hxxps://web[.]archive[.]org/web/20191103023406/hxxp://assets[.]minecraft[.]net/1_9-pre4/minecraft[.]jar

Resubmissions

02/06/2024, 23:22

240602-3cqz2aca56 8

02/06/2024, 23:17

240602-295zsaaf8y 7

Analysis

max time kernel
198s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://web.archive.org/web/20191103023406/http://assets.minecraft.net/1_9-pre4/minecraft.jar

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
6100	icacls.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618439067665694"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
5580	chrome.exe
5580	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5124	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 2180	924	chrome.exe	90
PID 924 wrote to memory of 2180	924	chrome.exe	90
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 4452	924	chrome.exe	91
PID 924 wrote to memory of 3224	924	chrome.exe	92
PID 924 wrote to memory of 3224	924	chrome.exe	92
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93
PID 924 wrote to memory of 4968	924	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://web.archive.org/web/20191103023406/http://assets.minecraft.net/1_9-pre4/minecraft.jar
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff530aab58,0x7fff530aab68,0x7fff530aab78
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:8
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:8
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\minecraft (1).jar"
  2⤵
  PID:5888
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4312 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 --field-trial-handle=1972,i,18269726377147729724,15206829263673516665,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5580

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4192,i,14221647728265121051,6840906015709541562,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:8
1⤵
PID:2960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2728

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\minecraft (1).jar"
1⤵
PID:5520

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\minecraft (1).jar"
1⤵
PID:6056

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\minecraft (1).jar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
435811de5c18744a8dbd70d1f013cd90

SHA1
a35efe314069705f75da3c9abcc96769972a165c

SHA256
cc03be155ca724a85a4ec6672e419c8d5fa29eb3a588fd787694077f085f73f8

SHA512
2bf9c57207d12c21c989547236c52765900cef33bf34816605b541ea2ccc85ae3c9d91ba2691a6c574002718a2294d823ecbe47aacd4817d195fe3d7b039def9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a2162ae74dff32132b7c1d0df76b233d

SHA1
51864ace29e8d63e024adef3071f837e33f82e29

SHA256
b0425df7334f566d57ae9715e27b9f807df73f8d4674b39457d3549a686b89e2

SHA512
a27e89789a4d24198d58d6a547a3c785edf737aefaa08b059f71d6c83c442845e26ea6b3d968486968ae3213c4f558d7b1dddd838c49167b1da020dae6ca06fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7c98f3ac704e4118bbb6fa224fd67ccd

SHA1
38f4d7861ce8f7bc8db44f372eaa07ffa68289c5

SHA256
0448ab0fb58a8c88c27192f9ae2d8db7922a740f4bd7abd67913a17ffccb93fc

SHA512
3a00fc232f5c668ed589998c7cd207b07ad9bbbb917647820f77d792ee224aabfd91316a43cfbd583402991f20a3b3df35460ffdb9eae9cdd597bd0f84ed9b0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
831324dc5be7e3635772bb7f2b7aa4bf

SHA1
d1b73869c8651500cfdbecd770b82393eef1966e

SHA256
38eb555e072d84bdbc8aba5ec816a887e8446262c0500d3c1615fb325f14e310

SHA512
163cac43541e9af345f79e702701f6f85f58e020f75da049ee62829043f16f95fd3feda168164d0995b65c93196fdf3125d9ac9d1e1954c7a13eb571a7b090f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
4b23e2abda4efdb11f95b4e19f93aa6a

SHA1
676df3404e2759a13bd0bdbc3cea64e93c3d99c8

SHA256
bf3f3902e4789b997097de70a71c683aa10455a1976419ab77cb674fb910e8b3

SHA512
15a701e1fa74e510ceeae2a550ee875f8d00b56d9fe3516eee8aeafbcb70ef51949bb4aa880e5566012b97ea8176da52b5a34b4961d558f4b35c8cfd1e1e1940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
71d3eeeaf53387fb9fe427b6f0dd1d74

SHA1
4eee05db8c4fc7a37a7fad222c8d31cb24902221

SHA256
5a6a80d3e5c1dd2e723790e6a114f9277cca6191164dfa78455d55b0bf0fbd6d

SHA512
4ee6fc8ece8c165438ab16bcad939f702ee12ed782fc65f0468a71a63d1de67a5be1f3e39d47b1327567ae2725572ee6cc835850e2a8e35474ba497ec8fca95e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
789cf3bfe0f4eabfbca415fcd6e82566

SHA1
713f759c9338e057e9b21e7bddc4bff7e1343352

SHA256
ed19999d3e3bce4b0d9fd4e6aebe062797656e2e0fbefbf22af318ba62d4d670

SHA512
3fe2d4af009459724a2d9b351b979f37933131992bbb260c7e2e28aa095bfdb6e2a1ed52a8ac8c4ef2fbc9a1d2421d8adc331dd808fc4bc56f0a3430f431c653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
82494196dd27fe005c0dd3368713722f

