bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3

Analysis

max time kernel
163s
max time network
160s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09-08-2024 10:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source/mbr.exe
Size

1.3MB
MD5

35af6068d91ba1cc6ce21b461f242f94
SHA1

cb054789ff03aa1617a6f5741ad53e4598184ffa
SHA256

9ac99df89c676a55b48de00384506f4c232c75956b1e465f7fe437266002655e
SHA512

136e3066c6e44af30691bcd76d9af304af0edf69f350211cf74d6713c4c952817a551757194b71c3b49ac3f87a6f0aa88fb80eb1e770d0f0dd82b29bfce80169
SSDEEP

24576:LT3LlvRiQNGYXCI+b1w30WgvZef6YhuQ5O3h3JMtbu:7XNGDIu8NyMtbu

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	mbr.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mbr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676715176212622"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3840	chrome.exe
3840	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe
Token: SeShutdownPrivilege	3840	chrome.exe
Token: SeCreatePagefilePrivilege	3840	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe
3840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3840 wrote to memory of 4868	3840	chrome.exe	85
PID 3840 wrote to memory of 4868	3840	chrome.exe	85
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 5108	3840	chrome.exe	86
PID 3840 wrote to memory of 2908	3840	chrome.exe	87
PID 3840 wrote to memory of 2908	3840	chrome.exe	87
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88
PID 3840 wrote to memory of 4536	3840	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\source\mbr.exe
"C:\Users\Admin\AppData\Local\Temp\source\mbr.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffab1aacc40,0x7ffab1aacc4c,0x7ffab1aacc58
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,4209621761383751777,15490445294272051085,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,4209621761383751777,15490445294272051085,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,4209621761383751777,15490445294272051085,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,4209621761383751777,15490445294272051085,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,4209621761383751777,15490445294272051085,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3560,i,4209621761383751777,15490445294272051085,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,4209621761383751777,15490445294272051085,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:1760
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6097e4698,0x7ff6097e46a4,0x7ff6097e46b0
    3⤵
    - Drops file in Windows directory
    PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4384,i,4209621761383751777,15490445294272051085,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4500 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5068,i,4209621761383751777,15490445294272051085,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4896

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
117KB

MD5
1c14485e6513c994af246659adc5b70c

SHA1
71a50325198ce95d67eb4b89b78d5a3727665e4d

SHA256
d2fa85aaba46d9e7a8af32ce380ed30f0fe2e5c081cef3674a3d1fe21584885f

SHA512
3153b61c27e664939ec64394c9cdf244adb6b773a3c413e93a7a38460c8cd48e53ad4c953b6862f03997be05757552ed3ecb9e94376bd836bb1757219d641d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
30KB

MD5
fb9e07206be3e46de64694c655e2ce0f

SHA1
71e903877880cac4c4db940a356d55b3e5e4b2e2

SHA256
317bc7e789e17191dbb12502a0179585a309fc3791284d949184d23e846bb1ec

SHA512
181a2bf9e0dfb636b6d183e0fab04059a10aa8c2e5326f75f03c4d83224b8a0f31c5b7c53ddf60852b95ceae56bbe5d7f8a72dc8381c7a640deee7a1e763ee74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
350KB

MD5
479a06091d849c1bbaf3dfdd80dca95f

SHA1
4739c99ac2f2f91508e0a792a22c9af1b4d1f996

SHA256
f172b25397fe36d2aa4402535ef06b6d4bed4bce3e651c796d4876011964661e

SHA512
7089dbd90ce0f7475312fd4c82feb458f16053a818e040417cda4b312cc32e86dc6643dda7d1f186b81261df3f2ed2419556558ea6dfdc14ce8db7840f9d8c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
42KB

MD5
3418f7168ba9caec47128bd78e3b4e57

SHA1
2d57b2b35c552fd34a0c4b124e5e5c3130ee3b10

SHA256
351bf864615f4ac840dc826607ce2467ba9dc7178fd0f8024b5ed8691b0f1d05

SHA512
b83310c8fbb02b84675dd944331d7f98d60f868b7b85853eea2e8ca3e99edd50a6358ad33052af29030bae4a3659157668cac6179d815f18ba359f6d035493e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
569b85ff2e9393c6aaaed929541e6099

