socelars | 755a3a96c8e9e813a52944d5937914f5e80b92d297ae22fec7b9111d7c56e76c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Size

1.4MB
MD5

fe3a923be44c84946428582f6022cd0d
SHA1

affce797af9cd59fb551778bee0ce8cc72d18f48
SHA256

755a3a96c8e9e813a52944d5937914f5e80b92d297ae22fec7b9111d7c56e76c
SHA512

f33b68a78a1af836786df85d09a9ec07a5b104e958924c6dcd637750aa3b77259b2b62c0b11573591c7dc7da0a8a1b670a18833672c90371032175c01fd9e85b
SSDEEP

24576:58TJtpd95n1HCEei6gFT/L+V3F+kyRejskFL/whBZhnHo4Sad5RKra0zBd2ew:2Jtpx1iErFrLK3F7QojUnHo4Sa0ra0bw

Score

10^/10

socelars discovery spyware stealer

Malware Config

Signatures

Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Socelars family
socelars
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	iplogger.org
6	iplogger.org

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3436	taskkill.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe
1764	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeTcbPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeSecurityPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeSystemtimePrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeBackupPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeRestorePrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeShutdownPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeDebugPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeAuditPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeUndockPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeManageVolumePrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeImpersonatePrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: 31	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: 32	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: 33	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: 34	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: 35	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
Token: SeDebugPrivilege	3436	taskkill.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4676	chrome.exe
4676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2764	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe	85
PID 2216 wrote to memory of 2764	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe	85
PID 2216 wrote to memory of 2764	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe	85
PID 2764 wrote to memory of 3436	2764	cmd.exe	87
PID 2764 wrote to memory of 3436	2764	cmd.exe	87
PID 2764 wrote to memory of 3436	2764	cmd.exe	87
PID 2216 wrote to memory of 4876	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe	90
PID 2216 wrote to memory of 4876	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe	90
PID 2216 wrote to memory of 4876	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe	90
PID 2216 wrote to memory of 4676	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe	92
PID 2216 wrote to memory of 4676	2216	fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe	92
PID 4676 wrote to memory of 1100	4676	chrome.exe	93
PID 4676 wrote to memory of 1100	4676	chrome.exe	93
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 2364	4676	chrome.exe	94
PID 4676 wrote to memory of 1776	4676	chrome.exe	95
PID 4676 wrote to memory of 1776	4676	chrome.exe	95
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96
PID 4676 wrote to memory of 3436	4676	chrome.exe	96

C:\Users\Admin\AppData\Local\Temp\fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fe3a923be44c84946428582f6022cd0d_JaffaCakes118.exe"
1⤵
- Drops Chrome extension
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3436
- C:\Windows\SysWOW64\xcopy.exe
  xcopy "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\" /s /e /y
  2⤵
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-50000,-50000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" https://www.facebook.com/ https://www.facebook.com/pages/ https://secure.facebook.com/ads/manager/account_settings/account_billing/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8cde2cc40,0x7ff8cde2cc4c,0x7ff8cde2cc58
    3⤵
    PID:1100
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1708,i,11725034481974878259,12362684437497703194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
    3⤵
    PID:2364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=1600,i,11725034481974878259,12362684437497703194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2128 /prefetch:3
    3⤵
    PID:1776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --field-trial-handle=2268,i,11725034481974878259,12362684437497703194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:8
    3⤵
    PID:3436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,11725034481974878259,12362684437497703194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
    3⤵
    PID:2520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,11725034481974878259,12362684437497703194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:3472
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3432,i,11725034481974878259,12362684437497703194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3552 /prefetch:1
    3⤵
    PID:4956
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3560,i,11725034481974878259,12362684437497703194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3584 /prefetch:1
    3⤵
    PID:4164
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4804,i,11725034481974878259,12362684437497703194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:1
    3⤵
    PID:1668
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4272,i,11725034481974878259,12362684437497703194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
    3⤵
    PID:4980
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4972,i,11725034481974878259,12362684437497703194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:1
    3⤵
    PID:3368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1008,i,11725034481974878259,12362684437497703194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1764

