socelars | 86040ddf448fb04e7efec05ad0e07bb2ff3d75d65520a4aedc32120cb018e2ce

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Size

930KB
MD5

df5c5f0768e8d2f554467b930afda09c
SHA1

6b00445635ef04d12b0bb8992c8cc1ae384383f4
SHA256

86040ddf448fb04e7efec05ad0e07bb2ff3d75d65520a4aedc32120cb018e2ce
SHA512

f23c63f52dd7728526c7c461335ea355d0746947a53ce7c6bf6226a7f78c530158851e3d269ba658404a8f4e52cebe8feb7ca441526ef73f752a9e5717ba7a27
SSDEEP

24576:7W5d/Zo0AI0kkHBIYRj4wUrFGtwl9Cs5ySq:716aJj4drFGw9bs5

Score

10^/10

socelars discovery spyware stealer

Malware Config

Extracted

Family

socelars

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Socelars family
socelars

Socelars payload 7 IoCs

resource	yara_rule
behavioral2/memory/1280-2-0x0000000004C00000-0x0000000004D63000-memory.dmp	family_socelars
behavioral2/memory/1280-3-0x0000000000400000-0x000000000056D000-memory.dmp	family_socelars
behavioral2/memory/1280-22-0x0000000000400000-0x0000000002D1F000-memory.dmp	family_socelars
behavioral2/memory/1280-24-0x0000000004C00000-0x0000000004D63000-memory.dmp	family_socelars
behavioral2/memory/1280-64-0x0000000000400000-0x000000000056D000-memory.dmp	family_socelars
behavioral2/memory/1280-1189-0x0000000000400000-0x000000000056D000-memory.dmp	family_socelars
behavioral2/memory/1280-1188-0x0000000000400000-0x0000000002D1F000-memory.dmp	family_socelars

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
14	iplogger.org
15	iplogger.org

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 15 IoCs

pid	pid_target	Process	procid_target
3496	1280	WerFault.exe	81
4300	1280	WerFault.exe	81
2184	1280	WerFault.exe	81
3164	1280	WerFault.exe	81
3300	1280	WerFault.exe	81
4204	1280	WerFault.exe	81
872	1280	WerFault.exe	81
1808	1280	WerFault.exe	81
1968	1280	WerFault.exe	81
3288	1280	WerFault.exe	81
1560	1280	WerFault.exe	81
3144	1280	WerFault.exe	81
640	1280	WerFault.exe	81
1440	1280	WerFault.exe	81
3624	1280	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2032	taskkill.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeTcbPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeSecurityPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeSystemtimePrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeBackupPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeRestorePrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeShutdownPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeDebugPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeAuditPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeUndockPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeImpersonatePrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: 31	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: 32	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: 33	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: 34	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: 35	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
Token: SeDebugPrivilege	2032	taskkill.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 1740	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe	111
PID 1280 wrote to memory of 1740	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe	111
PID 1280 wrote to memory of 1740	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe	111
PID 1740 wrote to memory of 2032	1740	cmd.exe	113
PID 1740 wrote to memory of 2032	1740	cmd.exe	113
PID 1740 wrote to memory of 2032	1740	cmd.exe	113
PID 1280 wrote to memory of 1944	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe	119
PID 1280 wrote to memory of 1944	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe	119
PID 1280 wrote to memory of 1944	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe	119
PID 1280 wrote to memory of 1564	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe	123
PID 1280 wrote to memory of 1564	1280	df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe	123
PID 1564 wrote to memory of 620	1564	chrome.exe	124
PID 1564 wrote to memory of 620	1564	chrome.exe	124
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 4572	1564	chrome.exe	125
PID 1564 wrote to memory of 2028	1564	chrome.exe	126
PID 1564 wrote to memory of 2028	1564	chrome.exe	126
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127
PID 1564 wrote to memory of 1136	1564	chrome.exe	127

