socelars | 0c1f7c7d7391cc93fae1c49bef1a70dc451e6856b2e6f9bbcebacdf87533ca4d

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2024 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Size

931KB
MD5

6e75a32d17c8525011ca4411b81d0ce4
SHA1

d0d4e5b80402dd7df812f77726fa4c04927cd727
SHA256

0c1f7c7d7391cc93fae1c49bef1a70dc451e6856b2e6f9bbcebacdf87533ca4d
SHA512

13a60e7720124ca7018d48c9099e378aaa0e53fad300121d5fe49427781a69d86b48596fd486a41af067b067c68d0c14e901ca78d65ee5311695d141fd4fea45
SSDEEP

24576:zwc31FBAxF4iYiB5xWb6dS8dE0H7EJ00o:zwUG4wxWb6XPgr

Score

10^/10

socelars discovery spyware stealer

Malware Config

Extracted

Family

socelars

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars

Socelars payload 8 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4028-2-0x0000000004BF0000-0x0000000004D53000-memory.dmp	family_socelars
behavioral2/memory/4028-3-0x0000000000400000-0x000000000056D000-memory.dmp	family_socelars
behavioral2/memory/4028-6-0x0000000004BF0000-0x0000000004D53000-memory.dmp	family_socelars
behavioral2/memory/4028-5-0x0000000000400000-0x0000000002D20000-memory.dmp	family_socelars
behavioral2/memory/4028-7-0x0000000000400000-0x000000000056D000-memory.dmp	family_socelars
behavioral2/memory/4028-1169-0x0000000000400000-0x0000000002D20000-memory.dmp	family_socelars
behavioral2/memory/4028-1200-0x0000000000400000-0x000000000056D000-memory.dmp	family_socelars
behavioral2/memory/4028-1199-0x0000000000400000-0x0000000002D20000-memory.dmp	family_socelars

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

Processes:

6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

Processes:

flow	ioc
30	iplogger.org
31	iplogger.org

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 15 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	Process	procid_target
788	4028	WerFault.exe	83
4564	4028	WerFault.exe	83
4800	4028	WerFault.exe	83
372	4028	WerFault.exe	83
2356	4028	WerFault.exe	83
3468	4028	WerFault.exe	83
3044	4028	WerFault.exe	83
1348	4028	WerFault.exe	83
688	4028	WerFault.exe	83
2208	4028	WerFault.exe	83
2328	4028	WerFault.exe	83
2704	4028	WerFault.exe	83
4556	4028	WerFault.exe	83
5076	4028	WerFault.exe	83
2132	4028	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.execmd.exetaskkill.exexcopy.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exexcopy.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 1 IoCs

evasion

Processes:

taskkill.exe

pid	Process
3552	taskkill.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
1496	chrome.exe
1496	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid	Process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exetaskkill.exechrome.exe

description	pid	Process
Token: SeCreateTokenPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeTcbPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeSecurityPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeSystemtimePrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeBackupPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeRestorePrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeShutdownPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeDebugPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeAuditPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeUndockPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeManageVolumePrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeImpersonatePrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: 31	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: 32	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: 33	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: 34	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: 35	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
Token: SeDebugPrivilege	3552	taskkill.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

chrome.exe

pid	Process
1496	chrome.exe
1496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.execmd.exechrome.exe

description	pid	Process	procid_target
PID 4028 wrote to memory of 3676	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe	130
PID 4028 wrote to memory of 3676	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe	130
PID 4028 wrote to memory of 3676	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe	130
PID 3676 wrote to memory of 3552	3676	cmd.exe	132
PID 3676 wrote to memory of 3552	3676	cmd.exe	132
PID 3676 wrote to memory of 3552	3676	cmd.exe	132
PID 4028 wrote to memory of 1380	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe	133
PID 4028 wrote to memory of 1380	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe	133
PID 4028 wrote to memory of 1380	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe	133
PID 4028 wrote to memory of 1496	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe	135
PID 4028 wrote to memory of 1496	4028	6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe	135
PID 1496 wrote to memory of 3528	1496	chrome.exe	136
PID 1496 wrote to memory of 3528	1496	chrome.exe	136
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 3668	1496	chrome.exe	137
PID 1496 wrote to memory of 2296	1496	chrome.exe	138
PID 1496 wrote to memory of 2296	1496	chrome.exe	138
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139
PID 1496 wrote to memory of 2156	1496	chrome.exe	139