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\background.js

Filesize
15KB

MD5
4d978eb4ad644f6c8a1a6579f6a9b199

SHA1
e97504a1ebe5da75f8c3915d6d10071d59310a1e

SHA256
3aba0a974b7b1b9466b681046a7e623759581c28f2e57b4fe3d90d213d0af095

SHA512
c19414d04a4b0b151dafd756b22917097a57b4e7f2f77419dee082cc5f89458670d6ccfa787d55af94bb79915018eda12875cc90ab594161f8f426b2d8f7c03b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\content.js

Filesize
14KB

MD5
dd274022b4205b0da19d427b9ac176bf

SHA1
91ee7c40b55a1525438c2b1abe166d3cb862e5cb

SHA256
41e129bb90c2ac61da7dac92a908559448c6448ba698a450b6e7add9493739c6

SHA512
8ee074da689a7d90eca3c8242f7d16b0390b8c9b133d7bbdef77f8bf7f9a912e2d60b4a16f1c934f1bd38b380d6536c23b3a2f9939e31a8ef9f9c539573387b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkfjbddnkpfcflenfcleijhgaaiapaf\8.66.88_0\manifest.json

Filesize
1KB

MD5
f0b8f439874eade31b42dad090126c3e

SHA1
9011bca518eeeba3ef292c257ff4b65cba20f8ce

SHA256
20d39e65b119ed47afd5942d2a67e5057e34e2aef144569796a19825fea4348e

SHA512
833e3e30f091b4e50364b10fc75258e8c647ddd3f32d473d1991beda0095827d02f010bf783c22d8f8a3fa1433b6b22400ad93dc34b0eb59a78e1e18e7d9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
ba6b120e1ef1f622818f117ce8f543e4

SHA1
2cdb0dde23dc940b71e2bd73093e9c3f96d18b35

SHA256
f68bd747359e60f8c3dcd236aaba0cd48fda4b6d4dd369835e874eb6f346f609

SHA512
c30a39bfec22cd22709466c43256a03e43cd6fcb0c1995cfb25ccc1ba4192f2e4019ccf448c787e07db180df39d9e0ee94c3da0b0bfeda69054992e653a65689

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
9a31b075da019ddc9903f13f81390688

SHA1
d5ed5d518c8aad84762b03f240d90a2d5d9d99d3

SHA256
95cf4025babcd46069b425449c98ed15d97d364b2461417caa9aa0c13cb372e1

SHA512
a04726a429ae727d685f0836327c625d2f18d6327253216a9a31265a324b68b06bec4e7f1b744d261a0e67fa0a90c43719aeda9d2998f42525b0ff5640c7bf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Crashpad\settings.dat

Filesize
40B

MD5
186ccc6761714f7e88de1fff069b95fb

SHA1
c7dec1fff5e2f359cccf94875265f96757865b34

SHA256
abb5c7113a03fa5d3a4d6d25007f875d5189c85054252a03a3c9d2cc64a5f59e

SHA512
5f346abd0068d56df1bc7236a8f8ae6e0397cd35c7e8a6554f90724bc4936ed6a1f127aef797391d34ab458ba9ff3337bade05334155aae7473e6c463b0499c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\9b605832-6c63-4092-9c76-ecfb10ac9f1c.tmp

Filesize
19KB

MD5
c40c47759bc9054d43bf72412634a931

SHA1
9466f9b09f49973aaec086a60266b5f4fd3831ec

SHA256
c0a2a81b8a56bae54b130addb8303fa679382d0a4a810368f506479b7ec2f6f6

SHA512
e01a79830542cd9ef19f3086cedf728d61502fe94505a285611092085c4caa0875933a9bd5ceb4e7a4dea18a2a3161c91199ad6889ba2d4be7002b3a1b34c7f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
971efa35a3ffc3889c29823f2dbe85e6

SHA1
053e7d50294d8d21d6c79ea5498275d707054618

SHA256
75ccaa8d37846d92465786b2380ebcb3ab950810899ea79bf238c024016918ef

SHA512
9186a816c9c91cf140000e11bc9056d74526bc94f60ea6110c513c13be46b317daa44be4e7792c487a3023dda410803758647fed0e070e0ced4b0463ea06da84

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
13e5f3399ee4fa50afb19b8e7e96e481