C:\Users\Admin\AppData\Local\Temp\df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\df5c5f0768e8d2f554467b930afda09c_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 780
  2⤵
  - Program crash
  PID:3496
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 820
  2⤵
  - Program crash
  PID:4300
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 820
  2⤵
  - Program crash
  PID:2184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 852
  2⤵
  - Program crash
  PID:3164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 944
  2⤵
  - Program crash
  PID:3300
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 1044
  2⤵
  - Program crash
  PID:4204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 1124
  2⤵
  - Program crash
  PID:872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 1292
  2⤵
  - Program crash
  PID:1808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 1540
  2⤵
  - Program crash
  PID:1968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 1552
  2⤵
  - Program crash
  PID:3288
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 1612
  2⤵
  - Program crash
  PID:1560
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 1600
  2⤵
  - Program crash
  PID:3144
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 1824
  2⤵
  - Program crash
  PID:640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 1612
  2⤵
  - Program crash
  PID:1440
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2032
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce9bfcc40,0x7ffce9bfcc4c,0x7ffce9bfcc58
    3⤵
    PID:620
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,3270556428369099406,5788158977303199718,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:2
    3⤵
    PID:4572
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=2156,i,3270556428369099406,5788158977303199718,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    PID:2028
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=2244,i,3270556428369099406,5788158977303199718,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8
    3⤵
    PID:1136
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,3270556428369099406,5788158977303199718,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
    3⤵
    PID:4576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,3270556428369099406,5788158977303199718,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
    3⤵
    PID:4840
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3520,i,3270556428369099406,5788158977303199718,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3532 /prefetch:1
    3⤵
    PID:4516
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3568,i,3270556428369099406,5788158977303199718,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3556 /prefetch:1
    3⤵
    PID:5032
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4732,i,3270556428369099406,5788158977303199718,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:1
    3⤵
    PID:4528
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4920,i,3270556428369099406,5788158977303199718,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3572 /prefetch:1
    3⤵
    PID:656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4956,i,3270556428369099406,5788158977303199718,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:1
    3⤵
    PID:1440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,3270556428369099406,5788158977303199718,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=972 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 1888
  2⤵
  - Program crash
  PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 1280 -ip 1280
1⤵
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1280 -ip 1280
1⤵
PID:700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1280 -ip 1280
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1280 -ip 1280
1⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1280 -ip 1280
1⤵
PID:3760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1280 -ip 1280
1⤵
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1280 -ip 1280
1⤵
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1280 -ip 1280
1⤵
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1280 -ip 1280
1⤵
PID:2396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1280 -ip 1280
1⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1280 -ip 1280
1⤵
PID:1008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1280 -ip 1280
1⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1280 -ip 1280
1⤵
PID:2812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1280 -ip 1280
1⤵
PID:776

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1280 -ip 1280
1⤵
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js

Filesize
15KB

MD5
7d857efdfdf17bf01e22697cc61afddd

SHA1
5bc5f502f8936e1b374ef1b6c13c6b67c26b0566

SHA256
7f24b0a074bd55ddd394f67805edd33edfe45c5135424a5e23d8051babcb2319

SHA512
fb470a8553bf4bed594bc0237b2d6cfa6fa6079066b18f71514b9bae214b9de3642ddded5db7411f20ad36110982abc29c1195c62e929da5913aa6d75591a3d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js

Filesize
14KB

MD5
dd274022b4205b0da19d427b9ac176bf

SHA1
91ee7c40b55a1525438c2b1abe166d3cb862e5cb

SHA256
41e129bb90c2ac61da7dac92a908559448c6448ba698a450b6e7add9493739c6

SHA512
8ee074da689a7d90eca3c8242f7d16b0390b8c9b133d7bbdef77f8bf7f9a912e2d60b4a16f1c934f1bd38b380d6536c23b3a2f9939e31a8ef9f9c539573387b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json

Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
b50765fc873de01b9b93ef8908a5cf55

SHA1
0901ef992a9e9ddd54ee41f87cfbb86b1755ea1d

SHA256
ad7f3e95c541c12a952b76631045e63f1ea53d414b4273df5226c85c218cf1df

SHA512
7ca11d4aa67ef7f39848ed768d5bf5996857aaf78992b3d73cd932b8c5682f5f84afaab14da4a43cda01398c1c87895f02bb135803bffef2130e09bb88b58be1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
9a31b075da019ddc9903f13f81390688

SHA1
d5ed5d518c8aad84762b03f240d90a2d5d9d99d3

SHA256
95cf4025babcd46069b425449c98ed15d97d364b2461417caa9aa0c13cb372e1

SHA512
a04726a429ae727d685f0836327c625d2f18d6327253216a9a31265a324b68b06bec4e7f1b744d261a0e67fa0a90c43719aeda9d2998f42525b0ff5640c7bf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
73d076263128b1602fe145cd548942d0

