54898a17b4b82653c6f6278a92619b4036c3b

SHA256
f487754a7efcb9c9acf0cad09b655bbc3ee712959a39f9f9ecd62ecdbd6b875a

SHA512
99a22c80a9d572bab2a37da329b87b9e1292fba80440151ab0370a513a6e318277967e2e9220901bb32a19659e050cfda5a6b5cdea56bf9f23ea6c796644ba03

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
b16d057a887f903cf48aafcc00b26b19

SHA1
a73578aeddf4bfdca89bc2116eeb9c7b0d895093

SHA256
9a1776225f72c1146c77ab4f66fdc2512a93bbd65b755af26760d2ac816c39fa

SHA512
220dfde0a263aef20740cae519eec4b2c82bedeb0f466311f9222879a11d3eb043b363bd0e98613c5130b628e84864ad3f7c66ca77e047efb436b05d13290074

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\9d484cf7-2e64-4485-86e9-e3a14eb6722c.tmp

Filesize
18KB

MD5
e334a89325a89b0c0c9021eee4e10379

SHA1
707e0fac08e92f794a956143b75c3f5fdda8058a

SHA256
5e18c8427ba9ba1428d87d15e4eff28850d712db09c12ea3c6f3df946f375418

SHA512
421c06f0beedd306f4916a67d6842b4e5361b7fb12b8e8c1f1b5cac80c8688b9a6ddfc57e1183381d71d3e84996e6f776c68d22775e033e70a9a82b04abe5f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000006

Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000b

Filesize
46KB

MD5
beafc7738da2d4d503d2b7bdb5b5ee9b

SHA1
a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0

SHA256
bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4

SHA512
a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000c

Filesize
37KB

MD5
01ef159c14690afd71c42942a75d5b2d

SHA1
a38b58196f3e8c111065deb17420a06b8ff8e70f

SHA256
118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b

SHA512
12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000d

Filesize
46KB

MD5
621714e5257f6d356c5926b13b8c2018

SHA1
95fbe9dcf1ae01e969d3178e2efd6df377f5f455

SHA256
b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800

SHA512
b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d683f25de97c80a84589ac70202a4d24

SHA1
7bc4a232a5015f844a5a9aadc4aff376fa2f8680

SHA256
4de6038b055f6b79ba2113da94be6d1da4f9a90a2e31f6e60af570f11cdada89

SHA512
84b7c53531d297cbc3d7724a27015c7f71691b68c3bcba47db5edfc00af6b3903984eaac9f884b6d285d0abb327df7ec323c39407776adb3fb401fed9f120c0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
700ad7f4974b0a7d74f8d4137cb3e6ec

SHA1
57057f71006a5998b93da13e7842a5b2f4875f84

SHA256
e984b3573be478a6c2890d851e023c2f464b3d251d895fe5c9ecfa2e52c6bf99

SHA512
1fdb986b6b78c7f119d8330059223f4585fb162cab7c98cce932322d3dfd87eb112bcab02dd7cdbc2500ae6580b5f14b9afc5a2dc275d54be71e527f36fffeb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
16cc067ba78659d1c9ce646038e1f97a

SHA1
57c6bfd8f4faa5e6c986e6a02cf1a375caf47b4c

SHA256
097a2b8062a021c8f4d8cb6327125aaa1c9d85629fc0277b0f0af1ad41489032

SHA512
c2ce3a3f49e25fccb3e5267e935a28517839bb55e594578c51dcea1a08e9565279c2452cf51aca58da7a12adb54f6ac8075d5f2e0b5f4c98b635ffae83137521

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
bbe91237cee20dc938832b3348acc89e

SHA1
d84efb5ef281c93aa3a2d2977dfdb932a3f69897

SHA256
2228257e11c67752bf08ed999b5dfdfa8efd3df8372573c022eb672a0ee9b62c

SHA512
d56dcfbbed34ab50bc6840ab077e15a621bb9549ed0c0074d4c40d5c3f757391bff1732be9ad47f0fe279f75221441b0a84473fc4cb1085544ea1b914e61c694

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
874B

MD5
0f005630644ab7244bb5a0faa3d2e762

SHA1
cc5146d61fbe8d73aede43bfda26eecca5dc16ac

SHA256
49e5a0a01884c98d17ca3eac99367ca0d3dd6adac859ee05d53e106ca2baf847

SHA512
ec613f8cd41f8f265debdb8a70d3cdc2d32d9e06acb9fc211f80863991b3471769021eda0dfc1285471dd596ab0e716a446bb64e20570eeccff56b77e353b14c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
872B