SHA1
4577363ffebcbb6fe8a0abba9cce24e981e2e7c1

SHA256
6f3188b4690c0a712690b54ebd3416e4d33c4df23bca00f0b526208bb02b7d1a

SHA512
16e31e376f76c6ac03489d5d7fa24426ebfb831a7c533595c1ec28869dcb30e913a88e82d82f64adccf0f598a69e7de7a918fe54b61b51af6882f983b4b0619d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
727ddba6c69d2e855820b57ad8a5cda7

SHA1
2d53b1c7e3ab91a0c3a33cfcf75b7d9d3bf1e202

SHA256
20b34e761ac58e4c1d3be056e0ca65e1372143e4dd4fad25c19f1f45f2e2fc19

SHA512
e3137d4f4b872046c2c0edf72b4a8f14751a2f265ae0703409a78ff2bd54f877924ec445b550e69d09171503cf47e6ddbbd341cfa7e935fb985add2545d3bc98

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
b8236e25b3d6f1f746496bb581adb280

SHA1
81c0db1fc952069a1fa1a4ec2444a77405fbef64

SHA256
90fea5e746b4ff0afcd282b14684c9518f04e38c145a28f8b1bf65184325d12f

SHA512
7d18dc07ecbfa4901e619136666216bf35ab24e6defee851c0b9269ef0212b2eb954ba17e81fbfbcf7d676e99b02c5ab662aff7ce9aa68a7ca1b8f41baa61e9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
9666d74b18f57389ee2d3dee5073f71a

SHA1
1830bc2670e616a1da1af27157159e6677a5ad63

SHA256
6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae

SHA512
69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
9eafad1ca297a053e40a26aa2bea6b19

SHA1
590544794f2185e4ea67252789aca122b5c904a9

SHA256
c71f32f6a9a1df19de42863c253fc875201bc7806c41885081c79728bf81bdc0

SHA512
34995829d67fa06e118b6ff89681373458ded22e716def26a0f5ef72dc58aab8d5d23153577f560538db2bf319f605033ae08382a15ef7163671c12ad4758e80

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000a

Filesize
134KB

MD5
f2650753d9a43458f4887c02bb57e5e0

SHA1
5d66f5b6e19b105776d5daaf31b7f098035e5082

SHA256
b7bac772974a76ae54878062cc492c05736e2453dd59d23f0fea609f6bc3cd5b

SHA512
416da80b9b4060550c872970634cf301f9c86c7fb6cebd3ec2149695485ef2376a8541e1212c3cd826eb0395c4ef9ead2b02b0528fdd91bfbd10a049f50fa835

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\f_00000b

Filesize
34KB

MD5
5289b8f7fe7fbdada1d8cb32b1025fd4

SHA1
fdd124f7a7245165034d85caf85c6e181b4ed47c

SHA256
b51ea31b1f475d8c8c8813373a6b4d181babdd2210009a15daa32509d0c3a912

SHA512
4f3831d45a809ea9cdaef09c66a6edcb6935bc0270bf4152937a0225ee7232f7d44ade2dbe1a1d5614633ffca3eedc7559f1e802a6c5bab49bce75d5763a53b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Cache\Cache_Data\index

Filesize
512KB

MD5
76ce919fb8ea2e193719f08424cc5686

SHA1
66892d59fe6bf93e42b30df73545c02e7187fc33

SHA256
a97d8efb426f5baf969dc37ee8fa64c8bcfc5ae98ee910fd0e261deaa4f37fa2

SHA512
fb7b1d3f3f91d4539d7081240e2b6385012dab89aa9f1cae92e46a3e24ac038e136d9fb19cf05f92b17c2a08b89b52264eaf6b0ba3ee4eb677c80db5e26f3de4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c127e94c12cf72b95feb461739334e48

SHA1
9484587988a7b885cf0e3502092badcc1ed30ca6

SHA256
6d796aa520e5f1f7557786c18c7dad8e918d0bcd7a4083f3ad43d6aec92b335e

SHA512
4a1f4a5bf3c310a8949094017f1ad72607267004ecc8fa6f1e9f5d9d87205cb3ae389b5c46305e6e7a893fb00543a882c965c8ae53c24fadbc20e6aef40e1a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
6550256bffa695d75651abaec826217a