SHA1
69fe6ab6529c2d81d21f8c664da47c16c2e663ae

SHA256
f2dd7199b48e34d54ee1a221f654ad9c04d8b606c02bdbe77b33b82fb2df6b29

SHA512
e371083407ee6a1e3436a3d1ea4e6a84f211c6ad7c501f7a09916a9ada5b50a39dcb9e8be7a4dee664ea88ec33be8c6197c2f0ac2eabe3c0691bc9d0ed4e415d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\4d00b181-481a-42e8-869d-1d49c97868b6.tmp

Filesize
19KB

MD5
49cc972d55102092caf569a5edb164ad

SHA1
2c071742f017890f77c79e1fc6ebd32107ec9937

SHA256
b1b514408ee57997b87c1171876d0fcacc8530f90a231efcb6ea1fee36422c07

SHA512
b4f13078e0fd0a216a70f97afce84a50f58a1b163ee785b4d2842d5e288de0c7082c9e466ed66182ad2201bfbd05b7b61a5130659d4237f81937d8b16e28f8aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
fcdf8f209a4b2511eb59948baf971256

SHA1
86918c1a97ec7e7f4cf62ecaceb41b2cfab58e9e

SHA256
1f2886b41cfc59f99a78b937b2f4be1c5d5a9593d449b3d8574f37c5e1caf90b

SHA512
615d2c6803e41a784571ac444c11c7899b2c3397af59c0f780aee823cec5180af8f9611d1d5b104553106954736aef50c49327b945ae1df50ca81403e8e5dd6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
eda5e34a8cf14130e5db1992a280e037

SHA1
fbabbc548ba5231999d164d021dbd9a275bdea8a

SHA256
ddef5889081984ca19b0e25816966d0c3ff5366083716a1c8b5e112dd33a89b1

SHA512
618830379f8af7ec47a6e11c58f9a8c4cbf5c0054fa2ece44517772b32b89554d22fc6c44a5e4bdf1ff8d9abf8df22610bc0e16447526e7778740f8acad41c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
727ddba6c69d2e855820b57ad8a5cda7

SHA1
2d53b1c7e3ab91a0c3a33cfcf75b7d9d3bf1e202

SHA256
20b34e761ac58e4c1d3be056e0ca65e1372143e4dd4fad25c19f1f45f2e2fc19

SHA512
e3137d4f4b872046c2c0edf72b4a8f14751a2f265ae0703409a78ff2bd54f877924ec445b550e69d09171503cf47e6ddbbd341cfa7e935fb985add2545d3bc98

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
7ac239636e0f75ba98d7b5aca81ecb2d

SHA1
3f5ee5c93c1d1f69ffb1307638c221a485997665

SHA256
7b742e0ecddbab02d209a025331c4e57866ebd2e44dcc57a36093041bbe8a581

SHA512
07ab443588a382d5dc44349f0d8d76e03e193e15bd7e577a3eeca09c5d4615519c8f4ec2a522849393f9bfef60f2badfba391a841872115f4e28a55661531d15

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
9666d74b18f57389ee2d3dee5073f71a

SHA1
1830bc2670e616a1da1af27157159e6677a5ad63

SHA256
6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae

SHA512
69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
6d695510a076c4d58cc5bea9bcfd2e05

SHA1
53034592916a211706fef14f70839b9fbf334651

SHA256
e446a97bdbed10b88af5b0aed971ea59e8acb0a0dbad8d7a69f8ef85f7ec3d59

SHA512
fa1c05f0d2273e808b15b113403c2294985931a7f628478b07c426b108dcc5e1edc40ff6b1d0d49562309b8a16bf39ba66c1ddfd8771a5a69f486c8aa5fcb51f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000011

Filesize
75KB

MD5
60c91f2dc00dd714e781cd8df6e38a15

SHA1
c0fbabf896586adb1e349d391aaf0dc50be939e3

SHA256
b5b9ceb99c6b78607482c0b1412a7e1bd47e9922519d2d59dbe510fcadd584d5

SHA512
3d4bb3ef003543c0a48af1d8590a07cb77a6c8be08026e087e88449c2ae9c219ad90ee3e89badfcdb2e7a5cc68c144f234ccc107769c0bb813fde14cdf89e872

