457d62cdc267486cc5abca9fb5f8c1a66fe280830853dba0e96d853de270c571

Resubmissions

02/02/2025, 16:44

250202-t8tlcsslfm 8

02/02/2025, 08:43

01/02/2025, 19:11

01/02/2025, 19:11

01/02/2025, 19:09

01/02/2025, 19:02

01/02/2025, 18:52

01/02/2025, 18:49

Analysis

max time kernel
135s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2025, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

the_watching_nightmare_updated-Reborn-1.19.4 edition.jar
Size

12.7MB
MD5

a718c31344afb79ab44968939d06e8b7
SHA1

dc7ea8bc0398e224c8a7cc13989289071483ab10
SHA256

457d62cdc267486cc5abca9fb5f8c1a66fe280830853dba0e96d853de270c571
SHA512

91e794b814f496ec3b27e30ab38ae2517f024548bc554e3ba607489cefc0823e30fa9ccde0f180dd772668117737fa5a957a0b0503d04edf8c76755a8e7c29ae
SSDEEP

196608:UCpW79MRAwoS6RnRbyMHLXlz6pJ21/bM51ux44+J9ZJi44+pVtSxjXaOzP2O:dpWZMmr2T21DM5184zRJdAxjaA2O

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133829094388742689"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1864	chrome.exe
1864	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: 33	3560	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3560	AUDIODG.EXE
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 4112	1864	chrome.exe	90
PID 1864 wrote to memory of 4112	1864	chrome.exe	90
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 4696	1864	chrome.exe	91
PID 1864 wrote to memory of 436	1864	chrome.exe	92
PID 1864 wrote to memory of 436	1864	chrome.exe	92
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93
PID 1864 wrote to memory of 3904	1864	chrome.exe	93

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\the_watching_nightmare_updated-Reborn-1.19.4 edition.jar"
1⤵
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x124,0x128,0x12c,0xf4,0x130,0x7ff929c0cc40,0x7ff929c0cc4c,0x7ff929c0cc58
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,8601347579993197980,3939079537622565772,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,8601347579993197980,3939079537622565772,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,8601347579993197980,3939079537622565772,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,8601347579993197980,3939079537622565772,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,8601347579993197980,3939079537622565772,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,8601347579993197980,3939079537622565772,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,8601347579993197980,3939079537622565772,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,8601347579993197980,3939079537622565772,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4592,i,8601347579993197980,3939079537622565772,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5116,i,8601347579993197980,3939079537622565772,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5188,i,8601347579993197980,3939079537622565772,262144 --variations-seed-version=20250128-180236.310000 --mojo-platform-channel-handle=1116 /prefetch:1
  2⤵
  PID:3864

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
41KB

MD5
7978a9e6312aeef2fb75a5184b971312

SHA1
312d46ef07ed60cb3c48cd586a5189d4a7cb030d

SHA256
bbb5da7e7ba55a3059a77cdbad6147129d94d7ad45fd15f10ebea2bc4537f649

SHA512
e738bbf00a4218607c1d13aa06792bb3245fa7999a844cfdb251caeefe0c2df0be42b9bc2aa8497927161fcee6593d9e9f9d69cd02ca9b213350223c78ae5e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
756a7cb61f2bd83d22a27e134e3e98d8

SHA1
8a405c4f491fd9786a90818772724038d833e266

SHA256
7410eb771cb79ad3fbf1d89eb7dbd20b4c4805e50b5966269e80bc5d1ba0e091

SHA512
a6ce218583d48154f387b3d2eb7fab3a1c1ed558d119225531d5960b58b44363286b049ec19a1dba5a36faac3460a8219e79332252f585354653db7c82c90df5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
adf6a8f4dcc54b6b9f56b656c23a24d3

SHA1
88fa023b7d9e27d89b9d233b627d7dafce5075e3

SHA256
8eb065b7e61c81192d3aa4e6b6f5c246bac7b55d5cbcfdc3e7d5d599e5e3b1e2

SHA512
4cb334472480043c086345b877699fc0844e3678a29d99d251240735b4a2714ac94a5f192f3a00b26d9bc378d6dd589f899d6c1c77a9cc7f20b24ea2e27bfa25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
e67815a3348c8b9e7ac914855e55cd2d

SHA1
ffa32e515ef01b09f4bfd84c725a6ac52f1309fd

SHA256
e3a222a936cbe5ed9bb55b9b5f587da785573d3f72906a6d4aa68b1d4ce6e199

SHA512
fddf52348da1e41fecd2d2fb0d70e44ad39b63b2e22b6557167e884f28406c07ddbe1d05735b82394e5060d462891a2aa7c937d2cc6d0b5637eab5d8b3212353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e380b27ea7ca21ec7ad0056a9e8decf3