SHA1
00174892e583e5f6e84336416ab7d958b5a14215

SHA256
da6c990577586ae4712002df298b9c2eed351e6d2d1e54dbb2823036b4512f91

SHA512
f6225183e8682452c80a97f8076e88cbbb1744d0d940d9e17eda918388c10a03fba1fd54cae6e7ec212d602124163493449218c6099bbf079beafebe83468d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\js\index-dir\the-real-index~RFe58118f.TMP

Filesize
96B

MD5
b3dc810d28b9c73782e8133098278d91

SHA1
95ce48d14e8de5b75cf47f11efa60170bfb7a682

SHA256
1b5e0ca6770b2b5e33d465f72ba3bd2e57db2b60f5d62b75a0e9e1ef8d6526f7

SHA512
28c1871d5c6108f52bc4b99efdc4e35a43f9e5cbe391bd1829d67644f87ea279dd183db6b003b41835cf12e5209158504a8f53af00f654f7e06cdcd6e6298626

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
02f6996aff252cf4a45f240768a5ef5a

SHA1
41e8be4cbc469f82a995cb13bdfdc0787769685f

SHA256
557d9d692dee1f59e52dc62b8c53cf031fa0a6910e30383728064d9f757e5cca

SHA512
ee9d9a43ebe9dcb674e4bc78a96d9960e47b85c52cc9d67eccc1692c01bab40dc588bdaa8f08f83ab94da219157c124007e530a2eb12ebce38d614d2c6ce8820

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\000003.log

Filesize
114B

MD5
891a884b9fa2bff4519f5f56d2a25d62

SHA1
b54a3c12ee78510cb269fb1d863047dd8f571dea

SHA256
e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e

SHA512
cd50c3ee4dfb9c4ec051b20dd1e148a5015457ee0c1a29fff482e62291b32097b07a069db62951b32f209fd118fd77a46b8e8cc92da3eaae6110735d126a90ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.82.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB\messages.json

Filesize
593B

MD5
91f5bc87fd478a007ec68c4e8adf11ac

SHA1
d07dd49e4ef3b36dad7d038b7e999ae850c5bef6

SHA256
92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9

SHA512
fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Favicons

Filesize
20KB

MD5
b40e1be3d7543b6678720c3aeaf3dec3

SHA1
7758593d371b07423ba7cb84f99ebe3416624f56

SHA256
2db221a44885c046a4b116717721b688f9a026c4cae3a17cf61ba9bef3ad97f4

SHA512
fb0664c1c83043f7c41fd0f1cc0714d81ecd71a07041233fb16fefeb25a3e182a77ac8af9910eff81716b1cceee8a7ee84158a564143b0e0d99e00923106cc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\GPUCache\index

Filesize
256KB

MD5
a7e66beb3bd6f86a6069a65ddb95a2d0

SHA1
c982828c9a7c00357ee3d8ffd184af317e752473

SHA256
f08e03a675ada41f252b08f7d5a2ffda71e77a290eb8c326a8f20c3c6648738f

SHA512
969a6ad4786cc550cb1de64ddc1158247a1cefadbd3aba6ca2eb16e011ee3cbe2fdf1f57700e6dde3040282ddd06758ffb10a21fcc3c4a6b2befec663bc0fccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\History

Filesize
160KB

MD5
f310cf1ff562ae14449e0167a3e1fe46

SHA1
85c58afa9049467031c6c2b17f5c12ca73bb2788

SHA256
e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

SHA512
1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
a5f870be267fc6bc3bd0a01009359498

SHA1
9b65f50f7e1d7fd59abbb0a43ebc1c7d768409a5

SHA256
346606ac79bdaba218f5e68b107f3db1db1b721ae20d76a424f9e6b394f78862

SHA512
dc7c0da3cc8eb10abde71c895f79c72af5155b66c19184d823e5efbbfdf7fe9111c55e89ba8623d5052a69db241543fa2e58c02ec0f1b7dc53182c78dc787465

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Local Storage\leveldb\LOG.old