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000012

Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000013

Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000014

Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
b9fd5b57e6f13b04886177e0b9598402

SHA1
04b9d45403dd57d190cbb3c034a86e837b245de4

SHA256
7bad5d81e4ee87ce824537f335638a55998b37ecc437cf41029baa9b6bffa254

SHA512
030e4e9f19c61f80b92a082e08ff2d66c38913e07aa6c809d401b2eccba6455d36c1337f7509137aa248d9cfe735a650c8a90e7f6a4cf89d1c1ca65cad6806f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1406d8dab3e0d02ba7f59770f81381b4

SHA1
cf69407626afef95ff156596020a1f506a418a49

SHA256
b30cffbd85a6c4c0f07e836ea36b6d0d0bec125e2a661847305efa4e3a929b84

SHA512
96b9162354ded4cc28073f331e83ca0a0ecc63cbe0b3bb149f3db1d20afef7d4268915f385bdd3d66f3c263ebc59f14f6bdad322cb58ced27c1430e2ab36ae27

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c48fb2f7748af26407592a1d0d8be11b

SHA1
4bbfafae0508a6e5c17936b35e5c35edb1466b9b

SHA256
b81c40006f79f5edac83b577155c18ab677ee5e2d8b1bdafca59faf725062d61

SHA512
4450414e6c5d61cab5670bded11de59e23feb192998ecf3860384d354fc462b4d614089540b3ee205bb108dc0ccefaadbf23a0d6fbd2e6ef62c2e61ebf3a53f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe583b10.TMP

Filesize
96B

MD5
78f506b17fd7f1ee7ac8aacb6e111f0f

SHA1
0551fda701bd12a15558c7c6d133a223537fb451

SHA256
88cb545c9150b16a99b16ffbd28cbebcdc506e5698bb830000aca085f03808a9

SHA512
cb77925ff16d522525f60dae66cf79de5869c5dd8161d9909cbf6b5170c7e96e7e66bb82f713ef717717cacb71a69e759c6e94193ee8b282c9ba3d93182f1535

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
958d050d7095eb8cd30d40ce0f11e2a2

SHA1
26450fb68fbf52fc186c818e1e1a7bfc2f032e4d

SHA256
6e08721a5c82ad851a413614472bdb782fdf915f5a0bd9d9b5bc0873f9d435cb

SHA512
a542354a8a827b58cfe4c3a7a482bf42695103809d3da5c76e0636852e8eee1f0fac70c6a5c269eb12334edcf0f8a1b837bf7d91920b01ac63951a70c2048bc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.82.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
b40e1be3d7543b6678720c3aeaf3dec3

SHA1
7758593d371b07423ba7cb84f99ebe3416624f56

SHA256
2db221a44885c046a4b116717721b688f9a026c4cae3a17cf61ba9bef3ad97f4

SHA512
fb0664c1c83043f7c41fd0f1cc0714d81ecd71a07041233fb16fefeb25a3e182a77ac8af9910eff81716b1cceee8a7ee84158a564143b0e0d99e00923106cc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
95c07d8a71623f41508b2ff47ca82226

SHA1
d4ad0917270a5006f3be6ca2b19e003d2522ea23

SHA256
824639e8587bd6deccb361cd6ccf061e82b76e97745b4cdaf09cf22cf59f4452

SHA512
e0315b36ce709657de426e5f549864a1de635e86c174379d36757d7deb300a11ac40d5938a32f00e304a1a41c9e5f2eb7806296c898642ffc3b187041c9ad9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
160KB

MD5
f310cf1ff562ae14449e0167a3e1fe46

SHA1
85c58afa9049467031c6c2b17f5c12ca73bb2788

SHA256
e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

SHA512
1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
ad27cf5269a05571a83bde5eabb9dbca

SHA1
56b5019bdd4e1a8f0ac35a23a9e76c322460be79

SHA256
334b05c9f16ae3eb386b69632c7a56246ff2589026b76db479daa10d4b172e8b

SHA512
abf0fabec9307ea1117df93d374acf8184e2263acc351ffbc70fdb36f684707e1ae4b2f09be88e5610a57f814b8574190bb0eca9cb7f6249c7de3014c9c281ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG.old