C:\Users\Admin\AppData\Local\Temp\6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6e75a32d17c8525011ca4411b81d0ce4_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 780
  2⤵
  - Program crash
  PID:788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 788
  2⤵
  - Program crash
  PID:4564
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 812
  2⤵
  - Program crash
  PID:4800
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 852
  2⤵
  - Program crash
  PID:372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 944
  2⤵
  - Program crash
  PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 944
  2⤵
  - Program crash
  PID:3468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 1312
  2⤵
  - Program crash
  PID:3044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 1532
  2⤵
  - Program crash
  PID:1348
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 1604
  2⤵
  - Program crash
  PID:688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 1800
  2⤵
  - Program crash
  PID:2208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 1620
  2⤵
  - Program crash
  PID:2328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 1768
  2⤵
  - Program crash
  PID:2704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 1820
  2⤵
  - Program crash
  PID:4556
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 1608
  2⤵
  - Program crash
  PID:5076
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3676
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3552
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd8190cc40,0x7ffd8190cc4c,0x7ffd8190cc58
    3⤵
    PID:3528
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2096,i,295963446680539874,9973540296871645843,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:2
    3⤵
    PID:3668
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=1848,i,295963446680539874,9973540296871645843,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
    3⤵
    PID:2296
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=2248,i,295963446680539874,9973540296871645843,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2616 /prefetch:8
    3⤵
    PID:2156
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,295963446680539874,9973540296871645843,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
    3⤵
    PID:780
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,295963446680539874,9973540296871645843,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:3272
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3160,i,295963446680539874,9973540296871645843,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3576 /prefetch:1
    3⤵
    PID:372
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3340,i,295963446680539874,9973540296871645843,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4060 /prefetch:1
    3⤵
    PID:4292
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,295963446680539874,9973540296871645843,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5276 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1152
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 1904
  2⤵
  - Program crash
  PID:2132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 4028 -ip 4028
1⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4028 -ip 4028
1⤵
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4028 -ip 4028
1⤵
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4028 -ip 4028
1⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4028 -ip 4028
1⤵
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4028 -ip 4028
1⤵
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4028 -ip 4028
1⤵
PID:732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4028 -ip 4028
1⤵
PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 4028 -ip 4028
1⤵
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4028 -ip 4028
1⤵
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4028 -ip 4028
1⤵
PID:660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4028 -ip 4028
1⤵
PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4028 -ip 4028
1⤵
PID:1368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4028 -ip 4028
1⤵
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4028 -ip 4028
1⤵
PID:3556

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js

Filesize
15KB

MD5
ee0d7716495c4d47a86498b4212f9784

SHA1
4fd7a4d56ba4a1600a550fd8c4e574f4ab7659dd

SHA256
1b16f64a689e5ed3dbb45474bd0837a0152e6d269d79af681b5a58a65b4adfcd

SHA512
1c46112df5f2f29d9b007a42d4efc315ae41e2e4a745b39263afdbb998741be4858d3f798a77055a653750b41d44918858ffd4d2b7d35f31de05fb14a63acb78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js

Filesize
14KB

MD5
dd274022b4205b0da19d427b9ac176bf

SHA1
91ee7c40b55a1525438c2b1abe166d3cb862e5cb

SHA256
41e129bb90c2ac61da7dac92a908559448c6448ba698a450b6e7add9493739c6

SHA512
8ee074da689a7d90eca3c8242f7d16b0390b8c9b133d7bbdef77f8bf7f9a912e2d60b4a16f1c934f1bd38b380d6536c23b3a2f9939e31a8ef9f9c539573387b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json

Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
c6626ada597a9da97d1cf87c9efe44ee

SHA1
cf5ffb4bf9a12e21efbffab61db0ebb41fa0dd5d

SHA256
2012f679822b91eac36036b3fa5fbb62747956dd6c05a8ac11c597a2b824c575

SHA512
5ebf9faa1b5d5585e87e5a8dcec6238e99f6674029d43f41a051f3cad0cfef1f387e6a102142f8cabf11a0cc891f7b3a8d0e52fad35ab707458d7cd564d5b59d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
9a31b075da019ddc9903f13f81390688