Filesize
289B

MD5
2b48ea47cbffc76e1decb57e45abf702

SHA1
c7fcca82fe7f85ae5f835d4d87c82690e119a340

SHA256
063697fd88c540eb476bf0760bac67634e26177d41d8c5195600212889152978

SHA512
88db3a0b87ea85ae77361e7b6efa14b8b74cfd3ea08bc4905e323e1c4400d36059e573dc4d9805e78e654718d3623dc91ffd0a70bcc11564da402d7ea192646e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Login Data For Account

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Cookies

Filesize
20KB

MD5
1913683062f1e9559ae906e1d9e7d549

SHA1
a59e3c76b9b3bc2415536417ce552d645dfc672c

SHA256
80a9fa9822929eedefd3d0dcf29736d3832880543da59eb6fa94d3bfbea0e19d

SHA512
eb40356e5f2a81923fcfb105814a00298a3a40ca36cb17cc55b40283066f7c76f48569ce5fd41e57947e732ee48dabacb386a61e8e2480a4b1b154b2555b3f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
91322643fd1de725f3be9833c7f879b2

SHA1
fd5856ec9f10fca56db5868cc608e7171ff0fc26

SHA256
b0fd5c303a35c76cbebb84d385338f22c82ede4e65014d67df8b4400439f501c

SHA512
47d967b33ed0de9d5c46586e6acef358587fb4bf8541ec78fa24309dbd38bac714f5f36c5670b9d55479def05e6b363e47174c57baa6627b9945778b12f722ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Network Persistent State

Filesize
2KB

MD5
4efd40600e533b9e33e01ee019e0668a

SHA1
16d3effb1814b0ea8b31f293f07ce7a7b41a1a65

SHA256
e7dfc1a36de7265eb62661dfa62546ffd4b67901fc7c2247c42dbfd483171369

SHA512
3141cb2f7ea41e8e9532286e518a397e6ecfe1fc1ab3b8c9585402f4663b490fe1ca7ba6f8902c9d89b6e3e48374963f5e53e20cf69d0cbcc16de55cbb556bc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Reporting and NEL

Filesize
36KB

MD5
208c4c4ba47c45c5800c61d2ad1da075

SHA1
0654401c5ae533aed2e858a3e181d271efd28a81

SHA256
fff0aab0b0539238768b13c372295a24af867bb9e361bd45d34b10c4c171c5ca

SHA512
41ee0346b87a1b8569464f690ef3d68af1496b6780394a8781f943e129c6646d3e98c16ba14a02443c6bf3e54a46a8567cb0265017895d22acdcfe7924bfa59a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
27435fc60df38d938f9bf698ae08d4fc

SHA1
ea3f554680b59df107ecf2417fcfaa35e293efef

SHA256
d0e4b17f05657c2e6480af7b006567297c970aab0466a542c33eeb74c26c5f25

SHA512
8b33722b38feb46b43fe56c17fb42e965fd0fb46c90ad8af74c115d0952aac809a480ed3a05f398f1332890fc36404358c8e2c41a1fccb0e325b38c4a0bfc3c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
356B

MD5
e0241ccf0c4b7acbf56a5af7843177d1

SHA1
da400661029a566f219684f8ed063f60330c76b0

SHA256
9790ff13b7afd510a7d954681446ee6cb06ce71ea4f33ec13cfa6fdd0fcb9672

SHA512
626d0c51e727356f46d28c37dde27cb9a8cebdd91c3f5e37949a8d26e61fbde0c7f704bd139b941782d1f4d99e1fcfc43589ff8e5b68dcfc78d5124f3b0dce73

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
2065150943ed94f965faba481e35f2d4

SHA1
793c7cac55344108e8afc7ae1d11de36fc3f451b

SHA256
48cf5c616645856b375dadfb422d023dfd4d26abbcab23b5b1ab795a0c181abd

SHA512
17d90e02c490b7c7a18613c4b29272a22b4b37a3bbace9f89a2236cee0b63ce483131358c16daa7cf9a52e73181cad6af9c3e4068229cfa12cd4e1d6bca9c370

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\TransportSecurity

Filesize
859B

MD5
45cc54f493e3adfb3f62d20080b8bf03

SHA1
d5391383ff14db2e3ebb6cf8173567f31ed5b182

SHA256
3da9d01bb14a943596727d8a66dda86ae23dfa1dd2df069146458cb8ed9fd4f9

SHA512
331ef8342236066a135c2a69c0f5f3f0de679a336e68e884c8a80c6227816dea5fedf3d0d3626f8931910a9df4ade8644a30ed4860a5198d810a8fce35498fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Network\Trust Tokens