MD5
796655fdf7b31fcab7d27ce846263f5e

SHA1
c92ca65d9a033fef9dade2d834fba731edf8c12f

SHA256
b287b496fc05976f47d150eef89badfa4119af3872a18396bef592c284349f05

SHA512
b31128f1e1c9901e3f1905c76bde46ad7b7a828f6aa9f9b7cdeaf8361e8bb796b20d8a999a2f782f02ffae0c1fabd17f85565be7fff2e65b04fa033511726a2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
6KB

MD5
9d4974b0208d5c8053ebf832da6aa9d7

SHA1
1bf3be70e208874d263a19e732886fa00224f8f0

SHA256
3174c768c6e04945ff9e8d89a6888659416f869f2c9021c757e3a73f2a15043a

SHA512
d1f336743b670e4047856dc92446ea79eb830ec49ddbab404c6235ae9740fd5b592fde0317fe6b3b53606e759ef74510e4e8b6b4b577a1b08e1ad8440b50f070

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
eb63ee89cd890e4971520af7a83841c8

SHA1
a2d7bb5721f815427af8afb5e6ed61a8abe395ad

SHA256
ad4fd71d945ce82011b5d7e0289e8afdec3b5be9737577b5a96f2f823a1d8a8b

SHA512
a45b966a263036338b6d8224a49aa5e06f1d213808b068d429c9d47b649b23f7e87e2858954863aadbf5b9c7181a8df0a168683c125db5433815b7ccd3d717af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Filesize
256KB

MD5
c84c0b8b2427fe077e8709a0b5050b76

SHA1
076ffa117d20df0fd4850b2da57e175646793f7e

SHA256
e661228721bcc212f4a9cf79175c45760fba973288aa18c1c7571d57a6c68b7e

SHA512
53fc2ddd6842a949a041d6d5de4894106ba75fd101122a88f466e67186f42b51e232cf957e40ca0a6225ca56c7ba93e445dee261e0d5d72fe857471c9f8fc31c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
257KB

MD5
66fe078b5d4547e2f56dd292b5ed2b8f

SHA1
a7903d49744f061e335f3ee16995abe57d0130f9

SHA256
5f62a6825770b85ac85b0690958a9ee531ad6a33fe0518506bd03201de044446

SHA512
26eeb3f711d0f595e55bbe06533e8cf4314c5d976d1cec16509a5a74d26f98e93f5b3baa92bbc49f5f6a2af5882db69ce0676b6b712fb0db61e6f0ba7c3f0783

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
130KB

MD5
e3c8afc3208555628a883658f28a7b96

SHA1
d70e1f0874f1643139468f6553f87d837ba24c29

SHA256
2a825a3aede477410ec9cbc97cc33da98e57fdf2bac5bc9a8b74eef283505d12

SHA512
f3689cc8d9715a39a58764b267f2bb7424e8f9738f03b358eea60be97bdc3341f078868bdf7530ba1ddba884a29bb175d63d9740564b82599713762b2453ce77

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
143a1989c49f7e89e7047b3444363dcc

SHA1
a9ee7dfd9d74c83cc0a62d5906c8237c1a04b498

SHA256
fa6cbca1836d12898746df31e7b987759581b082af81b5dde27ddfaa180d9913

SHA512
89d8f01911e5f1d137e2aec0ba4f35bcbc03d8da178f6ae4d139b0df601950fe73e3e27be15b42006611fe439823340835a8b3c83054338a2a823f3397032afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Temp\fj4ghga23_fsa.txt

Filesize
31B

MD5
b7161c0845a64ff6d7345b67ff97f3b0

SHA1
d223f855da541fe8e4c1d5c50cb26da0a1deb5fc

SHA256
fe9e28ff0b652e22a124b0a05382bc1ac48cbd9c7c76ca647b0c9f8542888f66

SHA512
98d8971ff20ba256cf886a9db416ac9366d2c6ad4ff51a65bd7e539974dc93f4c897f92d8c9c0319c69b27eacf05cd350a0302828e63190b03457a0eda57f680

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-93JE6.tmp\sahiba_5.tmp

Filesize
1.0MB

MD5
9638f27a949cc2c5ba8eacaa5532256c

SHA1
5de822a91542245433b43cfb73c0bfc3cb4abc22

SHA256
263717e1bc127eb304a9e2f5f9498eb1de3104a4706b22401cff24554bed4e38

SHA512
1972e6aca6be4fb1c44de1e2aee43cb982024a52d88fa57b982592aa599d9eface31d4e67ced2f9a30e6c5120284e775f61f68dd08baae2eb59223f5083f3dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-M4H9K.tmp\idp.dll