SHA1
68df9ab35c4cbf73e80c7a2021a138c94d5f7735

SHA256
4c12715f851adbdd0275ca3a9a95e52e410ddf00841a942540621a931ff09906

SHA512
07239c4a8316901bed18342fe280501e7dbb78b37d5ec25a207bccd20ae81568e0555f892260efdd80dbe195425c64b354de51cced48f42b39ab111eae548956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
cb74a34e01d8001ce734c6228727fe2e

SHA1
8097f1cb219304a39e5173c699f2757fc9616e11

SHA256
1dfcc53e678383ff78941376bf51fbd1e68dd78e5cc7057dd5f36c7f52b9b8f7

SHA512
a5c0618224bfdced5c7006d3c17843c7ba33c88dc35070fc9406894ea7f5d24b23fce1882e3076f5053495063d6d7d84c75df4a7b59334d94e1d6c02d7622d15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
0811fe85ecfcc699b7402b1f3853d479

SHA1
49022f510055108842eafd16ceddbd3b382f8256

SHA256
2f06c04006cdd00cb4c3d7045e3d22674313be71b3605df6a5ef4d86c636a2cb

SHA512
49b00d699d2bc8c4a67e51dfca833939d57eb7f8de0250775354469bc1d5819b4dba8782c9663b180b9d8f65cb6f9012bcdcd7087e6a5b073ae4812b5cc6b447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
1c0a4eab5d719bc64bdea8a06e8a78a6

SHA1
c17ab002341035d8aa3930a0f62620f99be3bacc

SHA256
eeea2a735c6811fd5b52f73479696671be2f951c6496d5c4c170578ab8f40db7

SHA512
b854bcbf79f5ac698eb51883b90d9ffbd013e32eb175f31aee28be6d7a53b3816ed53f13ac11ddb806ae516d9d619b5074f59d111b0b7e39528f37c7f6099cff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
ffbac360080906403395614d6e365ad1

SHA1
ae9bbdd7f3bf2f875e3387226fb6cc4eac2cc076

SHA256
85aba940da4d005cfc578e993e8816f5a4bce9366f4743a4dd77853e4a1e1066

SHA512
6470ec7f87388fe9b49a62c912b33153563cdecbf56d1d436924abc943265ea2869256f2f6233fbbca77464bfeba7100e0c6110a54c3872a8717b513f84d68c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589ebc.TMP

Filesize
94KB

MD5
b3b15f2b06aac470638d701771e855b4

SHA1
17af3ed9e937a155c80e3e57b3e82eb19c07f625

SHA256
94a454d15a3d10b724c5663630807f462571fe51d165f1f5df6f3dfb5ca3da57

SHA512
5f9a0611aac633fd8259403899d337191e7ecde031304e569525049cd5d0a32b1fdb194cc8bfa58a23535fc7c79ef92ecbcb42a6fe96dc740054d8f3624c7dfc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 651939.crdownload

Filesize
1.0MB

MD5
05137ea53f8a01e54d307651015edfe3

SHA1
82380054393b9952967307d0bfea10abcbcdc3b2

SHA256
5ffcc7f427022c7f82459402d0f8e01a4d1ce8dea3051d9bc6f3824bc74cd0d7

SHA512
82bb386b2b26d6349324db45034ac7194fb3404fa1727ac5a6dcf22336bda09bdfbc3a721b38df0100450154a36ec44d086c25d0bd6a3ac9c374259a7747a4d1

Download Submit
C:\Users\Admin\Downloads\minecraft (1).jar

Filesize
2.0MB

MD5
cae41f3746d3c4c440b2d63a403770e7

SHA1
5c4831d9705f2e00e3cd993e89b822636492932a

SHA256
e31f1cc8a5ed521cf5058e121c16512e3b7f9ca80b2d8a10a5d8c1d8f2168222

SHA512
03f14c54990872aeb59fd5d399fa9b32510c14ebd1f57597c1d6d1de3c688f372653f8529453ed22675af2f6fd2c3e3a5aa3365d94449d668de33c211e2c44ad

Download Submit
memory/5520-161-0x0000016065540000-0x0000016065541000-memory.dmp

Filesize
4KB

Download
memory/5520-152-0x0000016066D20000-0x0000016066F90000-memory.dmp

Filesize
2.4MB

Download
memory/5520-162-0x0000016066D20000-0x0000016066F90000-memory.dmp

Filesize
2.4MB

Download
memory/5888-113-0x0000021199550000-0x00000211997C0000-memory.dmp

Filesize
2.4MB

Download
memory/5888-112-0x0000021197D70000-0x0000021197D71000-memory.dmp

Filesize
4KB

Download
memory/5888-102-0x0000021199550000-0x00000211997C0000-memory.dmp

Filesize
2.4MB

Download
memory/6056-209-0x00000210DD2A0000-0x00000210DD2A1000-memory.dmp

Filesize
4KB

Download