Filesize
291B

MD5
8027d64885cb3cb3e11bcbdc114b4c80

SHA1
832ea95fa5ff39a8210e74c5c15e93fad885e9a3

SHA256
cdc6256c11ed3f2c4bc15f30f313f46e189122c0d74fbd47d7c85acb299b0c79

SHA512
dde91a81d41b3fbdd838da3dd22b44fd3e2a5135fa82bee6f4118a7181a524f4d1da7b9c3b63445888748aace5a11169aa8f78896593cc8bd4ffc56040d02dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
fc1bb5138c07e7aa36144952da71bfa8

SHA1
6b02c2cf9f35af5c5a258468a2d9797a57fa234c

SHA256
d1843635034ca9b201d924ce0e9d639b36b634b70cd34d7e2d6d295dd2ca1d0d

SHA512
1fe565373910166c0becd3235c0485bca0eeda1bb5d73b73b749218e850d6d6de060629d1d14274b25f3313516d97c7f8f88d59e221d0b0e86592ad8caa4d1b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
3a67a466d8a1c9904a176df2e33a514c

SHA1
6ca4bcb73aad6fa76818efe851b16efa0932d622

SHA256
da6ab513d3213448b9628abfbcbd52ef3fba18a1041225e65becfddf8cae74d0

SHA512
edf4c2feeca010fb4e82aafbfa23b8eaff160e2f02caca1d9b07cc4285dfee4f86363ce184834b75c35058026c1cbef3168d3ab5b94349a0b972e2a7f513271b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
960b03478175e48ad4f463ec4941c292

SHA1
57f01452ea1016bc60a144de01084cb12dcc8567

SHA256
ed59f2d155d376c7eb25ded9098108936923871946e8c857eb1b79827626f377

SHA512
f87978ee904a02560d85a601475a3ba0f56e0421a23b52896117e87ed7325bc59c0b74b6a0db88d6af5d51f74274582a636aad6daa6c3067f2260c2d1b508d12

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
7fdf00ab923bc75e481856767cabf795

SHA1
ebf434555eb92537a4365da38b3c85475104c8a1

SHA256
b45abcff9aebf5b690785f30a03d586c81f1086f624aeb057929df29e21b0208

SHA512
c1b013a1482ebe88df59e830f0e55070d11ba9fab7b68d4d67172aeb7f0dc9b1a455072656e08730e3ce4680427534234d61b4fdae8a5eef4beedaf64a3f0183

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
10a4b3bdbabef57bc99f8446aba17e37

SHA1
6b10e608e286e5b4311d800b5e419c366d7a7d07

SHA256
b5b677632c0eea643899c4c9a718621cf5f847d2aa4dc6d31c3febdecd26bdeb

SHA512
d79262023a5eead44ba11a3c081a3b096bed3e7f4979e34e135f0e4dfcb9b9f851d013a2309271131b85e77b9e9cb972a0cc441aabe51a2a22e715549b5fb046

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
8b18a6982a3d91fdebc7d6006c86993e

SHA1
7b4a9286ce70995d983c19b44813ec026a38f0d1

SHA256
1c8b90e2b0dccdcd530c89a6148d7350ff84eff31142f0c4d9a01ae511f71000

SHA512
c06bd4a190d1805f1f84eca048914c331da5f3bd63b6d0e40a90125ab30d6553492549799afe4e2f653482898afd872807753926bed295e152fd75734f8bddd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
356B

MD5
e7f5493b15c82d4ff340692b46cefee9

SHA1
548d153bb9b8f74d1f7aa6c1c6885dda257ef0e7

SHA256
627e70a25f31f355fe7ed9c961f8e781f371d115a954fc5b35d5c3d1af706dca

SHA512
15b55ed011871735ec82a157b40d25ee2c95a680764a65f23af20d9216632f143beadf89417596301adad9fbc4b55842f3b0b74f97620c795e3516a300a56943

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
ad1eacf721204e6af97ed94786add3a7

SHA1
17f15f0aa29b205629275a26c42dd16eb75135c3

SHA256
60ae2da9179caded68ec0dc9657801998d9897471ebca336865a5a4655feaec4

SHA512
ae31d7ab369080ad0d17df97fcfc3ac4017475511d2330f76fea62ad07ca50f5ce793975a717c6a60a7d6b9e3ac97b60e8c8f8cf5c19855d58563762bc3229d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Trust Tokens