SHA1
d5ed5d518c8aad84762b03f240d90a2d5d9d99d3

SHA256
95cf4025babcd46069b425449c98ed15d97d364b2461417caa9aa0c13cb372e1

SHA512
a04726a429ae727d685f0836327c625d2f18d6327253216a9a31265a324b68b06bec4e7f1b744d261a0e67fa0a90c43719aeda9d2998f42525b0ff5640c7bf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
800547b40b40a6d57a70b74809b450fa

SHA1
310a064c7ba82120f80af50892dcbe61b53f9d70

SHA256
a562ff4b14badc73b0804883bf4ccfd9972e485123de5e5949981794f66ed936

SHA512
39630e3b5069d0c66ea44069358cf01f180bf25103968f77d483a27deb7e91e796a1718ce9af2f438bebe8207537e735cd402d649e2adfa2ca7748faae2db949

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\4bb5a847-9c40-468d-964e-356e7050008c.tmp

Filesize
10KB

MD5
e5916474d946f8b329676bd4126b20a1

SHA1
86a73d46e679b6ccef93c08831044a36a2709dc7

SHA256
e048ba732c4f60b1e70cffa6fd8449bcffe9c955e19d752b3dac1290063e2b98

SHA512
d0c80ca0497670ce0a45cc4ac4ada5d48158d9b174dfb1915282a1ed02b2bfe0a8e592f0854edaa81d5a111d9fbbbf68c0c381ab517004ca14c3ca41b978110c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\7fd27d44-272a-4e79-a36b-b7e9268e9ee5.tmp

Filesize
10KB

MD5
f1f179b458afac84a3e9357976abf7f8

SHA1
0b90fe5a685f7a99dbbd6524809ae96967cac147

SHA256
e8900d8e2cbecd2199264346f7cdb3c8903435821098ce8a077b1a80f7829751

SHA512
be06c7ca36ee924d6f092f6812a78725a087bd3fc2cc2372b32e57d6e6e78b6ab5c836cb5a9b784173b9c582e5d2f02ecdb74c0262740b1820d9745d0ad95159

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\81669128-f47b-4db0-9725-b83d6520d08a.tmp

Filesize
19KB

MD5
7817958f37486503673c2397cb884167

SHA1
1beec61aae9269e921168d124f0e18f2006a5345

SHA256
c30e6854f32398422fa5d486132a4446331b37cb5aeb5e00829778403ca16981

SHA512
4995c5d4e4fc815da6664eb33de8c4649838ad6d151cda8b481cf3d08b8cbb2e60a3e0117788bd147e5ff2b8afbd54aee9d4e8fb553180efd2fafcc64e07b9db

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
6eaad4d28ca20e0527d61d47fe5c7fad

SHA1
bae6312df6a28d2523843fa14fe681493313372d

SHA256
de32b420d32d0bd9228b11714d999c8913d367c3dcde1b3c7253cd9a9912edc5

SHA512
5f377a7a2e1f85a1cf69a47e765c44a8d11294117020482352cc1d7d3d289e72c73079b7310ae61d0a0a1562d05a8862f4900ace0e50d6edbc0b7a84392b3989

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
1229a4b4e3f3b2498a80003dbe6d2b0e

SHA1
fd3c831e9b2a318c008afbabadbd85a7986c3c32

SHA256
eb558d6ed8166239efc4c5280277c383870c9cade2b9c3847a24615070de7d28

SHA512
825a628f76c03f02b758b544076b2d731c4eb75d2b8b87e9adcab33c6380b8c1d823254075ed27695008e1a480be85a2fc6af314c77e3f0907e998234e82ad8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
727ddba6c69d2e855820b57ad8a5cda7

SHA1
2d53b1c7e3ab91a0c3a33cfcf75b7d9d3bf1e202

SHA256
20b34e761ac58e4c1d3be056e0ca65e1372143e4dd4fad25c19f1f45f2e2fc19

SHA512
e3137d4f4b872046c2c0edf72b4a8f14751a2f265ae0703409a78ff2bd54f877924ec445b550e69d09171503cf47e6ddbbd341cfa7e935fb985add2545d3bc98

