bc2a0f7b161a2d8284df3d603f7f2b22313b246f026ad77511cbd35bcd01caac

Analysis

max time kernel
96s
max time network
180s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 02:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

forge-1.20.1-47.2.0-installer.jar
Size

5.7MB
MD5

1279b07bb259cf51a1c0d02036485565
SHA1

ded43dd18b3a1dd5098b114c28432224d72bd9f7
SHA256

bc2a0f7b161a2d8284df3d603f7f2b22313b246f026ad77511cbd35bcd01caac
SHA512

18a91d06a6865977aa5cfad627a8af47c3a3c3e0f6867a52df1e2b63160cb31827a8db47a42794e2ddfefc183fab797f2f754f326460db91d90944baade0057c
SSDEEP

98304:tdeh4CNcuGIXGMPoGxbz/p6x9fies+YO39p0gY3HMS0udPiKF1ae8JDXnn/gwjVH:tdeLNR3GMAGxbzh6bietDtp0gYXj0udc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2736	chrome.exe
2736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2564	2736	chrome.exe	30
PID 2736 wrote to memory of 2564	2736	chrome.exe	30
PID 2736 wrote to memory of 2564	2736	chrome.exe	30
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 1660	2736	chrome.exe	32
PID 2736 wrote to memory of 876	2736	chrome.exe	33
PID 2736 wrote to memory of 876	2736	chrome.exe	33
PID 2736 wrote to memory of 876	2736	chrome.exe	33
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34
PID 2736 wrote to memory of 1216	2736	chrome.exe	34

C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\forge-1.20.1-47.2.0-installer.jar
1⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6199758,0x7fef6199768,0x7fef6199778
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1324,i,4921544665626037396,18283193806420040396,131072 /prefetch:2
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1324,i,4921544665626037396,18283193806420040396,131072 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 --field-trial-handle=1324,i,4921544665626037396,18283193806420040396,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2332 --field-trial-handle=1324,i,4921544665626037396,18283193806420040396,131072 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1324,i,4921544665626037396,18283193806420040396,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2668 --field-trial-handle=1324,i,4921544665626037396,18283193806420040396,131072 /prefetch:2
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3172 --field-trial-handle=1324,i,4921544665626037396,18283193806420040396,131072 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1324,i,4921544665626037396,18283193806420040396,131072 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3576 --field-trial-handle=1324,i,4921544665626037396,18283193806420040396,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 --field-trial-handle=1324,i,4921544665626037396,18283193806420040396,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3468 --field-trial-handle=1324,i,4921544665626037396,18283193806420040396,131072 /prefetch:1
  2⤵
  PID:2728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
461ec889563acb371a150e5be370d2ed

SHA1
714cf23fac239c223ca195c8ce6aa2944d4d4953

SHA256
a3a2ccb8c3a2bc43b554ac6d67d2039f8388c99eaf29a31ce1570e5521b70fdc

SHA512
48cb62afe874229ba002580a6e6b6a062fd2e514c0dfd00a43f5309ad3583789de2997a61cd1aec77609df5d1ef2d3c505d5c236e607fcebc87c8872ca148a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
27a16a9823258b37ed468e94dc778ed0

SHA1
9b07b442bf1d571441c1e35e41dd30ae57a61f4a

SHA256
705d7b73a2cf2fc25fb05c8e6450d711bf51b4f5e56c226bfbb44cf00c69b3b3

SHA512
be224b16459633296d4d55d0e34a36a83dfd6a3d04b234deb09f7e4cc1227b0249b4ac8b4b79c8a5a8d9c674b872b77f189c4301fa8674168b8c09f9397313bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
73447e9bcce2e3937db07e8b98504bb7

SHA1
c0b2d85e10256d09547946fad3f66795cefe8b21

SHA256
a825fb019158b1009078b3bb23076a7aa20057a7478561e02329fc82c83a2a05

SHA512
1fd3d29dcf3af117330eb015b75d20a557cb240abdc387577f6f14e9e0272a3569260fa68ec5fd7e07b2637747cdf397ebf36339274fa17f189708de5326ac15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
146b26ec30d375b7f6708e13abd8fddd

SHA1
27f811518d16c1804253fa71ebd2941f881454df

SHA256
9941796482f83009bc86a14ed424b7bbc474ecb7942aa93a7e2d26089c375b94

SHA512
6e4f3e295f035ad5443fd2d83a6dbe1f26f61736b033cffa2eca1c271d8ab60ffbe7c4dc2ccb67eda0072abcd0bbef61acb808160b0c65c137c578fef286e608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
03b3bbf91ea1c2eedb18a965e7040f6b

SHA1
168dcf6cfd512fdd44e984844a99cfb8c881bbe8

SHA256
aa3a867d7be20f7f39e25f0cee9aee0468b71d9109ccf97fd9ae2bb6dfb04b4d

SHA512
672a284269c92cf0a631828ec80cb17434586f5c0afb28e9120a130ba43e16a0107522c67d0fd2d7515d2633d6f2fcd3d780a68faa3d8028f1e9aa21ac0e2a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
memory/1836-9-0x0000000002700000-0x0000000005700000-memory.dmp

Filesize
48.0MB

Download
memory/1836-11-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download