Filesize
36KB

MD5
767a7db34589653629c0d4299aa9eb7a

SHA1
57375ca0b80b3c856b76b3b080270686c90ccb8e

SHA256
78a4734f08b47286a3736c88c6fc481f76bd2b1a46e29d0920939f088ce899fd

SHA512
a01b63edaceab16394320bd2d9152faac7f0c3971001049e8e931b6403f97d8e5e6f4e9020a446cfb573241321cfd26c3d982f30139799fa7fc32617cd1ec859

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
f5ec03848e3eeea9e75dd4c9cfba9506

SHA1
b9f126466d166562ae02f4d9277382b7f81b7266

SHA256
f18fa50448d348bc2c5ee31f6da37be2f23e3f80028bc687379dcd470ac2b65f

SHA512
0892db477b03206540158d004e21f6291886daac80e7dc091b3049c175980df42a103a6fb987efef8a245e42c42b258baf1eafd02bdd4a75dc19d096e0589fef

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
fdb6369dbf9518f4e5555e34fb8986bb

SHA1
5ac07c770d56a4fe2eb4d157c34a59e9d73219ae

SHA256
ea1d0a87971936be009083c46b5d7b02738656f5c1a3c48bd220bb928fa0408a

SHA512
930d5913477c1d46d8d057cddc69fdc908d022de95fed5c7a14440be88b7ff2a8af8df36da11e8c4c36a6d60158fb3533146677c20b52d6a429e028b5ceeeefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
7KB

MD5
9c4d455635af61cfec0ce16528a200be

SHA1
37566be8636fbd4a01a6eaa7ea5bd8b89611d6b2

SHA256
47ee88c58adbb52a94012076e8dc9d7a499be96eb0466e378ac557938d47f16b

SHA512
3828c22aed65f344758f5ceed9928d207bc0031017448e69a2489a11e70aeac9eaef993f2840552141b4d4b3a8db2a5109f847d656acafa4fad73b6e3f40d774

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
6a036e783031ceb94e9affeeed9296ed

SHA1
5a9a6071b5a81b1d47bfcb206097a2aeec4dcd61

SHA256
e98ac4f1479f840c183be3441d647b8db929c71568a1ab782642f0a9eff25446

SHA512
fcc76d9058c033c4d4b57c01396c2f701f8fb72d75a1168f5d2389e79df364e5d02311638737060168831bf20b74c164700ff930b776c23527883f00fe661be5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
c3f53e38e6a754002f44673c17d711f3

SHA1
25d68efac40f74f64232d06d65a1b03fc8c2e1de

SHA256
0f795841fbcdb9ec74efb35648401d1162122a015aaa4e1fc6a318512245f521

SHA512
4b053b9e0c9720ffca8f54694489e7a76bb069c2e62754914dc9965f7d1820238be23b1dbb0a9fdf863d3e4dc661b99a5056ca76ab8cda61ddb266029b9dfe7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
2d296b4235c541b200df978e65d764a2

SHA1
e35f1b03775f0f0d888d856b85a5eb31352d9b4f

SHA256
bb58bd58efc027739f99e076c90c877010a19ea3dad5066c775263f0197d6bae

SHA512
4f820b9b4cfc090016cc74786aa73ed321d338d996db7c34b97f88aaf2d9940ed5a75f8687ee49dcd3bde81440277e0e044ad164ca5dd1f96b86f68c3f8e3bcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG

Filesize
336B

MD5
225dc742276225b834559b9fecdb3ea3

SHA1
7cf39ce8e884f23e8436171ed24cb3733f391d7d

SHA256
8b991e65d541cafb474992a96ae8fbeb5fe46201e4297b49932b5e5aeeb2892a

SHA512
ad25c694e74b44c2682020b01c5434d4d31e964c521d451ca32c2ef27e29ae67e4f9119e6c73e007e93dc2443022003b8088860af43bf6d838ef763b5aed44a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG.old

Filesize
293B

MD5
d2cc07d7782e9653dfbfe05fc92c6a86

SHA1
00acef9afda7d315894371aaeac3917e71247d4c

SHA256
68295269ece4f5348f53721b0200723a323341f64a07e1e09130c15da18650b5

SHA512
9106b64c6928070c9ddcf878ea63b415cc0df22f0ed8c658d043b2fd9c90b737353224129731c53913369f0d35142662671641dc1d0586993ceebbbf25957977