SHA1
619c7ee60466cbf986c5386fc9d5b483851b7f39

SHA256
ec6c58f5999d80af6b13e43da7916da1562786befc9161de03420b7dce4180ae

SHA512
c688a3bf4b52f0022756eadb3b530b5b20028adfca2e4e4997bffc42ba490096131c44ca9e048f60a3e7f8ce93d402ea4fbe836371f31f8fd3bd3769ef74d879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
732f919ea4c81a625f9995a82af27e4c

SHA1
f82cd57144c168bdcb8a1270cd0015171a3797fa

SHA256
53f042a0f00d35f62672906152e9ffb99538e5dd0e0a2a0d2f2c45bb4aa5e5de

SHA512
219ff053e9ce74205c1a37049bfb54be529cf6abee7e6a3f7e054e393c00f48c5d968cd4d6668ee123c841684e7f04f91240c6536b06432c9731bd2abcfaedfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f9652cd71c4d2d506045dbf2d0ceb19

SHA1
6cf460d08683970f253889c764670e4dca2cee08

SHA256
a1fbf6b95fb4a39786b107903387f3a20fae812d4439f6f551b220e9b1900cc5

SHA512
b092a947a77c6dc7cd15bca29c0200113bc08c09a6f4b73395643ab5f1274240e4c643b8e490c51a410bd066a250815326795eece69a5174e4d78a98b074e80d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6da850a6833a0e3856aa78bf66b0ee6c

SHA1
a66444b50d188d2d4a72aead9d2aef4e3c776628

SHA256
ce277cdf196e373d17b7b9dbc1a9104d903848a3e184fe66ebe631a23b16255f

SHA512
0428e5809378fa0945df9b99b9548c82985665e03ee566c619625a1b96ad5c73df7570d781aba4dbb089c2e6404a53c02b75046bb540685b82ee32c8477fbc3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a2ef5d8a47f21cfd2a2bf209884b494

SHA1
3ef035fcacd86c8ab22ad10aefb29da1642b37df

SHA256
51f508c5423b4a9907b0502539fd4077f866181052b20254328409470b807c60

SHA512
f79bd6a53aecdd6615e0764a7cbab1350d83ee36b0017c5322b6145b1e24c5841659dd30de0b001a3978e9ca807a2e3018d19ade27a66937e44255bd872d18e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b9597631d4f10adee5156cb08c7c164

SHA1
f606e6be378a95fefdd5f14c6d4a37397db2480d

SHA256
9ef4071ae541d7b18a78b7d90328c0c5523a6f25ab5ac9eacf1f6630fcbcd016

SHA512
d8c38ba0c4a122175cab4ca01d198b11bf83a54cdf04a17f8539bf8dd5d799ce526d07055091fa61b31bb30af9c43dd94ab50318457e8b5db8e215a23b011a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1e49a52ca3bd0deb7c1167698ca4cde0

SHA1
827cda383fe93e49a97ef779221beb6373bcb0be

SHA256
c9aa2187196c865184eabfa4ed6cbefebbebfdc04de706de5d0b459d19f1772d

SHA512
cf4e7cb4d09a8e85dd6217489912feeb7896dcc2262a1d89f884c7eed2aeb2f60187d8cbc9587ea4c74bdb9c856f8137e02f91c8c170e838284fedfc5e6c6279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
b6dc622f3af8a95ccb062987a0804efc

SHA1
430b8412c6cf6e21e14250e84c2197d1e8de36eb

SHA256
638d68a9a088d6427cb6bf1b6b793b72d87fb9602bbabf064ca0a9ee6a31d13c

SHA512
a7e9c9f1f87caa870fb47d939feda52cdd063562bc15c7d07cab6bb6fcc46e868d504f0edc2f554f570c1b33eba50fc12ba6dd4d33f2bcdb671b0bfc4feb5fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
1aa27a8a1a5e029c7ffb3f50cf88b4cd

SHA1
4a0a52134f4cbce788b206f3567e1ce5cc9b550a

SHA256
7277c53d118af963f3cf32e14a2910228f172cdcf3268aeccfb40484b65a02eb

SHA512
d7602b054905ecb93cc9145afe134ade958ee246b393762bbdccea5a9aa30b4e185465614ecd53e5a1a9a7f3f8ef8cde628e3f70ab95b9f3e15eb769f7d2cb1a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/224-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download