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
590c4bc60932a02c7eb088167fe3fdb2

SHA1
58b129a0c07fe7e2e8fbb576112b2437c9ddcdab

SHA256
f6647e6a521d8ff4b66877d42373823577177c2bc8465f5b1234c25e863696e6

SHA512
b31d7f518d8233ca5ca30b13b34bb1a64cd4df01605d8c6efb13e56d3b2541506a665db94650d4407824611f88fe025d1584429bf657f7b8056e3a7d425d5dce

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
9666d74b18f57389ee2d3dee5073f71a

SHA1
1830bc2670e616a1da1af27157159e6677a5ad63

SHA256
6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae

SHA512
69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
20abdbf8000f42d1c54d75a9f6cba088

SHA1
2ab6c44e9c70784db4d664cec039739837947e58

SHA256
d2a8640f21cb007d0f5258c9b6b924b6bfbb7622bb858b432fa60878877ab507

SHA512
74d082d70a079113d7a0c804b95b5744afa4addd2c60debaf0b7ed0cf046ac474ae53e855d38de468dc3fea635eac9f4e89128816505bbfed3472abdaea8ecfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
10387ff9f28b0860f8020a76d571e0b2

SHA1
df4ab2152c5a55f61362204f559f66506531a9e9

SHA256
608a979a2ba55caff89954df4bfb0358db216edf708e0acf3b295a967f45843d

SHA512
b22062902368b3c745da0bcc8e28699ea0dbd7c768c49046599ecafae42b44c918d92c06d06a58e9e1694898908090ecf1a88a88ee7ff7574ec038b3d11ec174

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
0c60edecb73e05a9649f5f6bb2aa82c2

SHA1
cd1131284642a5a1e93485d93a21707abcc7afa8

SHA256
ba94f958d603ae3436882651df06d57de504714ef278c40651f611ef0c249da5

SHA512
73e6063a158a12d5d9e940116dee0c3a2d7b37769f76aedda95324f43d3ae318ba54372fbd207c4eb1ea97deffde7a223f56a323bcb1e96e7bba250e62786954

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
d951f4fc981d51120742e058e5bc2ad7

SHA1
2a8a69bb4aa7381d53436d31c426edee78a67fa6

SHA256
e85ccf6c36fad0acba1d02df8b2cf6d009f09048e56184d71309953f297dfb6d

SHA512
5ebf7ae99a35dbc0ce00f953a673730e7c11b853e62eda9aa866d414303608d5cc3779ea4d6fb795a306f648515491484330089776ccccd6051ec9f1595d507c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe582853.TMP

Filesize
96B

MD5
f1e50caf138280d21607d6231e49ff04

SHA1
54e794bd64551d6bf0afdaf5cc3f1632a618b13f

SHA256
b0f44e57b2375199d60bc6f6a6bdb492f67dd0f20402ff03e6180b31dfeb772f

SHA512
545a7e4ec346985ab75eddbe1d7db3e4654dfccf7c2f6f01f3f7d2d37936712a9cbbf4ad8cbe53b2775c6ca979d77218594439eed56f4fb251e9e84d67e0b1a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
654a48255af5d7f42060965dc1d50f87

SHA1
7f7d46e2bd1aaeed6ff2405d168db23a459733ca

SHA256
d047ce1cee3104610d577714c710a7692b279c942437b13a7cd823518494d084

SHA512
23372a44d3a63bae9cef14841cfbf39250b4417887f2a1434ed8b914458a426edf98754c6deea21e2ce0fbb66572437f7fc44d04563ff92a4a7e13dd016a9183

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.82.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
b40e1be3d7543b6678720c3aeaf3dec3

SHA1
7758593d371b07423ba7cb84f99ebe3416624f56

SHA256
2db221a44885c046a4b116717721b688f9a026c4cae3a17cf61ba9bef3ad97f4

SHA512
fb0664c1c83043f7c41fd0f1cc0714d81ecd71a07041233fb16fefeb25a3e182a77ac8af9910eff81716b1cceee8a7ee84158a564143b0e0d99e00923106cc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
1457044d975fdd1a2953af485f37b834