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
0ac9f82bc771808ef9835861c0a96c57

SHA1
130b8c869a5d342dbb824e1c534fc1d9efbb6c62

SHA256
1f27691328f6aaab734ff20559f6685ced0842cd60dfb654ad761e3834a21405

SHA512
a435c5171b3369734ba292da0d94abb6fad97cf816e3da45fcd4626fa2f7c3624f6bbfa31f3beff268dbe45b982bbc9fa14b22cca2be09287946a1847bd7b814

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
75e24f9766fd43e324e146eabed70b38

SHA1
06a6bb3c701e1b530e4dac0460f5e7dc83f17552

SHA256
71e2efc45b247ccabb2acb7ae4648a83be1fbbfd9f94e062c40a3cd751304a88

SHA512
37d5975b5acc1f78d030f06b6597872ced3a487a9cafe78bfa0f4edd0c5c92608e966c5b8cefeaed851b616842dceab9f9ebb7795f0c5c7cb2aad33fbc6694fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Site Characteristics Database\LOG.old

Filesize
305B

MD5
4c2f8e7e21da97ce7a53b7818adbe77f

SHA1
a28e1abd78bff6831b36b4c6040b30a3352a2dce

SHA256
812a3e3c992c881bb1bc12418dd16c9c50976924edec8803c73019565f135fd7

SHA512
c74b6cc358c0c97d8f4a56cc732dcd2cf056d315b2fb73540e15b37fd4922a166c87e0cf321d69c48f351caf58a7f1e2502ba94d28b36251f8f68918b7c6400f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\db

Filesize
44KB

MD5
491de38f19d0ae501eca7d3d7d69b826

SHA1
2ecf6fcf189ce6d35139daf427a781ca66a1eba9

SHA256
e58156bca5288238d341f5249d3b6c91ab37cef515358953b435339100d0596a

SHA512
232f5df71e8ec35e500ac81aa54a87b3523fe8a32168096a2a76f08e5c7868100b3cdc5155786ead489aac440beee3f84ffa43d226a5b709c66012923b20c696

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
12329231f7ef0babb1a3d2366e7bf731

SHA1
cf302cce06f5a421f76305d37c011bd09161caba

SHA256
932d5a161d5b36690ec15f24fcfb69c449770fa92880eaa4a4293ca1809a310f

SHA512
5f9ebc11080d5bdfe08f0c649d9d520d3fc073acb622201039e351301c1914af8430b41bf54900537ed5a1016d52c528ac8640ea444543ad3afba7d98202faa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
8c90ea82bc3c975f55d71c061c38fb0a

SHA1
5b6995a747f7d3e7ddc898a830b3e9b2998738d9

SHA256
3a6a0565da9f9ddad3ad38a594c5e632b6f70a2d0dd95bc7d11565ff62d97556

SHA512
1c61ab424ab3c1addc8fe35d0104a72b7f51886c7351eca15da9edd5d15bd4095f8f9d78022c44209c65652f8cda5bf5bc56615d2f6c561fbbdacd5f94c06205

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
281B

MD5
c38575fd1e2f66b7b1b760f928db79e0

SHA1
4729d07f8df9dd3582a87a56911b48ed6ff67ff7

SHA256
cff10d9e3f7dcc8ed49de2fed63e5bf21004cbc72cac471e41e5790f95237b5b

SHA512
a83789e1be5f69b8da30f5324f5c88541f860e187064cf80a0d19b97dbe8bdc5397d02df12cfca11152199e43634e970d9dcdaedaffd8c5f0b57d40f57286f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
f0f7e9cbf2bc6585c9220a166c3de063

SHA1
8efdab7445696e86abea5ecb467f297f4aee5557

SHA256
de73ffac5c865924206003acd3308a6660967e708444ab3e1c061637a1a469d5

SHA512
0aec14b37eee953497870abb4e565a9212fce9074aaf302751002f5b464202a88d95678d2c66fdeebd88a5a16f7ade9dffc7652fed30b6a07427ae331f05bf79

