987027f9aa89e7285a553ee9ad3f08d0e3c202a860011416bf1c669bd750225d

Analysis

max time kernel
56s
max time network
183s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15-10-2023 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

forge-1.20.1-47.2.1-installer.jar
Size

5.6MB
MD5

f69e400691a0ba0a60f9f679fd6d6653
SHA1

3c924b4f5c29d9c829ce92cdcea155a9f35fcce3
SHA256

987027f9aa89e7285a553ee9ad3f08d0e3c202a860011416bf1c669bd750225d
SHA512

59c896862716ea5b4c04479b95585e694b188bca945fd33664c0ad16668d09720abcf93358f3344c6872fbcda0f487cdfa479ee1fe6d448af57e4e976f77f092
SSDEEP

98304:Qqh4CNcuGIXGMPoGxbz/p6x9fieG+YO39p0gY3HMS0udPiKF1ae8JDXnn/gwjV4i:QaLNR3GMAGxbzh6biePDtp0gYXj0udPG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1820	chrome.exe
1820	chrome.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe
Token: SeShutdownPrivilege	1820	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe
1820	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2424	1820	chrome.exe	34
PID 1820 wrote to memory of 2424	1820	chrome.exe	34
PID 1820 wrote to memory of 2424	1820	chrome.exe	34
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 2776	1820	chrome.exe	36
PID 1820 wrote to memory of 784	1820	chrome.exe	37
PID 1820 wrote to memory of 784	1820	chrome.exe	37
PID 1820 wrote to memory of 784	1820	chrome.exe	37
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38
PID 1820 wrote to memory of 1496	1820	chrome.exe	38

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\forge-1.20.1-47.2.1-installer.jar
1⤵
PID:2648

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5a59758,0x7fef5a59768,0x7fef5a59778
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:2
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:8
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1900 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1140 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:2
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3236 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3224 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4212 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2824 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4036 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3980 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3824 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4880 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4992 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5064 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4936 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1300,i,8295311518237369942,11829512245726407147,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\forge-1.20.1-47.2.1-installer.jar"
  2⤵
  PID:592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6c3d3721a35da48db95f147883286b5

SHA1
e26d3497955365ee8bd7eaa7026ee10793df2afe

SHA256
3af19f44e6f5b2c4e37043b42b2f37a09c32b74257ddeed5637cb5009c059477

SHA512
388452b577fef9bc0b9d45964f0958f64e5e8d6b302b12f76dc429680435f69e56f662659f6cde816316de7c8b7ce6fea08f492eee39f3f1303bc434ccdd44c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
335f601e025dbf585148cb914b86a215

SHA1
47829c0ae971e08634cc06ae103490a0b9ce6d8e

SHA256
a9f908d9a2ff483278ea927143995f4d55fa3188c2c553fa288f85696564829e

SHA512
7185e8562386dfeec4ec1ce66a3fd884365a52b14e3923a3774bee9b60a47d2aa821e1a721f8be0f6b7d8d15b17ddd8bca46aeb251d7d45ba821d55b60fdebd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c665c1204a62e2ef1285c0c8caf80a3

SHA1
5691c9f844908a775ba9c2dabfba9d9670e48b5b

SHA256
6d5c3251e84868a34f9b75a0830af31dffa9f17d1361b8b7a361f10fd7f123ed

SHA512
a1c24a467c8b59a48b16d90f30fed62c5cb7b37e7fe7f1b575ab8656a34a8e32133018238c988b56cdd067d9892d5c4d7936eab66b17138371100ad4382d97b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12dcc2b80190a24bd38bd00c0464f7c2

SHA1
83330fefeaa67be6da22f6737ba20d06bd523c1d

SHA256
58519f4bb34a64d4044cc1f59700dc8cedf303ef7b1e9486d43e13f73f9b0e41

SHA512
737f0a3b041b3002f4afbd923a16502c1a92f6713f74dca62934c908c13b697f6fe769a88359aa5a56b81a81fc0a58ccc27edcb164e8c6b726aadaea79c66af9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c9e527c0cad8c7ec87ccc32a6e943fa

SHA1
f556e344ebc79c68283261b18cb66e44457fefd5

SHA256
7b6150bc7ec93070d74349c4d9cd147abed0521219d456221aae1d9d770b7a8b

SHA512
021a05f27970484bad35082460b1b667476dfd6f4a9db64efdddbcf9ef86540d72c2c78dfcdf51804ed1616cc4cd189ce3daf4aa0518f97e49798a94b9ef2dad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43583654d85ff1ec517b2104e2d60235