Filesize
36KB

MD5
767a7db34589653629c0d4299aa9eb7a

SHA1
57375ca0b80b3c856b76b3b080270686c90ccb8e

SHA256
78a4734f08b47286a3736c88c6fc481f76bd2b1a46e29d0920939f088ce899fd

SHA512
a01b63edaceab16394320bd2d9152faac7f0c3971001049e8e931b6403f97d8e5e6f4e9020a446cfb573241321cfd26c3d982f30139799fa7fc32617cd1ec859

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
b593f7c3b19de3713a8f17b16399778a

SHA1
d64df0d2194ba45cb4c834525a53136e4dbd3773

SHA256
fe15373c8f2eaa3a5f57aeadf766a6cae91e919154177041d790334d97dd1c6e

SHA512
86b9c5a78c6dfc45325ed79a898cf871c5979059df9b4b3cfa33cd9034543cc7b4637312c96a16e86046f5ae58e11c59f6a2cc253b175ade4cd81fb4d1bb9b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
09ddb726e29b1d2ed36b90e1aaf9e7f8

SHA1
0aa9b5dc62aaf28127b3ed8988c9ba56efb08226

SHA256
ef6df44c31978eee35a0e1f7adb34f3ae5c7fbb3286b61ec8cd9862d3ac5bc6a

SHA512
d7e916ee9255aebe7306620a4a2b5857aed50de1b81533779d3cd8b5a8f20ddc13b236648136a08ee4d8da905295becfa6da95340ef77889d433d519a3ee6da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
2c1ae9bcdf384e77e749ec3255eee735

SHA1
0daa45d913066befee20f1d3e0c6b54c2f94541f

SHA256
dfc226d2b0444e0c77666ffa49dbf30049e7c6f322ee924a0ff4f6e72d2b4c9e

SHA512
e335560f1e96663bcb279b89e16062a04aef0e3d0f6f2800441bdaeb17b8a2ac32153dbccb3e2a6810f1232e13010aee3175bc4167cc1ea5cc9e42136b123924

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
10KB

MD5
dd5e645446aa645488d861ffd7ef4cf5

SHA1
906dcfab87d60d6ab8b3067b16728dbe4669559c

SHA256
f355b3c6492892844a00aa90b56bcabed8f799853d2d48798d1a003d4585691b

SHA512
80f8f27eaddb63a279f840dc3a4dea62b7b663add22265f65cb21ddc3b5033384ccf5a0734817e9e935af906814e86255cbfdd5223402a49a27964c07eb997fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
7KB

MD5
a13918a4769b6fcc5ded1d6126728da3

SHA1
0a4882ac97c640196be8b02cb6b2a01485c4e079

SHA256
752660c7ddfbdba718635c8997aff9308fb286407ffb3679770cc073775eb999

SHA512
3c8cc82b19646b979716d221d3320b3812e4885d752204823a5b9f531a7cc04ede338c7b3515c7796162e166177cecd00b72fbcae91bc68003de243630be2536

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
6c24d72901853ce8dd0c7091f2962e97

SHA1
d31d58d73c5432f213f8520df7cf5b1e1255b597

SHA256
18883856a30322a1fe77d9b1338a6d61851960e4d4aa34582938c087f9b7a499

SHA512
e24af0b4e6633404c1d84f82c8851e9cb95340ea8956474cf0731c3b6892140edb6e5cab93b3faa75ba4a46d8c20f7f4da044239dd387719324d3a3d77d8ad52

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Preferences

Filesize
9KB

MD5
8f1aeb805c43c45df3afa3c2c8a085a8

SHA1
dc0bb808fe1d854b03880364a13bd8c5a899d917

SHA256
292aad5864af2bcbdb47cc789f3398f8a6fb31b1da75886afe0ac2ef933bde71

SHA512
f6079b2db3fd3ba3d4b1d0d8d10132363ad61cbc8a619db502f9c819d2a54807918786655d7fd59a4392b29228f1117474929806f1520be4d12ac1a98b7c9cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
9d15a5efd6f1e0d5ef1e91f60400a97f

