fcc2c9e076d6c1002a0de62352c0cccf51f6a5853f777e2f25ee7305e48ae443

Analysis

max time kernel
150s
max time network
156s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03/06/2024, 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wurst-Client-v7.42-MC1.20.4.jar
Size

1.6MB
MD5

1abf469d3a0184635fc1e7877ce428fa
SHA1

485d36f05835007ba9e3fc29a1e309522e0aa3fb
SHA256

fcc2c9e076d6c1002a0de62352c0cccf51f6a5853f777e2f25ee7305e48ae443
SHA512

d82a12c1c8182dfc38110c432c367f0fd206535a6ad555d3a92e0ba5937fb66a218b8c3f42508a62f8fac93181146b5a020443fb5dac09ea0a27ac06cbb6cec8
SSDEEP

49152:PlxHBivuuIOLa0FGsIjA8dhW5xMp7ZiurjD:txhivupOfBIDaGp7Zig

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3904	icacls.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619189328843097"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
444	chrome.exe
444	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 3904	1744	java.exe	73
PID 1744 wrote to memory of 3904	1744	java.exe	73
PID 4916 wrote to memory of 608	4916	chrome.exe	78
PID 4916 wrote to memory of 608	4916	chrome.exe	78
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1668	4916	chrome.exe	80
PID 4916 wrote to memory of 1644	4916	chrome.exe	81
PID 4916 wrote to memory of 1644	4916	chrome.exe	81
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82
PID 4916 wrote to memory of 328	4916	chrome.exe	82

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Wurst-Client-v7.42-MC1.20.4.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc1c949758,0x7ffc1c949768,0x7ffc1c949778
  2⤵
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:2
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:8
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:1
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3164
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff782fb7688,0x7ff782fb7698,0x7ff782fb76a8
    3⤵
    PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4576 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5052 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4952 --field-trial-handle=1828,i,17456728345766001349,4342658396746622262,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:444

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
d7d8b92a1992c3e885be5fd8aa4130fd

SHA1
7acac9b88780b6635da6041957546d50a241464e

SHA256
33b02b5bce676bbbd1a3167faf6a84c0069b707a88a9bcb00e781093495682e3

SHA512
ef22f512b63230d76cca68e8a828333d60d039938eeb361686b9bb6faffdea651b987f721b7cee6429074fef15bf969c65b4684f46ac69f91ce6e2b7c6e7c4db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b1479a2f3ed96b09f95ad4bee390edf2

SHA1
4561ca86b438faf7aed9e02f6b9c44d3869d7002

SHA256
7e7084c45c520bb4460c2020cb2b5f170e5c03666d7cc5b453190a8042bce5b0

SHA512
99575b803192a21292a923e236e200c289684329517453bb435a242f94cfe54c872a7c5159202c0b3403d9c209e9a1326236bf89d583ac66c9dcdb30a61b368f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
512c978725f65263482ceeb7ef3e55d4

SHA1
c25e0a0435f9dce7b1b083a5630e628bef203e05

SHA256
698db337a1e7936b6f6dfb29b478ecda9eadf97527abc772479d30bf46c92d59

SHA512
e66397115bbe7c9a0ec044f64c8402310fde097df3e8d13cfbfc121258e48ef9c35b9016abcb8386ee9945e1bbf32ff4f8c9ea0fa7161ff65e826254af53ae21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b22a65d0801b37f3f4e2358b83523712

SHA1
a4449ff524c9b98f5eb85fc11b42a6d6c70c9ebf

SHA256
a4153a865d896b844e7ab13360de79ce6e5f8f9c977d694885b3e112d2b0d749

SHA512
4e899b8170e5dee2832b91b29c61ca91fd7322827110004c0b100c6f7f888bada37beae63375092ed77cdc57b18f6ef2d4bb1b7298aee3403ab41d609ed6c11e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fcd8abbbdfb34ab45f8d71b965544069

SHA1
14f8af9a1cca4e54bbdade6bfd8e9e7fa67efdb8

SHA256
fa9e67f299ecee72ba10ba33a7d8f8d530129d5422b1be50428796a78bf0a161

SHA512
3cee22756673be608308ac5b8f0f7d777f13b36bcac8108f21a2df2d02b1c499b9bdee59a253d01a2f7dc44a5adc38bac8676320c3ff2909ca80eca21ba4880a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1065536eb8b8df935739a7cbd1f2b971

