c0207a51c8aafebf25ae76732e2bebf76b87b2b9acdfba248cc0a3fc590a4717

Resubmissions

16/04/2024, 08:27

240416-kcnkssdd47 7

16/04/2024, 08:26

240416-kb2q2afb7y 7

Analysis

max time kernel
42s
max time network
48s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/04/2024, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fabric-api-0.83.0+1.20.jar
Size

1.9MB
MD5

9ecba65b9c5ed19a52982bee4a74003e
SHA1

3b0bcacbb175ae6adbbb2af203fce3a37189e494
SHA256

c0207a51c8aafebf25ae76732e2bebf76b87b2b9acdfba248cc0a3fc590a4717
SHA512

b121ee00b13804d6850cdf506f9b216348a76ee8c1998492062d1b3d09f7ee921c89153449fd9d8ad907d1b8efb660a9cf4c540c20dc0ae892e0f567ac6541fe
SSDEEP

49152:4GrmNHnCXfUzyHW6+Ch+RqZTwo7q2tCZAHnBAk3PmSOa:4GqJnVzyHk+bXJDPua

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4076	icacls.exe

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	44.228.224.62

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577296092718850"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 4076	3144	java.exe	73
PID 3144 wrote to memory of 4076	3144	java.exe	73
PID 4636 wrote to memory of 2000	4636	chrome.exe	77
PID 4636 wrote to memory of 2000	4636	chrome.exe	77
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 328	4636	chrome.exe	79
PID 4636 wrote to memory of 196	4636	chrome.exe	80
PID 4636 wrote to memory of 196	4636	chrome.exe	80
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81
PID 4636 wrote to memory of 776	4636	chrome.exe	81

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\fabric-api-0.83.0+1.20.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9b1709758,0x7ff9b1709768,0x7ff9b1709778
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:2
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:8
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5028 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5128 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5188 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1736,i,4073583632208726445,17186742188471476433,131072 /prefetch:8
  2⤵
  PID:892

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
78caeb3679d90490306c22e2b5c33cdb

SHA1
44eb35ffe754761634b97404b4be15935cda5722

SHA256
4e759eda2931ab5a8939676b609aaa6dc5f027d233ccad4a2f7b1f447b1c425b

SHA512
1aa819af4648e6ccdd736d864eda0fff868fef958868fc3fe0287a5b38ebff3bfc3a980b3021744754bd448f53dc58edc3367382b2753b493538e9aa22dc837d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
18KB

MD5
328a8da2d904403b04d142b11ec6786b

SHA1
2b03b9d2f9b8017ab6e5665d71c7e4b8c9683ee9

SHA256
1fbb0a6c4c6f724420c5301b9b5deeb43cd591b20419c89827cef3af647f12aa

SHA512
6822c4ea256e6aeaa25b626d39fb636bf934f583897131fabab29fe7d065f04109f75ea19c28992081c5548e8d5d29fceed8a2e0cfb4b28af864b52606945a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
16d712e67c83d4a1dcb089a6553306ec

SHA1
b7cb28988ad65a917fe60ce144eb50fd8261d437

SHA256
5b987656186481d079b4d8eac9e2238098700ffd2a5f2707c57e992c2c9e58b0

SHA512
2f6afb4255b3fe6455b76ee1284ac4763c09c51bdc6412f8781b4359c9d1668340533dc65409fc01879b9c6748b28fb358db07bee20cc9a43c70784e87d1a625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
617fbebe7a80284a04974ea4c5732bbb

SHA1
9ac4acd549ddb72c4ddff9e49f6c569ca4abfadf

SHA256
67c85cb8ce4b969b523a739c95bdda479c1ef0bc4fc539645ba9499d9694b5be

SHA512
cf20f5ddbbdca5bf02c6f3d771f55b3ad119408ebf18c6d60cd6bf399ae445c55e7800241733d08e3ac2153b2afd72c629c9cd5ad39a3b091b6378c059ac18c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
68a8950255fc1594dec6a51043ed85be