Filesize
216KB

MD5
8f995688085bced38ba7795f60a5e1d3

SHA1
5b1ad67a149c05c50d6e388527af5c8a0af4343a

SHA256
203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006

SHA512
043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe

Filesize
184KB

MD5
7fee8223d6e4f82d6cd115a28f0b6d58

SHA1
1b89c25f25253df23426bd9ff6c9208f1202f58b

SHA256
a45317c374d54e322153afd73f0e90f1486638d77b7fd85746d091071bbecd59

SHA512
3ed900b83dd178637c2fd4e8444a899f17f12c4ec92a6f4de4fe544fe8d41b521c69b8f348343cb397d0e160f23e27429042d758b5fa5acac0bab5c3584bace4

Download Submit
C:\Users\Admin\AppData\Local\Temp\jfiag3g_gg.exe

Filesize
64KB

MD5
cde24be4c37c8dd5df400ab33685f0dd

SHA1
8899b2ba63fdc238b2bd35d7e3b0f2b8b1e15eeb

SHA256
ec4e9b62e77de3bd8d4cd7f181ef45d62affb2a781231888bc18672367ed7617

SHA512
1b0acea6c3c6017ba88d44c70573dd253187d36151d40bf6aa02634bb82125acde572b247cae9b20ec6e4f81a2fb3c9b3fe1acc56aa9ff1554a9442ac464e781

Download Submit
memory/700-210-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/888-96-0x0000000004C50000-0x0000000004C6E000-memory.dmp

Filesize
120KB

Download
memory/888-86-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/888-91-0x0000000004CD0000-0x0000000004D46000-memory.dmp

Filesize
472KB

Download
memory/888-97-0x0000000073070000-0x0000000073820000-memory.dmp

Filesize
7.7MB

Download
memory/888-98-0x0000000004E50000-0x0000000004E60000-memory.dmp

Filesize
64KB

Download
memory/888-103-0x0000000005410000-0x00000000059B4000-memory.dmp

Filesize
5.6MB

Download
memory/888-155-0x0000000073070000-0x0000000073820000-memory.dmp

Filesize
7.7MB

Download
memory/888-162-0x0000000073070000-0x0000000073820000-memory.dmp

Filesize
7.7MB

Download
memory/968-154-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1372-156-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2120-186-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2300-208-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2300-124-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2380-127-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2608-160-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3556-187-0x00000000026E0000-0x00000000026F6000-memory.dmp

Filesize
88KB

Download
memory/3772-59-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/3772-55-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/3772-61-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/3772-62-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/3772-64-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/3772-65-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/3772-57-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/3772-66-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/3772-58-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/3772-54-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/3772-126-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/3772-118-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/3772-56-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/3772-63-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/3772-47-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/3772-50-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/3772-52-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/3772-53-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/3772-51-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/3772-49-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/3772-36-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/3772-122-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/3772-115-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/3772-60-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/3772-130-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/3772-129-0x000000006EB40000-0x000000006EB63000-memory.dmp

Filesize
140KB

Download
memory/3856-181-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3856-183-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4448-102-0x0000000001090000-0x0000000001096000-memory.dmp

Filesize
24KB

Download
memory/4448-99-0x0000000001070000-0x0000000001096000-memory.dmp

Filesize
152KB

Download
memory/4448-139-0x00007FF936720000-0x00007FF9371E1000-memory.dmp

Filesize
10.8MB

Download
memory/4448-87-0x00007FF936720000-0x00007FF9371E1000-memory.dmp

Filesize
10.8MB

Download
memory/4448-89-0x0000000000880000-0x00000000008B6000-memory.dmp

Filesize
216KB

Download
memory/4448-104-0x000000001B620000-0x000000001B630000-memory.dmp

Filesize
64KB

Download
memory/4448-95-0x0000000001060000-0x0000000001066000-memory.dmp

Filesize
24KB

Download
memory/4548-136-0x0000000000400000-0x0000000002C63000-memory.dmp

Filesize
40.4MB

Download
memory/4548-132-0x0000000002CB0000-0x0000000002CB9000-memory.dmp

Filesize
36KB

Download
memory/4548-190-0x0000000000400000-0x0000000002C63000-memory.dmp

Filesize
40.4MB

Download
memory/4548-131-0x0000000002CE0000-0x0000000002DE0000-memory.dmp

Filesize
1024KB

Download
memory/4624-146-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/4624-92-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/4892-204-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4892-206-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4912-1389-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/4912-137-0x0000000004900000-0x000000000499D000-memory.dmp

Filesize
628KB

Download
memory/4912-714-0x0000000000400000-0x0000000002CBF000-memory.dmp

Filesize
40.7MB

Download
memory/4912-140-0x0000000000400000-0x0000000002CBF000-memory.dmp

Filesize
40.7MB

Download
memory/4912-147-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/5024-144-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/5024-113-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download