SHA1
d7b3b529c4c5518373509a6c451c0d9474550e74

SHA256
4061673a5a5e1ba127653fa81cd2f0f850efccf0c5fdd1bb0b68adf8a7308c7f

SHA512
791a9f6a6f24365ebdf8b236938816f01cda67308d2e0fc25d7baa688734789675fea916d6e4bb63727a193df2465ef42eebc3408c6feee9ae67f2dabafaeaaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
941bdbe35e4d10670baab9e037521d53

SHA1
2662e8650a65478526c04355867bc997224dfabc

SHA256
7e3b7a1a3133fc72b884720ed625a7fd4a18907df8ad3ff48c92ae918659624f

SHA512
4c535c06ec8e88335340765fbe8871f5e7179b764a1c1bdee9b409639a78b71e39b59e213c8db6d9b8b65c5412d2d2bd04b43d2ae2bba9e8f6445657a3f3cb84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7c89e5727fe6c9e42aee54b413949d5

SHA1
0a5317009fc96f008329bd051387bda0f69d0df5

SHA256
fc832159f7eddf36d7dfcdb4eca13b74e538d359ae8810dd8cfe16831e852af3

SHA512
65b7b863167daefbda89f585512c7904c5a1bc90e374575937604117e318c2e59e18c4ef017a879be467ad74e6415b17d65b9f5c84ed7509afeb163983f3c7ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2bb0a9a73c8ba071936c3657d3de3804

SHA1
e69b023f4092597136cb88582fd18081dfc0fb77

SHA256
d13a716a27546d92a0366cec2514407dbb3dd87da3d890f50d5526fd53500e88

SHA512
33b3a1b73dcf8d32aea4a393764950f77471ea9d3de5385adcb75840cb5ad76dea95ffbbecce01eeb6243aba1d05f936473ebb75dd6612013345a020a83e45d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
934d66f3a9f2fdc175072222902b2dd8

SHA1
dd515a3b018af4114aee0bed025c7e5130e03830

SHA256
d619150cf33abbd809d02d6620d2d9ea866ccf881d8cd973a32f8066abef63c1

SHA512
c6d09bfad3367aa0f91e289dff6f13f3ac7792027d87ac09f4a6e183c7389cfa3120c43a041980603fa8d4fe1dea724a30f89ea920a5f171ff50df075b0a16c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
547808ece5316ce10ad2ef4ef3beea37

SHA1
d38f1f158be051cee28325223149eae24dbc771a

SHA256
7cbf6fa4187491f9e90715cf6aba7954417b55a5a958f440755d5c15595a0923

SHA512
bfd7cc9cc05c79f3261002b36f89dd4a6867981a57a4d68a623f401c6cf8a88783bc0f85becfbe917ac23b689c0c42c9dbae9725a68ca095002ce2f4b7e7a7d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a83ee96880b97b1e87cddd2284cd012

SHA1
ec63be5d4f4fda29b2f6442e3899f6a513b57e47

SHA256
a30de669d7da8b9cb6ef2cb809b4e74ae047cc69e7750eae52aeb60d80bc63f5

SHA512
3a27c42da79aa937bb250fd6d9b4b120ab101a00ca39224a9d8b62ce32452ad6f4fd896323e9056d244dc2d19c80eb98c8801ee14d4433a3a03e0238637b88cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\791e403e-f6d8-4207-bea9-8a287e066c6f.tmp

Filesize
6KB

MD5
33b895e0fe2290e0d9e5182f37a18ed9

SHA1
48bf4a4de99cf6e3e843b97ff047652288d16aa5

SHA256
380990f30c57ced30d259443f7eb116db17c42988ec132c41bcda256bbbea5e3

SHA512
013e6218fd47db312c7b9dc8664c4ebf8f16c1dddaccb2bd81f0d94dad54aad7daa117686699d7e40a4083a633a61b3e77ee6c092db3254667d421139cfa40d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
64f985262ccf663ca8fb88b7fb9c3ad2

SHA1
da29bb7e3d74c4ea20ce9135410f66af82ce3307

SHA256
bd2ba2078f52b60f62bab778a368c3e8d0396ae535d009913970d5153f590525

SHA512
c5dfeb059e58f70e36f6443432cdf827fabbb39ba009a9feaad18e180fb6c92f13e3765e463915d7ae4eb33caffdb8be0c7eb807b433293d716d993d87b8ccca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
76f1d6a15e5064c8df36fd47abb361b7