SHA1
b055e52af7bf8ab92088c38f3c90da388852d367

SHA256
4c985ff852d1b7d447dfd488369359aed3fc372b2835510bf6811885308a74ed

SHA512
87e4560f1a522ff676cab7ac3da7df26d2b26213bf591b10f1131df3a9b8e5e90b02c9731482746022298489c9f8e4c653f15efe9f01a1994c79014e4175cbf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1fe2fe63f7d68bd2dfda12296dcc6c5b

SHA1
cc4c8ba1559c1f1a695f841c73de4783a3dff26f

SHA256
381c61b7d7d99c795f51a20ab014ab5d706dad843dc35a4c4d7e021217cbdf16

SHA512
75c3dd0147415f85874082a55df30f15792cf1492b51c8eb08189eb58945c22d2bfe1e1566d82d906c3f27a460a265b36fca84e7ebc6634f1c3987199b0724b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
7ba1ac6e44ec66f3874c9f43f2419536

SHA1
12736139e016dcd65fdaf4d4f67df97f44d3c093

SHA256
5e5067a7f89838f2bca454f5351e5dd40eac2ed3e81cc8cb3113398aaa262279

SHA512
888725bf161c7c375284efab79e3c38231a1abfd67811fc064c62fcd777350dfe3f5ae20b9c8ca2862aa31e30b8520053309184085c0c55433f7fb9075007385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d04bb407343574515b2b2c3c8610eaa5

SHA1
58a222adc982c63ca4589fb362bdb39af809f002

SHA256
e6a766bae81022ca9ca991318f6d1c123cc8f5e0b2f3bbdec69714ae382700d3

SHA512
cdc92a016f503c3c0cda2baefcb16e5beff4f81f66278d693d1a3330d13c828020e00d03a0fe6d5fa878bd54f7b835d11e979777361f083e20528dabcbf508fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
86d8bf88f967bc69f9622d1ff4f963fa

SHA1
b2c320c39b43c003d3445f779a1aec8659d412c5

SHA256
50b2c0d2a67b0f060654caaa6e838a00b8717a0d096a89bd1f2f1a42ba4657b5

SHA512
9141ddc982a9a91f5520d81dfa121ad73b79fb7e8d2f1d98a7aee452c976afee1f1065bb304cdc6ef1f7a3ee445bbdbbbd93e2a3f318ae33644d8467fdb8d4f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
69a58ee137fda7291703c370529fb1e3

SHA1
940e0c8bc19e5c4e38ff70377972f8364eaf5397

SHA256
ea2023f01c748a3a11c6a57ed3a4f938a1f00b61e06b0f3679506399eb2080f1

SHA512
a8c916523255efea744a435e7a7846547fe8a778031da8aa2efb04baa2f6d95dc0566895151f52d49f78e8d86a6351d1ef452e574ec7770134f12fc4ab2798f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
97f0c5e4a3aaee74f0caa6d0d284b5b4

SHA1
f415f87dce2953cf8912eafe28269759b3c79bf8

SHA256
2642449d0e3b7dc6853c436414f8d33c2d0735ea8c428e144d848df489e79948

SHA512
4cf991ddc6a1ed9a36901bee769f18b26701d4101f14aa945cb60087353c340382d90da312c5d971fe33a7098a9b349123defc582fa43727c5dfa65d4a93b8d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
acd8a8aeb0472f012eb59feac28e2b0d

SHA1
5ea6f9daa5b9b2172764dae79cfd9d8f2c4a151a

SHA256
77a9278f275731b49e778789dd44e98ab9c07310e16717cefe8e5a5f96da6c96

SHA512
1b3d7cab8c9ed2d32e55523e003912f64e655ee3b9092bffe653ec3f3d7b7a2ce97d9731409a83fe1e710a27271e3b2c865ba9defac3baaeed5d87f2be00eaf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bb174835820c191e3a0b83310798da7e

SHA1
5087f90a69f3b1e3e95e46686d4b6a0fbf64e103

SHA256
418f2b7be96afd34be21701ed58f3702521f603c4a8e1ec515929c5eb54f754b

SHA512
c86c5a7a566e54b6b0689d0c4d56afd4de07f5a4706513287c045f55a4d9670af6dc165f7556991ed95b2cbb4dc3919dc644f22052f145fba6212e8d00c47e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6d3878f7d1c88789920253f8b99899ff