SHA1
696463ef9d026f1908d17df192d52dd902f6dd7b

SHA256
8e6eb2f0dc2e8c674705c1d90091619c7b4592447a92f464abfce01fdb98f6d8

SHA512
0a04ef91603fccc97ecae640b3163b6dfc4ac5f430ffb0b916ddd3706733fcb575091c0b1c517fe331a671bb0cfa94447395aca8b51e9321d32762d27d80fc07

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
160KB

MD5
f310cf1ff562ae14449e0167a3e1fe46

SHA1
85c58afa9049467031c6c2b17f5c12ca73bb2788

SHA256
e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

SHA512
1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
ec847365e49b7728dbce49ed3b186fdc

SHA1
e819aea250b20685e49166a328aab82f48a896e5

SHA256
6d2f49da42789ed0e2cb205d4d834737deb09062f67adeb177d0f48bef022a7a

SHA512
99cbd11d1cc45a46f9e66ccfb7f8a0b5275987e66186a6fac820f82d588a2380b84f31478e78055608932f04d1dcd86321c24e47c0d87c623769457e8ed02e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG.old

Filesize
291B

MD5
f71fe37d05aa07a8d3a642d81c21e9e4

SHA1
8a36da942fe9e28a1c6ad0458234716662b95461

SHA256
0e608d8c6d78085654962e060cfbb7abe45d6574ba39138dad55f8ffbe12cbbb

SHA512
e3e3edf9bcf84ae6fb6d96ca9c0d186c95e26958e4c3479e3ae7054a49340bdbe55a558f37b210d74683654255a1e60c6781cbfafdb7ca847f431fc2a613b3e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
cbeb6e6ef6b6a16d8b86c4096d1bf020

SHA1
832327575439c348f69906a652175af34a9c2c4f

SHA256
3033eca7e8168d7d3487b00ab2f477a7b180c139d98309a85823254020a5dae9

SHA512
8e7e63ce0f9edb4acb27081e221014bd6201c378eb86e3c4359d4afcde712d4ba4b94a6ac608c8b9fb5536d9553d44d5195a99b5c6e6494a20909a6488975e80

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
f60cc6f9f25567d6ff27e5791ba10b41

SHA1
b727cf306b289d1d216b44b2b1f67cff29df3e4d

SHA256
4bb9a3a39d8e40ea9ec9e1927518d96c780a8e652707b0ca041c85c4a65d6451

SHA512
2a6178129849e08a31e5a7fbb10d46bb5c77a05c57b3467a09f4136436c8c167def33769faa78a1f906dae3ce2e34a039152f152c340cd87f582e479bdae20a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
3KB

MD5
60c85d5f14e1008248cae0e8b61e79d4

SHA1
117d3ea816ce4a5a6487627bd2cf27d699bc2d01

SHA256
9465771f3273c68c2b1b388fa61668a8d5c19d656096a2b9a6c918fb82b8f039

SHA512
c97b0eed281f7608e2130b1fee6415f7a9f61dc6001a08b0d9e166aa6806c385bca709af6e17d1e6c7916c1634e5b12fbead040b4e17dec9bd0b43de836e51a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
952ed7d7d79c8412e95c12bf9405a0e8

SHA1
160a7a3f6b128bad8a1d22b4efd04de10b68f114

SHA256
feb6e55c907f5650959ed45fda2dc7cc88e01725199fd7e461a85ae36ee7f874

SHA512
dd6a273c10668e1ddd6227503847330a14ae70321b52f88541e28ce6e572db18e48374dcd67e362fe2f3dc889989d94ae8000a00086c946463cd7d4c94eabdbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
356B

MD5
9766d16e8872103ef034d7c467e6e424

SHA1
e35b8a75efb4af914b2c17e7ef523341112df079

SHA256
837e19412340c790ddd03b5679e081c1ec39256d80ee48b158f398e599e161c1

SHA512
0a002da7bf1098ada312749fc2c0b085c9ef897330de87111f30be2908d348148bc3aba1a4d952424c2380db6c57c99dae44427dab21446c888bb28c4101d9ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
a8cf11df8ae22651f75d804b27f5b92a