SHA1
937e404bb4cb3f1316f60f6bbd3656fe36a24c2a

SHA256
920957dbd9a8e9ec4873d3aed4a570d381262c326406133fc38052769bb97ec1

SHA512
52199e4d9802e495e0d6ff96b285548ab9242aab6488d22cc09deacad7da80abe6fa61e1a2f1e94200910482f93f341d9763261fcdb17d3488f64d54490d9ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
0a30c11b6358193971958009980cf5e2

SHA1
94e5bbbbc571d4eb9ebc495d7edace64ce88e6a6

SHA256
0adddd3304d3b66fac410b62f27f9af7bfb561305a46b45844ea393d48edb778

SHA512
e02abebd1c95fdf36c04e244689651bdb11ce1420b370516ddc603642be1637ed3da5c02ffb1e3e4ee6f93a060aa7efd9ecd9a81e445da61c57341c069d79761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ba0591d15ba70295a702b4b80700ebe5

SHA1
1aadbdb254712482b71d57c9042071c5e30b84f7

SHA256
62b04c052688467a4137b1582ecfc8b0be1848ffbd02f9152a36656624f6c6d8

SHA512
ef75eea92abb003c2d0fb38036955579229cb801da35102718ac9f2b23a0292b496e1ae6e07f86310c6ff877fb70e5bc3e638145b8cebf84677e6c913a013995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1c7abc1b67cd98da5b488a20162adeb3

SHA1
168b13e6df2d6a55a0265037197e88b7cbc13330

SHA256
faee58fa1d2ab603a5e4203433fedce844cb588cddb4e9028622624ead7225c6

SHA512
f578d8f5c14c2bc38499d1ae6f08d0be53ea61aadee74c982f4c5de2b28d52dc8a0a6c667a0925eab4254315f6223e454a3e1035fc464096a08d5ac47b4d6926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b19f503439b0391b2748e4d112a69131

SHA1
463b43a435181acbb2373ea81919a5bbf3115370

SHA256
b05ca635f777e7493e1ade8e1f585d940d1171eb148a3d5cef75e829ea21a51c

SHA512
4f4cc4d2683e3ffee3c384118f2dcc79796752d87125103d5135c05aedeb1d196916658e0ce1acc25fdae68ea9c339eb8e76dab9888b04119b6958d9905940b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
65ee677bb79bd5f4eab7744224701f87

SHA1
1f6e3ca73164b11df3971d79c3081b69b61d6b81

SHA256
0be665d7f2544466e78d725be6487cc36a241c292a87c33576549026918a8bf0

SHA512
f98d98bd528b5083aad49ed7e0b7a0e422d089fcb9ea59775ec7ba0788150ee4e09e66cc364e78c54d0628675b15a4ff66b84a7a99dc45aeb52152a487a0df56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f22760b4988264813af33dfc4c02604e

SHA1
3485b64648a08c989d5f67d2e443bc80c3e41927

SHA256
9614d70a1580f2756603743e83588ecb67fdcf43b98f00c4eaeaddd719045516

SHA512
cf907e35f0d30707fb5e49c85b89e451ca3252d92a41b152ea4dd837c6437e2cd77f1f7c266836a5e4375950dea545c97877946e38f41d9ef694c6a97836cbbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab65E6.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar66D3.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\Downloads\forge-1.20.1-47.2.1-installer.jar

Filesize
5.6MB

MD5
f69e400691a0ba0a60f9f679fd6d6653

SHA1
3c924b4f5c29d9c829ce92cdcea155a9f35fcce3

SHA256
987027f9aa89e7285a553ee9ad3f08d0e3c202a860011416bf1c669bd750225d

SHA512
59c896862716ea5b4c04479b95585e694b188bca945fd33664c0ad16668d09720abcf93358f3344c6872fbcda0f487cdfa479ee1fe6d448af57e4e976f77f092

Download Submit
C:\Users\Admin\Downloads\forge-1.20.1-47.2.1-installer.jar

Filesize
5.6MB

MD5
f69e400691a0ba0a60f9f679fd6d6653

SHA1
3c924b4f5c29d9c829ce92cdcea155a9f35fcce3

SHA256
987027f9aa89e7285a553ee9ad3f08d0e3c202a860011416bf1c669bd750225d

SHA512
59c896862716ea5b4c04479b95585e694b188bca945fd33664c0ad16668d09720abcf93358f3344c6872fbcda0f487cdfa479ee1fe6d448af57e4e976f77f092

Download Submit
memory/592-820-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/592-828-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/592-829-0x00000000021F0000-0x00000000051F0000-memory.dmp

Filesize
48.0MB

Download
memory/2648-2-0x00000000022F0000-0x00000000052F0000-memory.dmp

Filesize
48.0MB

Download
memory/2648-11-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2648-12-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2648-13-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download