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
114KB

MD5
013b18b14247306181ec7ae01d24aa15

SHA1
5ce4cb396bf23585fbcae7a9733fe0f448646313

SHA256
edb18b52159d693f30ba4621d1e7fd8d0076bfd062e6dda817601c29588bea44

SHA512
2035c94569822378b045c0953659d9745b02d798ab08afc6120974b73dd9747bb696571ea83b4780f0590ca9772fc856f79bea29694fe463b1a388337da8bd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\e8d352d1-7a0a-435d-aa0f-b508ed93317c.tmp

Filesize
10KB

MD5
60cfcdd6b74058bb95be1abf37f2d911

SHA1
05a2ee8d27df029421d56acd46e7fe2f6a3711b5

SHA256
04f60546af39999d984a91347dd4202d5cfc3eaf6ae481e6667a0c182b6e9367

SHA512
bbc361d9cd984575937fef1f216480d82f1e819882f3fdcc708fdcbd095f09f5bbe556dc877cbc8694c59e6a18d71219007bcc50048ea2458ac7fb114c8544c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
928657962744e3371e0b0c6ad7f88d10

SHA1
00b27fbd4717e1b837645a905df4418b92ee6747

SHA256
0e1afa6e3bafbae3dea5c6dfa8079d9f2eb0eec8a3347c5737a6305dfe73bd8e

SHA512
21352f0c61c149465995bbf0b98bc887d189a0aa55ccc30c2a6af2aac16efee0fe2d527489b6849a1811f6878d7026e19d829266ca69f2cd905619163c04c542

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
4ffd2b737621d85115083624108a4885

SHA1
26555ee4c236a2d95c9c5d07c69a09b1cf8a38a1

SHA256
d351c058a7b4d3575c5c8a0dbccd03a6d972f246df7b91b24119ddadf9b91c15

SHA512
ad7d61ea33576afe1773695ff4b4d778f4e8da9e745104f6a6a8c46bb2c3a7dade6782ce9821cce24084b6d5e88698628afbbb2fac9a7ba8284ae84e872c61ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
943cd026bb2746e9c6dd4ce6afb6eac6

SHA1
6b3436c59545d24091d609b82139628759501c7e

SHA256
9626a2d3cdfd9f5c0ccc7189eb848d03d3bacf413cdb7ffd75863795fa6969c6

SHA512
eeba30bc85f7ba22aa0587c8f1122c46a3d4710c15f62fa62162c45d71f46b348ae75538b62a8b28dcc4af8a907d5b106c40e2aac66e49c044eb4e60ef6b9603

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
623219f1ab995d4382d51862e296993e

SHA1
ab714b5455c3a03280ede906b0341270e5e2b4c3

SHA256
e50e0bfc2a799dd9fe24d78ab3838d53b4369a435b883918876435c47acf9a78

SHA512
cf7ea8ed4c3584195803b511b9034695c7ee18d133ed63f51da5e407cc87a90905a2e6264116f67ddb4d0ccc2fff634521906eb04d46250930a6cc19929fd9aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db

Filesize
28KB

MD5
3979944f99b92e44fa4b7dbcb6ee91c2

SHA1
df2161c70a820fe43801320f1c25182f891261a4

SHA256
001d755b2b560945440023bf4ebfbda797cf5106419ac7dd270924b322f3ecf3

SHA512
358e6dee698a63c2490c2fb5206516766fd8ace8f3d523509c29ff76aa6a984cb6381468f15bb4b9c084d9a470298b4cc11b0970e671ce0316243069ac4c8590

Download Submit
memory/1280-1-0x0000000004A60000-0x0000000004B2A000-memory.dmp

Filesize
808KB

Download
memory/1280-64-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/1280-1188-0x0000000000400000-0x0000000002D1F000-memory.dmp

Filesize
41.1MB

Download
memory/1280-24-0x0000000004C00000-0x0000000004D63000-memory.dmp

Filesize
1.4MB

Download
memory/1280-22-0x0000000000400000-0x0000000002D1F000-memory.dmp

Filesize
41.1MB

Download
memory/1280-23-0x0000000004A60000-0x0000000004B2A000-memory.dmp

Filesize
808KB

Download
memory/1280-3-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/1280-1189-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/1280-2-0x0000000004C00000-0x0000000004D63000-memory.dmp

Filesize
1.4MB

Download