SHA1
6b0d8141090e54cd103d8e1f3fadb049eced8929

SHA256
63ead13f9e0e64b3d8e23f3440d7910b2b7e5c100b95c9f8d5d9721d3eb16dd5

SHA512
a86bca02d39ea004a66dd0bc1ca24c6338350f21e5c9df923a1fa0f89cf54d9dd716c4de96731d7e9d94dca0b400ab497d3a879d5b68f3007c87a50cb9863aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4aa70c06e1cbae389a1ba3d761b2af77

SHA1
6fc9acb974491bbf4d900cddd1c6b2a226375e2a

SHA256
129fe5a46c51706bde29f44760de7415eef8d464072268263a2c6bb8bd9a2d12

SHA512
67cd6f32f956d1a43b1bad1fc594d066af9a53d85bee209dfd16e80c6d8f253976806d79beb69e369fd3f5d6376dd73665c544814f5f8cf79ca6a3ee6b4e73b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2f094556d4bcf25eb23a430d10dfb413

SHA1
aff9fe36db7e6121f726bb0afad965c877a87de3

SHA256
8227a3431898601c763573b07bbea16e436dfcbc6779fee8e1770175987adb95

SHA512
6c4c496d14780b9e5d037178c9fa44c938d2afa7ff2a067a536d380299d247e25675c5c4a71ec13fc6dff8bda8428e0c917aed0edfa4ff1d9815859ab2128145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d0fdfc31d7009f279ab6924882d5089

SHA1
16fcd9983ede4efb6a746d3b70ef5bd9dde81ac5

SHA256
6c7082a99a1bafa2418e5f1b02b4bbedcdbd83743d87aa45c3bd4139610adc95

SHA512
8a6195fda8470fc209686866f1c9eb5a2549894c1f14c3b2776b37aeea3caed7540645a06ac531dcb90ee551bd2f32f3f777bf5b0de3f46cd93a5002183a1fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a5c200d67a881c65ebe6cc8c9693aa73

SHA1
8166ab7b2f851c9d655faf76d2eae6a3e6c6b21d

SHA256
08dded6d365efacac391a29ebdfb7ea6b09b2429ed55ef3cfcd0256e9f3772bc

SHA512
f13688a67b9109ae18668b3cf70b77464d0b46f6059876ed5e920d1bb1a0021ea7d1932fe382006c37af64a0069cefada25b9e0e4de0b62929e73465831bb9c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
ba3f10bfab20526d8846d067e067ac0f

SHA1
f907a94beb04d24b56448f2872525e757c5aea69

SHA256
47cbdc3d9ecd9b0dbe607bcf34ab531bdefdf550107c739b7264a57629d9464a

SHA512
a276d70f97ab25e74d8c56a2f38433ed8109d076b4d302b1a2fe7bfcd75382adc41649247c36340b61955f3240a3a91d4985a30d4093047aaee417f63eb41913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
055fdd3b9a10d8cbf7081ace321d0908

SHA1
fed094764e688d2bfa3178803bb9e8d98cb53df5

SHA256
ddc34609f3d466d1d4b96d4429e03e2cb276144dfd97ead240eaab7afc1e2a21

SHA512
3892aa15a5d40774ca49609b451e03ce7d459491e3926f8d506b52d9d21c8e4ba0c01645973292b3655e7de6b7cdaf197768fe60c160191d0fefaff66b62dbba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58fc0e.TMP

Filesize
99KB

MD5
11dbaa8c52f76c70febac4d25418ee7b

SHA1
137c66a94ee03cf4c6f757ec578c92f83b12bbc5

SHA256
4d9d5a65607771a458772ce1edff7b5e7a021c227514317140fef66ce3247311

SHA512
486d98adc7144e4fd05eba9eb0f7af64375ef2808d9db61e95c6249104ac17eb749a73134dbbb8cf218e24842f70895dc7f3babb445463cdac0371acaed881ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1744-2-0x000001FD93E30000-0x000001FD940A0000-memory.dmp

Filesize
2.4MB

Download
memory/1744-13-0x000001FD93E30000-0x000001FD940A0000-memory.dmp

Filesize
2.4MB

Download
memory/1744-12-0x000001FD925A0000-0x000001FD925A1000-memory.dmp

Filesize
4KB

Download