SHA1
6ada5c84c1e85e99c367e6dd2ed0050d97252fbb

SHA256
b6015a2855f08ffd30501d61ff10768aa98f12249302950ed3783cecd119a854

SHA512
a113169f9ee8892f3fb74b7e04c8df72f73605e3e1c1edfa06606675e6f0d0070701fb034bd9b136d783f5c0d4760f33e74935b8498f8661280c0ad10c149c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
e55ef8a0a922756ed7aa960484089340

SHA1
7b71dbf3dd7093bc2e993a5842934a1065c22a57

SHA256
709716b9b647bf3af490cc705cff36c4f4d112862064df75124404065f38cc55

SHA512
3897369346a4d49ac5c6cfe6f0354972e906da5e95a393cfcaacb69fadef3762db39c9e6fe5cc43d1714b7f0b5b21585912eb9147a68bbd77c71d970a7c0f0b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
b210b587d9224e7a324bda7aa99b6608

SHA1
7d35e2e9a44b6967b06d7d3d432669206d7dd780

SHA256
a95a0b19f267083da38b02a30365148271123946bfe813da79d8fea1b45496ab

SHA512
2da9b15d577ccbbd47e12299cb0fce3a4f34a739b6996363442ff0e042586a78dc916970835295dd822d1e55d1edaab04f506d203b302e9caa4da4341aa78af3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Trust Tokens

Filesize
36KB

MD5
767a7db34589653629c0d4299aa9eb7a

SHA1
57375ca0b80b3c856b76b3b080270686c90ccb8e

SHA256
78a4734f08b47286a3736c88c6fc481f76bd2b1a46e29d0920939f088ce899fd

SHA512
a01b63edaceab16394320bd2d9152faac7f0c3971001049e8e931b6403f97d8e5e6f4e9020a446cfb573241321cfd26c3d982f30139799fa7fc32617cd1ec859

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
7KB

MD5
5f192c3d71d80ebbbd43d1b5e9299eaf

SHA1
b061fc6ec84017f90aa3def9e53494d0581ef0f0

SHA256
ed243b524e6dce4af6d7954f56dc3cdbf23e32a3a0c8662add0dbd259edfde35

SHA512
b5170fde773dc721893aba228ad9aed78af46f11297a08c8a25ad5b49c79f4750b26a0adc29e6ea1293c502ccc70fc50fede3424f5a12e1ad7a420c3a6b727db

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
b35af4197777fadf247a98d04d7f50e1

SHA1
c4fcb54d4ee5b348c718ca2abb6a31a1e94a9506

SHA256
eeafd4fb97d24fdf29dbadd26e8c44eb4310e90941d49d58d407091855a66af7

SHA512
7024f9844d7f47a178b63b95746232c7dfc6760e38b4a3bc06fdee9603320f1723187e87c75233f6c18f7e74c9c05abcea5a6058b0e28b21bb49cb8de3156aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
e1f8d57e33ae86db0c850821955abbbe

SHA1
e1b8fa762afc4195073fe613947fa1732a13e160

SHA256
f3a28ef642cec00d0fb7af769a14bd3df8d5063f93fb55fdf1715c3dde711676

SHA512
37e41ea24111a2412aac0ea87e848cd99fb0adb3b4eec7eab8c4bd0d49fa7bff11b1c9c1b22be215343d1b2ab76de21333f13f89549ea1fcb98bcfe987e83ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
eb468329ce51eff2b75ae6797f6710cf

SHA1
f45a39119264caa930a5a1b01a53724a1f0fd2aa

SHA256
7cce4a472a917fdf7fe7747a72852a1977fc84eb6223dc49326c3dbfa4a3bba3

SHA512
dfa08f4bc3c017da50a77e4b246f7052294c08959472d7fca1c6f12ee533bb4908ca42c9804471906d0fba483bccfd85eaef61766a86458c202756a59627dcb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
770c22375db1f32600397b1b37fc683c

SHA1
20ee32964ba1cb3bb19c157e580cbcd7ccbcc698

SHA256
346aca0a6754f8ed9f743749e07dbf4ba4a36c095c0edc81d8cd1455c197701d

SHA512
dc24e91152f7e4edc172afd2119283b3cb90d990f745c742a0c50bb158e6206aa1b6cd9675c10e1a06517175870bc60212f926ce95b2bec50f4a40bbf1e72c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG

Filesize
333B

MD5
878930e1ef84d36f95bd1a6de2762064

SHA1
370daa2f44176e336c6433d28f3ed255a61e39c6

SHA256
e6034ccd3678a1af1d2276897f343c74338020c63e9215d35bb2831e9c031d56

SHA512
3454fada6160c42a78b0e3f8ef022d2eebe9e4b70094a2d71246f4efb146be95874d560483fe015ce02bf028cb1afa2ac076a288774f410d1785e344ab29291c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG.old

Filesize
293B

MD5
e6b374a47fb411048ac9f15a9943cd85

SHA1
59c460012ab5e8647d159b091f3f3bc97dd11ab0

SHA256
18c9232043b6fea765cc6655062942cf5df248c6a0dfdc20befe83907bb24057

SHA512
8d87198084f9d785f1e1e9480b1e02595c4be2ed27d694acc818202130b513ce3c147caa1f4bb9e42861774dd4f3166ee2562214ddb0d38b05a7c7312116be1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
36fc050488edfeca682dfc4e04465cbc

SHA1
7bb294827e18189781a45de09f4241c481d8cf8c

SHA256
509cc73e2806fc102e76f9409ff07453a2b533b0206b4f90fae2b7236d140e8c

SHA512
921f357ea0c7f42ce729e4b75589879cc9928eca1bedc017ab697dcd1cc5d8ae4bfc0433ee742f15fc3b8818a76f28662202b22645cb9882a116c75599dec8d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Filesize
256KB

MD5
f465c7fc46a3b39d88c605cf15248a44

SHA1
53adf7dc6a5f679af4ed5952fb4e62cd828964d2

SHA256
0f6faa233d1f0b43dcbb8976f8cc3053cded63259cb5b494cf783d5c67ff0fd5

SHA512
353e0600f2b0e6eb4ef17c23a36d81a273c93cef783a4f7fc2c33d02bd2e3ff1957dd87707febbc621982b90508c287a45ddd2ec33e10bdc0983f2c65a92d4ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\db

Filesize
44KB

MD5
491de38f19d0ae501eca7d3d7d69b826

SHA1
2ecf6fcf189ce6d35139daf427a781ca66a1eba9

SHA256
e58156bca5288238d341f5249d3b6c91ab37cef515358953b435339100d0596a

SHA512
232f5df71e8ec35e500ac81aa54a87b3523fe8a32168096a2a76f08e5c7868100b3cdc5155786ead489aac440beee3f84ffa43d226a5b709c66012923b20c696

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
a5cab59a3edfe722cfbb4b18ce67b1d8

SHA1
0a48ba12a17f3df55a62d857409e4e1d4b9bee35

SHA256
6b888767d2e9d21050c1e152c01048a6db6f869a6f16eb4bdd4bdbcca1a778bf

SHA512
b045406e636cac59769481427701a46a8e45f265fd1652ad4df1bba00ce6fe977550328866b9fea96fe7c340a19f95cb4daeb2087931920d0d40169891804872

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
9f1212b4e5235792e87e7251f6584c81

SHA1
5901811c052708453027d6c726acfdaa3b539754

SHA256
02aff13df3fda7b02a7f6a996a488dad5c91c7e6442cae67634bc810ede28afa

SHA512
6ec04741d7be0d31c43be6ac1b23c37b6fa8200a1f92e52ecd933fa5ea847b68ea1993b64a819750ee13c94789f1f9a78822e890192a539839a266a666f1ae1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
283B

MD5
438e1d62639b85852cb76a33b0ee6609

SHA1
2f27638248d26032614f2c0dffc6395bb0fc2415

SHA256
2875d3e81fc299c066330b723c8352ffdc51c2e6c8eb9a950d2b8f424787ea65

SHA512
cd3b668928477c11bce19dda7acba37d4b642206aa3205680b975f99832f6de7b506ca73a41f04daf61cb318fb6f54d86936f55a7ff5f2fa65a566336273978d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
58c223d924608e0ab3eb15b7e515e3fe