SHA1
465b007561be5344a7bd1f1864b1598d742ac430

SHA256
acddc5d0273b71c5f8bc01889ba1564aa8b5d252c3d34ddd53d59d96a1754f69

SHA512
17943756a0ad4fba8637f1c9af1e82618bcbea882b348203e04e433edd9f9b3482023a4f74d5f6786c75bcfa5c84f9955918706900655e2a8f647ad187a55a54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6cbe875e97f25caea6c0b7f548b8fd35

SHA1
77efcefff762d47877ed213aff811a0ef53bbea5

SHA256
4419292d1ec738f57a01763b0e462eceeaae276415fa3ea4ba068769127dcbb8

SHA512
1423044cbdabcd377eddf5b5d5196424ad6bf698ad49ce90ddb41e52e89e6621ce7d5ea2f000941d73ccd629d7792d2a6025a915352fd6b52dd11eb609fbd822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
388439f01be978c55b01800810f0afe6

SHA1
fe0f09d61da09d0712aab66cc8ed84098aa74229

SHA256
e7ea39cacbe3ae5bcc8d754c05049890dc653129f56b5e4dee4b2d4f4206a703

SHA512
262489c908b3b717254f658bc62e88be933fc77954f6c3b8f08228d694b6791ef3d2e141bb641ce111e3e8229aedd863afd6a70e88f531b6000e089792d89bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9d92ff02bb85c045ae932d052a33a5de

SHA1
1955ed471bb012c56b89e3ec813cbe6a4c52be06

SHA256
45a66fc40e46464d68ff3e9e1e226583cdc5d584003617880c4dcdf94d468d73

SHA512
d79c3e7b89464eb6df250c0a734cf172bd5962bedc089e3546d09cce1b295c46d7ea35946daeb41787d05030a84390156f8c036ee81bd9aa54d83ddec35a7f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
e37407fa1b21e79100a39d7f76d5f925

SHA1
3803802e083c19b4040af07da050167955358847

SHA256
0e882cb42693f88aab437e26848a96e92219d0922122c7d2b243654a8313cceb

SHA512
ef336853cc7c72a5410338d645a804241cf6ad0ef9c1277e1e398994a9e1b86b5d69fdee4e61129bdb1ee7a8fe04e6482ebba97c91166f8b4c648acbdf016672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
ce3fdaaaea92b60dbbb69c59a0476169

SHA1
3841685b8fa2957eec82f2dedb4fe4c4aea2440a

SHA256
1b8681861df6e1d5780c307b7709583ddc195b27d00eb941567fb3ae463fa748

SHA512
2d64c4ac0333f12f2a57415fa50c7f93be77acbdcb9ed7cd501789fca83da9c64a1a0b11e30fc045cc717d3d63360fa8a0f0eb5080d43aa44714ba51584284eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
fbb9724b0aa11dd3a7470467983536ed

SHA1
0eb5ecbfe072ec282630a11ef9011ebb4a5a8c46

SHA256
77add6c91ac9e8fe69222eb3c64ae112cee51799d2dfaf24e5062e7c429c3c3d

SHA512
b1b2959cbb21b1947bb7eb41e5597b94fde29e27cc773749ea9a2a5aa153d4c9605b7d7ff358511f61ec72ef22904ebf28e81f7866bf82e0ba12897073d6c304

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582e5e.TMP

Filesize
97KB

MD5
aa0edae31c6ff7030bc235f3445eaaef

SHA1
59f07400aefc7979b03f4bac47bf8961e56ee386

SHA256
c7ee7e167d7e3bfd8eed8b7d08283a9b16fb3b1306409420ec9003f5b3dbbff1

SHA512
2bd5cf981eff83d160d0ba6339dc347f9b2d09b7429cae1a6059efa9240a29d3bba87d0dae3820a96942272b9f09ad752881412016945f89171a9132196f778b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3144-4-0x000001D7D7ED0000-0x000001D7D8ED0000-memory.dmp

Filesize
16.0MB

Download
memory/3144-11-0x000001D7D66E0000-0x000001D7D66E1000-memory.dmp

Filesize
4KB

Download