SHA1
4a36fb4947534cc126f763780a60ae0b7df119d1

SHA256
dbd770f0dfda7c56ca07f98acb12f4b49a91290fdc4963848294c0ba6cc4e8f3

SHA512
00998769e44567f9acbcbc4c9887af7a6a06106a7524d841cd27635f874e0f940a64c839a7fdfa2f789d5437c743b14a75af3e4218f9f56abdb2ae6522f5f373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
904738c781a46b78c6c9ebc090a6e640

SHA1
8ccc80fbb714c690b10b8572bbdd24bf41084c8f

SHA256
a92e03b652c3b5f4b7baa674abcc2256e6278bc8ab8c7aa12e42289f66fe22ff

SHA512
4a5c2932b6914baef6e376e163653752a0a1608962e61cf10b719fec58e0f2103db6062d9a0869c70793220392cdcffca649a7401ee6afff5f55755c2aa1f4e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
531d4b5eb7e8743b640b8a987585efdc

SHA1
ac9f26a5db9dc0f1b0e10a67ffef25471e3b7058

SHA256
35af5f9f31e11ca9ff2fef13a269e0e367231a3c9483b579bf34f6853c1c4928

SHA512
c32e6f92ffb3b3675efa55f29ee9a61e341c30927aba065bfec5e880db86198d814cfa3bd386eac5f34529c40c9ba3cf38b0757c064c84f1bea23945275e4a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
d304673b4a7ac7d9d577bd0f012e91e2

SHA1
7874a137679ba64242125738a544ebf6ab3b6c42

SHA256
6bd26317894641e24165d3eb613e9874395bd72d885c17db3342020808bbd648

SHA512
e70a2ae2f2d0a2d88b5f3302a4df2d4c09cfa3af9c8dac3cc6ed8f9b6d593e596a37aa1a175b6f0d314c690997c44acfe997e192e2287ff9732bd7b107a7d413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ec8f390509aeeec92e3b8e099657475d

SHA1
61b2bcfb720b42f0ff79347ed7a057fec75d89c2

SHA256
0587e3f272944283621f365fcb639f9f75b9557b630d137a64847d1b58b0b380

SHA512
e2814e93550ec9b268cc7c2704679669f9b067b35c4d4330922e33fa2518f82de6fa93b16ca61d3347b211be5b708a283feb04a8d7df59ea615bb31b92dacb7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
9e60e828478a085bcccf8d5e56d135f2

SHA1
b750125a5e0da1b580483dc68c2fdbe6c07f49c7

SHA256
d551a87e6e31ed7d70a3c28d5c8e49ac6fef64a3bc8cde5eeb0595cd8abdaec4

SHA512
7e23792fe6fef3d2e6f3f5348d0cb69d13b95cd3e5803cc6285396e2792aa1497e6d43299c2b63328a94a460fba2128c2c8469236acb3987674a87d0ce8539aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b54d4ad66c24fc4bfb31af4c6fed72bd

SHA1
95bf6075ea0b34d5cd05cc4037fb69616ac01127

SHA256
c13538b2aece523dca0857c521146039b2c39612f40aaa5c18ea5b413702b995

SHA512
ceb60d65cc43e356be66228e983eae8c7c4b8b05f3cfe74e4b38a78993cf79da7764b772584f38e543381a17ff58ff582931fafd99f1a985082d9c2902e31909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc70d582127c8091002481e9ccd88981

SHA1
f17d35f2849447951b04eb893da7eb3f1f429100

SHA256
e200b123a89cc4e6044751da6aea406223fbc7d0364cf0e0eadfd02dcb89f6e3

SHA512
b96f81124120557385a3418125f8fef0ba1e572a28293e74c4cf2b5fd5ec347403424954fb03eb9b9c6ebef78eefa111329e2ec3ea44af118759af0797dcf699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
405f21061ab172e983f5648be4fed82f

SHA1
833765eb6d07502dd63857b360e1f226ab790066

SHA256
1dc8954143efbec4c4f094196c84070e7e93a492937080b2fa83ec70e2831087

SHA512
4c53853e537bf19661fbf18d1eae302ace5a63a747aa1252e4263e377c85ae3c2f292bc3739802c87fc09ea91d4b12f66027bccb9fd6f46a11d1074c46e3b17f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
853386470ecf5c7e64dda9b0c58475fe

SHA1
41d952209895cc4e036ccfcb7645e29b947d4fb8

SHA256
dbc4ff8000db63383b595171134034f8fd4578b2f0b2c05b4f8afb8320a46913

SHA512
e455589a7602ace4cec3dc2948636bfdebcf3d98f092898ad9917a2363851f7cf2e0959b8512318f0828224d51382bb503c85db97f1c63bba05b3b40781d1528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ffecf29fdcd353091b06fe7050cd2273