SHA1
2a3b0c5321cb28d16e667378ae4bf94927c18cf2

SHA256
bf165666f2808f5347a9a36298f8687cf5048f6fc027607cea7fcf484001319b

SHA512
67c22344e3f4f38c07b7524dd6de666f77ef0a4126f4eeb2c8f90a7bad03db31fb9cb6e68d1324ab9a6d1f444409435c58e5c7889c16dd6d6007c7e943c02436

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
114KB

MD5
ab87d892a202f83f7e925c5e294069e8

SHA1
0b86361ff41417a38ce3f5b5250bb6ecd166a6a1

SHA256
bdc61a1c60fe8c08fe7a5256e9c8d7ad1ba4dd0963a54357c484256fc8834130

SHA512
f9a03eaae52d7fb544047fea3ffa7d8c6f7debdbb907348adfc46545e7b6c3783427983f16885ae138e43e51eec6ce73520c38581e4d9bb7140beeae2137de41

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
6bda08929fecdb6776835ac88952e6c2

SHA1
07c0366fec3c5e984111cb5f916237bf70097c77

SHA256
af3008618c67d9701b2d0cb3a7cec843503e0795a45922e3e151633a371ed51c

SHA512
b6cd00c0fec36c88131e59e3a023e72f91d904dce8c818f51efe87d2474a42cf04ce5629c77386d2345da0c5d5c60e017e3467f8b1c6f5cc38be32d6564ad063

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
7c972975a690ad1bef914917e3f7771a

SHA1
7762a0b6a85bb702838b44e596a92b28279b775e

SHA256
32b67ea56556f3c8094baed7dfd82afa0d7c6fb78d8738ab66f112dc24179efc

SHA512
579663caeb8b5e6d0260a9ada15178274d0a39fb90dc556963209e1ba241cd9e1a963f4748c89786c8f31f2226dd8d82a431a45acc273b64bbaf458ff9ad8b81

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
2c1aa0cb3e8b792ed7f76a7ce1939761

SHA1
5ddf0248eae44c0e3e7c9f15f88713965c38e42a

SHA256
4cb826b926a12d95e22a0b3d512c9842181c04b75f07bdfe037a6501d8f23bf4

SHA512
f949201db7ecff17850d3fe3953414a91b827ed93381e277551bb4dc23242a4d5909fba9a4bc0660d6f5bf76d0a1795b945b9f729bb9687c1d28cfea6c075a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
248a73e44a2003819e668f1cda1cb496

SHA1
6772a34a83eb5eaa0b316e87492463daf889804b

SHA256
64260647e4a71fffc3e6be20c7fa4999aecaaf9524300aad3bcb7adf4a72a150

SHA512
4ae37f49a28f6e6a76e39ffd99f5dde4b16bfd1463aeaa9b2ec336e994c1fa947d3be67b29d7062ebe82bdc97d909a3f36a283839840ab7f5996c3584f62b06c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db

Filesize
28KB

MD5
3979944f99b92e44fa4b7dbcb6ee91c2

SHA1
df2161c70a820fe43801320f1c25182f891261a4

SHA256
001d755b2b560945440023bf4ebfbda797cf5106419ac7dd270924b322f3ecf3

SHA512
358e6dee698a63c2490c2fb5206516766fd8ace8f3d523509c29ff76aa6a984cb6381468f15bb4b9c084d9a470298b4cc11b0970e671ce0316243069ac4c8590

Download Submit
\??\pipe\crashpad_1496_CKAFTFRQBUNEOITS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4028-6-0x0000000004BF0000-0x0000000004D53000-memory.dmp

Filesize
1.4MB

Download
memory/4028-1169-0x0000000000400000-0x0000000002D20000-memory.dmp

Filesize
41.1MB

Download
memory/4028-5-0x0000000000400000-0x0000000002D20000-memory.dmp

Filesize
41.1MB

Download
memory/4028-7-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/4028-1199-0x0000000000400000-0x0000000002D20000-memory.dmp

Filesize
41.1MB

Download
memory/4028-4-0x0000000004AA0000-0x0000000004B65000-memory.dmp

Filesize
788KB

Download
memory/4028-1200-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/4028-3-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/4028-1-0x0000000004AA0000-0x0000000004B65000-memory.dmp

Filesize
788KB

Download
memory/4028-2-0x0000000004BF0000-0x0000000004D53000-memory.dmp

Filesize
1.4MB

Download