SHA1
430b2d3834ae153d83c09f9e0532d621d71b39e0

SHA256
34c3b031eb588bd7fbc93d56df28e8edd6d20c64a407a85a39d5c7e66f6c9c26

SHA512
c47323a349fca03a2e29bd598e5782ec9661d9a052e6bcd190a07f93a8dab1ffd8061a9b3487a59e70ef7a36da5a8c7a21a98e30dfd0deff2bc28a1863deef04

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG

Filesize
336B

MD5
7e18aaaedd6fb0393263f7642a77c5a1

SHA1
45e66177fca82b615806cd6e358602302b7a107f

SHA256
2c851afeceb633e85d023d26fb4c386d4a30adb513c35a3202ca02b5169a90ce

SHA512
36737096d1b4431ea45b15532c3b3952999474070b1a477f14663e2d242f19c49ff4ef7e98dc2c005dbf149b3a0679072b808d08d26319bfd267f119083f23e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Service Worker\Database\LOG.old

Filesize
293B

MD5
2918ff9561f415f9f2b665482aa471e9

SHA1
3aaccfbaa337901e89afb4855c0fa2b782b6264c

SHA256
8f883a49acc48112a377c29c68e0eeab442d728f8c193f02142db47f6f402adb

SHA512
d518d40d7011ee6aa6ff95c2ef125491793ff6e7627efc0063ba0018c56859d04758b970a02c39a4dbfd1c7ac641d9e2b2391cccc8b2d9cac006a4f975224e78

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
09918c656282961f6814d6d618416e06

SHA1
a5fea718a7330bff118996a77283a65293746835

SHA256
3b2d78b5eabe976a4d21c66139f48f805eba408985983795c9cb1730f08e14e6

SHA512
d393a192070c703dd1ec9f9221f532d040ad1a004e956fab1683e0663e6c4f5edaba748bee04b48e4c8155d9dbe086e520cdad9f3e49ad00a0a327235c20c163

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\index

Filesize
256KB

MD5
47acced15c6635d5370f1e3b076b53a3

SHA1
9204357b164d517bb9bb651a4af23c673cb0f13e

SHA256
cf223508451457270489bf115d86e5641e68f808903941452dc00ef09b0f33e4

SHA512
495f3ff9392a776e34733677ae0b2a432e713933144177db5b9e982b1a18261236412ef42b075e6a736078258c7bfc3c4c9e0790f70c0a31fae02a66e1b4ca1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\db

Filesize
44KB

MD5
491de38f19d0ae501eca7d3d7d69b826

SHA1
2ecf6fcf189ce6d35139daf427a781ca66a1eba9

SHA256
e58156bca5288238d341f5249d3b6c91ab37cef515358953b435339100d0596a

SHA512
232f5df71e8ec35e500ac81aa54a87b3523fe8a32168096a2a76f08e5c7868100b3cdc5155786ead489aac440beee3f84ffa43d226a5b709c66012923b20c696

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\000003.log

Filesize
2KB

MD5
bd82902dac28aa198eceb76d8ec78c00

SHA1
c144dcdc554be2a15ff8efc5c18eca0b03381f4d

SHA256
f17855f8a93567ed777e64d2fa9adae0a8f77d692f25d97e2015ccc7e5253d09

SHA512
fbbc38e89252017a2165d6ebbb33a1fe13821155265f3840df1a2c5477698843d1b9a03dfef91acee23e142846baa3d92ac370cef623aff5ded1b352beb1b889

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
de002b25dc9a77736735719e5b31bbc3

SHA1
d8b88e2b6270aa059c60e2d423ecd6751a08dc7e

SHA256
cef660ea73523d82f54dd23493b66c0d840a35a32d7a9a278581b55ce8c53d2a

SHA512
ee2f220d13cc0f0904c2a9f3cfbfb8e241407906bd7766f96ae74fd8e4917d7995ac84ed1156d0aae0af0944f3a5b8607224f9e2e20ec0ab27df74449719443c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Sync Data\LevelDB\LOG.old

