138ccde38946b10a7cc7678699a4d0fe12af6e2a410083e96f302fc902eeda0f

Resubmissions

08/06/2024, 14:17

240608-rlx9xsdc53 5

08/06/2024, 14:09

240608-rgjwqsdb99 5

Analysis

max time kernel
104s
max time network
99s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08/06/2024, 14:17

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Nový textový dokument.html
Size

2KB
MD5

da52eec1f2b7e9d1550704f0241ca27b
SHA1

6b1f6fcfe5f133e7f5702516586d9076b092cc47
SHA256

138ccde38946b10a7cc7678699a4d0fe12af6e2a410083e96f302fc902eeda0f
SHA512

1565e06fcc9f51354c60af7ec6df6c8f3e0b675996114faaf522d9fd6b17a77777c604b579b33eeaabe7fc522f8f40707aa3460382ebc5ca77a632db056687e8

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\Recovery\ReAgent.xml	bootim.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	bootim.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	bootim.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	bootim.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	bootim.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623299686137755"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1452	chrome.exe
1452	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1452	chrome.exe
1452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4464	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 4372	1452	chrome.exe	72
PID 1452 wrote to memory of 4372	1452	chrome.exe	72
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 4104	1452	chrome.exe	74
PID 1452 wrote to memory of 1880	1452	chrome.exe	75
PID 1452 wrote to memory of 1880	1452	chrome.exe	75
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76
PID 1452 wrote to memory of 3568	1452	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Nový textový dokument.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd9edc9758,0x7ffd9edc9768,0x7ffd9edc9778
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1824,i,11478748768857901795,15637659791685523460,131072 /prefetch:2
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1824,i,11478748768857901795,15637659791685523460,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1824,i,11478748768857901795,15637659791685523460,131072 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2796 --field-trial-handle=1824,i,11478748768857901795,15637659791685523460,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2804 --field-trial-handle=1824,i,11478748768857901795,15637659791685523460,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 --field-trial-handle=1824,i,11478748768857901795,15637659791685523460,131072 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1824,i,11478748768857901795,15637659791685523460,131072 /prefetch:8
  2⤵
  PID:2624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1656

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3af0855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4464

C:\Windows\system32\bootim.exe
bootim.exe /startpage:1
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5955516417fe660aeaf970ae758d7644

SHA1
d2e96401804011f8029d5e4d1f17b550131ee798

SHA256
fd131c95e596a71688691828f02ee2d34f3004e06cac2ed693f0855ab7fc51cb

SHA512
41dec85c84c5e5056d3d33e3de96cafd32edb17f8d1318b71f6fe348b0991bd1b1d1070d9f114506068c1b2df22f869b689622a3d880872eef9de7d4360e01e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7d6523bcd2b22db1baf5fd7d8a01d582

SHA1
0af41f0903e95c6744f52da49e4d283d88f15718

SHA256
2b45242134f8e8ebce8aeb01c1106e37f70a85b5b20615bb10bd25f38b8921d3

SHA512
fabfcbb394755948e3bd3c212d9be68bd3a4e24d88bf579121cd7acd9c8437029355a0a2caa279105547b31ed2866d3f0bee438ddbc6c9c98e0797b9fa62f7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
da7c3be8d5ef004c3fcd289424a3ff89

SHA1
8f6a1494031316105f255d5f015b6918d0e9689b

SHA256
65a6ca86e120164ba584ed66b2a6fbff37cc2ea6f8886a1b1b1de11920277655

SHA512
af88d3fe6e6caebed0a18c60be1690a420b37053c4ce04880dce6dece06b028280cc39006d3782fbac696fa2b8468736267258f68907b050490cc62cff99e224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f9f00b8ec2832eb166196cc74c0ba3e6

SHA1
2ad8d8c921ca06be75a1404ddba88db9dd48e29b

SHA256
9c1500b610430ee304badcbc96742d2a2d136d3470523b6818fc5b99ce556e7c

SHA512
02d3417a8741cf4b1a55e528c75870927891a467ca2665fbe31f99091cb4eaabd00f4ae2d54fef53856cd6bbda4550f878eb62ea1cff5138d00887d541990487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b4e9c5ba-66b6-4a6f-b60a-c026692e48cd.tmp