SHA1
d4b561162773802362d969dbb11e878b1ec23ad8

SHA256
b6d32c5b94b3ae580e6eeca8dd5b44290f59ef81cece2a574d8d7ef80cc0172d

SHA512
3a8811fa6070aaae8d8a84983cd03e3552d8e7601262fad998a647261fb5d366b0c083dffb74c53336b7a6b6b6fc4907995e9a47a6271cf692ef00110f2e7527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2644eaac79ea9a6c0e9e2dc83732d51

SHA1
47ce883fb647f60b4f7e428fb0ef7a66cfc5d6bf

SHA256
8ffc2f728786e3d7f5dcb0a002f97a8da4e367dc420f13752ea1b8b689224a9b

SHA512
18ad05ca7d2ce6fc71408f616c0930d9349bdc36f5e209f11f9f7a76ab3ef7a1f7dffba02c2d39d98be80ffb7ca21b4541ad40fa9b33bf2dcf90d4c8b15b7cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4379adf8e1730bb90de7c0b10e4ce0a

SHA1
204c8c3a83611e555e31aeb8e3404f295b61931e

SHA256
cd735129d2a11463f45c552f54cbb87301824ae3d8ee2d3dd8d84cbc529cb8b8

SHA512
7a5e5626a912a54ed5293e484fa24835c9c22c052d40a35e34a34f193f011596c754494904443cbe052d64a5da89c3a163666bce0b629428bf1fa8226fbeacee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce63b0d65aa766e6e3d1ad8ad53ca939

SHA1
94367db9af0a8034201a7dd445f1a5442e23d5ad

SHA256
08e8dd0b3b391aa9ad16057e2e47ac111bd8bbc0eaf8f6140b7816177e0fcfb5

SHA512
8f1a4f1c51c9dbf62e8b2ab78190d11e89c58a0c990332ca50fcf3b4208d57222687d280b5f8b944bc8a96da1101672c355b8244bbefd278676eab6b262159ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6f9ef4d0812e0511580501538ee41414

SHA1
e5ce74c5a273c9ab2f29477f880e2fb5b96a43e7

SHA256
4d01709ccfb8401dfa0c8b34e42e1119ffc87d653cf14060a94e3486992ab907

SHA512
78e671def68f031326b97aa389b92023da803fb5806edb3c65603ade5a4930760676614ec0c9419ded89fad4d8ff0095fae38a44bd39c4a7925212af789f41b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
d27ae9d6b6bde857f9581d94177ff4c1

SHA1
9facb255ca6d86374ef280e5162b674d2177ddcc

SHA256
8c0844afef21d4e143466fb571909052f75023ca6832816b206a50b9ce0d9530

SHA512
8d2913343ead5489a9d6517eae7b4f33e17b26abafba8dda4354beaa73bfc786b94f6d2b79fbfd8bf1d4d8f11234a0f77794945223afa264818dd8c882f35261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
7c1edd9d3fb116d419bada4ec7f37da3

SHA1
11436978e74ce9e8e07854121498a9ed747c75a4

SHA256
11d90df8f2631a52ae72c6e7c9a000fd36542eae0ad3b5735cc7586e9873772d

SHA512
488cccc2be9b6d7c4d3fbf6546c538c3faa862ebeb7332fe5c3a89c8e51b366709f4ef794d77c3aa8855f0c89b46e26758dbeee16691de6de63070238e379769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
685f7ad8751288e5e44e2d0eb108a218

SHA1
f071ce96fcb18ec0f81940dd694a4edbae758961

SHA256
d682088eec9c2f70b189e571d485f53cf262f7360d0af7eafbd8b2203a0fc3f1

SHA512
d5830359f912293d3a91774e60c4be3abd16bee22430acbd0f55821463e142a98933db2cd712f7cb9899eeae2fda92705e722ca2216f4d456dd1c9679167a192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
243KB

MD5
a3ebb136b661499ff780b53c19c4d468

SHA1
2c39a20948ba0f785ecc5696c9d4f5b4bf4c8e7d

SHA256
d6b78eb393c205416628ea670ac84d078af8c74a100d0343a7da9db7f42c1862

SHA512
1b83f128935d63343cfc5f19da70d77afa87f9892d9bdebec693fd33aedb9d80627aa20dd5963e2ae42fa8485a2e0c50ac8f51ef131a8ebcf335ebacc83b5c47

Download Submit
memory/2288-2-0x000001F22B0E0000-0x000001F22B350000-memory.dmp

Filesize
2.4MB

Download
memory/2288-12-0x000001F22B0E0000-0x000001F22B350000-memory.dmp

Filesize
2.4MB

Download
memory/2288-11-0x000001F229700000-0x000001F229701000-memory.dmp

Filesize
4KB

Download