Filesize
281B

MD5
acb7ea9fd701ecea1c4531813053f2ec

SHA1
ff732050c960ef24e1d9e7c117bee77a53f6e580

SHA256
fd7ab26d805f2250ffad2c37420c5d76dd80db7893e8bded662dcd5ef29e2153

SHA512
aea17c7e7cf08018fbe822ddc3402aa565c02e128bb5eb4224c4b59bac4287a52a10096a1147778366f9a17a2abecf356642e1359b3c070fbb51096a0c5116b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Visited Links

Filesize
128KB

MD5
541a6b451768e83f1cbcb821fd965fb6

SHA1
ed439e3fc61a614ec6c20bbae29c1387800b1539

SHA256
8f18036f5b3384e31c417672387d6aa6a68a270e437c34febb16538aec4bf3f8

SHA512
10274c42a0add4fe1d5c5b529b59b73d6df7f3ab01c4d98c389e41cbe0ad05d0e3f8d4713173b1f5f789bd6aec52956bc8f1934c8b6fcddf12b4e6f8d25d4a2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Default\Web Data

Filesize
114KB

MD5
f1b0d67d9700b657fffb1e53c14444ae

SHA1
ae8a3a681da72d78263510a2e6a2ad5a66cb0164

SHA256
7a26e63a529f6c2ceb6063b72e61caae2a643152c7b1b75b3396a700aac95bc1

SHA512
a2b3ab1807a517b1b499df7d8cbd7b695918113f4124b60ab54b6fa1b2fee6d0813c73202ceec42c7b9fc2c124e0555ecff62acb948cf0ddc19b51607f527b50

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
469ab1f526708453cf1f2ef81b41949a

SHA1
2c16a656a53a98bf25b0af1d65f97a15d6535df0

SHA256
2371c49130c9fe65164979b526d8180fb7513386a515ac42dd720edc2a159c04

SHA512
a75e2d9d034bc59cde07106c5af6e9f47fc924560cfb3ff9c896d365d1576a3ae4af97ef0aadaab2b845f76e9da78337d62cbf876ccd92f58044d6492c591815

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
e4e8f65496b05190094994cb956f52a8

SHA1
c7af51505b6cf1166ee0d360974243e5392f4a3a

SHA256
564a17dceac474ee94145a9f2ac1131474a8735dda2ff154a075dd54f4aec086

SHA512
d8e9cb1e04e8b63d8fa006b4674017b2d9f8700fed0426fdda5ed9be7d479483f9fefc17e723102efcab1808fa01f2ca012c2e84bb0bb22250b3fa3901d17dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Local State

Filesize
116KB

MD5
56e3a2cb3c0f44ef3ae6fda48b4c635a

SHA1
e2b1d87a987d39e955258eca054b0607448c547f

SHA256
877e2c9c44142f667294dde5d54abc572a9885c947c3fee3abdbaaf6867fc44d

SHA512
24a360661683ee9864ebc5901bd4b29fd16d1fc057d39724ccd181ffafa55875d9554d744d80c7f4c95949bda1cffcd8a454fc39eaa959faff8468fa5608b60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\ShaderCache\index

Filesize
256KB

MD5
4e57e512d4428ece71ecf9b5227fafe1

SHA1
041c82a2768cb316a7dc01786a72b355396cfae3

SHA256
61ffbd4b74b21f20be1b32d652d4909a2ed5e12210dd6a6adb2ce29f16f5f365

SHA512
ee791af45bec0fceafe52523ad9b8d6e314b4d8f2bcef8312c3975647e89ebf09f668c87bbc5a8cf7c07447ce9162519899d12b6fd347258580fe71b6c9872bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Temp\cghjgasaaz99\segmentation_platform\ukm_db

Filesize
28KB

MD5
3979944f99b92e44fa4b7dbcb6ee91c2

SHA1
df2161c70a820fe43801320f1c25182f891261a4

SHA256
001d755b2b560945440023bf4ebfbda797cf5106419ac7dd270924b322f3ecf3

SHA512
358e6dee698a63c2490c2fb5206516766fd8ace8f3d523509c29ff76aa6a984cb6381468f15bb4b9c084d9a470298b4cc11b0970e671ce0316243069ac4c8590

Download Submit