Filesize
5KB

MD5
5406aca6eb60677d3439cfa3c520de41

SHA1
d6fd8383a0b7a931c4df42371f51f4c336929253

SHA256
bc483db67975b4929bc1c8c33e463be125ab3beb304566752cd7586404bc116d

SHA512
0764795036dd48c718e33a5d83f12902df9bace1a7c72dc18e0fd5d49b1ac4f5b3b8e3f1bdbb351067c85a8170fbbc713d63c5881593c1ea6ff9c56593b08f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
7786b283a45d16a2ed348bee8ec0d1a0

SHA1
3efaa8b766f01a788c9308eaea2cbbb3059091a2

SHA256
d6a0c06aecae85b37617a0cb430c9afcf6b7ac8234a5b09d99117d548e615d5e

SHA512
580fd4806d62f23ceb04e685492deeb158af987912a254ca86142d88d254a9c29c61ec69aeeb9e1cd30f1c30e3e15a431812b38656b9f47d2e810f03f91f2ca5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
7d6e2ce488400708217ef9f75821917d

SHA1
59fb2152e547e74f3b7edf7e040d1c6655337551

SHA256
6ecb2dab02e891084ceec886a3aee03e63e9dce3413d4d4d3a46ca2cf625fd1d

SHA512
56e787b1a470114cd62deffa251de7eece1d8e23ab358d8fbe4279a0b93637bdca18ee196fa2aecc56b485f7536f2986cca4ca1bf527e621e97a58a635de8de7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Windows\Panther\UnattendGC\diagerr.xml

Filesize
13KB

MD5
70757bb715401d58378cefa1164902c8

SHA1
bd3a062d175b954461d0f0f705520648e87836a1

SHA256
eb1bd7c706c8294fb195901c8f0c653df6850504c913484f070ce13d4159973f

SHA512
09b6d56c517f236a631c9cdd82ae997ddb44d28b9c7c458da77b279048245a7842f01543aecbfe1a3887903ace1a29e216adb5884e0f8d8ec93eb41d247ce821

Download Submit
C:\Windows\Panther\UnattendGC\diagwrn.xml

Filesize
14KB

MD5
faba509e4e42a92cad7f59cf39f26342

SHA1
b23bc9af2562ae1e1863b60089520bd4641e11e4

SHA256
9677b66c81f6e61de9453fe6dcc6aea524f821dacc46001d0fd420d4636754fb

SHA512
8dfc6a2eadc796a90933501ff11192d10c1558e7b41b9a4695a3098ee8931da11594dd27690278ab1636a88c9f08d95a9ca7d150c511c159a094f0b254136199

Download Submit
C:\Windows\Panther\UnattendGC\setupact.log

Filesize
51KB

MD5
edfe64f9943308ea5df5635927d3f8ad

SHA1
ff7562d0d713980c0c92345806c4214870b55cdd

SHA256
bbdc820b5829c217b623ee0e069decd75af7a5b7232978909d34b2b2496d25c8

SHA512
87ea20c20c5d116d3cb01b5e6f00ad60d04b0acac67de668605f7e023ef76573b2b4fa2ffbe22d17db6754d3f88b0fbcb0ade7caecfbe41ecaba3a7d819bec8f

Download Submit
C:\Windows\System32\Recovery\ReAgent.xml

Filesize
1KB

MD5
f115b3aa81b1e68b9f178f10741183bf

SHA1
c617bd08e0454660a1ec294c362138885d5acabf

SHA256
0a4c770467daa195248de5f19a1db76ecda95286573bcdc64c7ea3c6554c1108

SHA512
3447bcc1d19387883fb33d6aad8f50199444cd28571030b6ed37a703ced7a66d0c79078cfd3fe9d7c8e8812b8f6f05c7c1b2271ab85a961043e76e5ab266918f

Download Submit