bbb5c6b4f85c81a323d11d34629776e99ca40e983c5ce0d0a3d540addb1c2fe3

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-01-2025 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source/mbr.exe
Size

1.3MB
MD5

35af6068d91ba1cc6ce21b461f242f94
SHA1

cb054789ff03aa1617a6f5741ad53e4598184ffa
SHA256

9ac99df89c676a55b48de00384506f4c232c75956b1e465f7fe437266002655e
SHA512

136e3066c6e44af30691bcd76d9af304af0edf69f350211cf74d6713c4c952817a551757194b71c3b49ac3f87a6f0aa88fb80eb1e770d0f0dd82b29bfce80169
SSDEEP

24576:LT3LlvRiQNGYXCI+b1w30WgvZef6YhuQ5O3h3JMtbu:7XNGDIu8NyMtbu

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	mbr.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mbr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133818001678090008"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2024	chrome.exe
2024	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 3364	2024	chrome.exe	81
PID 2024 wrote to memory of 3364	2024	chrome.exe	81
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 2792	2024	chrome.exe	82
PID 2024 wrote to memory of 3348	2024	chrome.exe	83
PID 2024 wrote to memory of 3348	2024	chrome.exe	83
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84
PID 2024 wrote to memory of 1796	2024	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\source\mbr.exe
"C:\Users\Admin\AppData\Local\Temp\source\mbr.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff160dcc40,0x7fff160dcc4c,0x7fff160dcc58
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3656,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4304,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5092,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5184,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4620,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:2
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5516,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4932,i,12615937549948921422,7700770417649625354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e380c05141de9d8d4c43182075ee1a55

SHA1
61203b7bcb307a6fc19c83c06e51e96fe89cf405

SHA256
c46a8be52a2dab02d9abf42cbea04c4a1df7f8e38382574562394d723170d58a

SHA512
f1840f9c55d9da382f9f7cd2c586997b525cb157a12c57a4170c8ba4c7e01625a7c14029a390fa1aafaa54adfdfc2dceeb13710688df0d7507ec1d826f254933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a80a46178dbfabfd45d3ed79c0180c70

SHA1
2495b5e7417f0455e79500186fb5eb6648fd2a5e

SHA256
fb07f154c8bea28a3e6d254864638f2797765bf53d8a0067b9b756f03e5dd550

SHA512
261319a40599e3150dde6f6136f7e05b47ac4852ab743b46b2b681760b25488edb338be0e0d74f10410828f8163c482afa1dacf35fa59c2ca59687fd9cf5037c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6d05326719c21c22b8365c5700d162f0

SHA1
2250cfed774cec04fa50c158b465a206e26137cc

SHA256
317f52e53a2a9b32b4fc0dedeb8d7708255656e886c085f91c3e85be90c3db99

SHA512
432c4879f14245f660efb8f56e8911fcc7db90de5e8048ea9435de10174ce986aacdc4daa2c6958a4cb3b96b4f9b02d2a2f4a274c419c955834536bd59c9aa89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
2398ed15f3c6c2355ca635d5117ac4cc

SHA1
969bb3e842ce61a6857cfb1d8b6f2ff2b59de81e

SHA256
04f5ce0fab8c3f6c6db6ac36f4d7fdc45da3e7849c05ce3fa15a6b74874382c2

SHA512
f5a373b4f6ed4e5e385488f9225e38d7bcb35bce5e6239adc40585cc6087b49a8c210b88cb9578fe481b34d1d9e2d4f221ee9c1fa2218693e6fb55fd628d8680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
190d7ae476eb70defc3b72e4159b4470

SHA1
48a66ec67975727edcf06cefa29f2e2a96581db2

SHA256
88358eef8882bad3d140f0b0737660023d5c1dc62f29e5331eb09e123d1db6bd

SHA512
a5a58e77e0f3588c9c78a6ef8a0392db0b06677105e06adee4b6d3266b1730ce83bca61698c04885739924b0766825017112ab630af8904b83519ecc65822dea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0daa088881fc6765d2454a2b3e10ae0f

SHA1
e07d25ffcba0ef692d8d1b35dd8e270cc4eb70c9

SHA256
f0fe215bc7ed56aa471c13871f84dd7e5d5471613623db0a88b920e5f3f9753a

SHA512
5a6b9ff81f8af8e81d8632bf6b25fffff5850119d4174acf19ef52ba7371106e008759b4b582bb90b40b5c125e30358113156f436d614406fdf6210101386c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ce0e465261245a39b5e860204b0b0dd

SHA1
129d4d7b425fcb66a3471ca00b0f1789bb99f08b

SHA256
fdf9976bbb104dc2ea10702a6ed8b5263545bd7daf0b62a248b887835157c086

SHA512
acccabf020e72e4a2ac62e0b26c0296f84eacc900f23f974ee869415efb0960b88f13587384e9e497f483b577a2c40140e8533eabdb40bf331e98d8bfd4be9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a23eff181f9d118514efa520d41fb864

SHA1
2a21e1834a004887c7c59aac396719fde9d4ff63

SHA256
3dcd4af20a68ad868e5e7bb1aa63e3d56256f11601adb96fcedc51573ddda93e

SHA512
0bb785e9832b5dad6aa13e9dd5b03b0f0b8560927734608ad5dc0200b477d244e9bb5050f4b2673bf25dff68d91f94ce56ffa7b0ddfc2f27a774d5c05bf0619f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67eba5a84fddc3f1d8186f22bdc60f4b

SHA1
40d45ed510319fc81b2ac815295a1cd90fb13455

SHA256
051265127a8db1e1223ba57a80f86ec47746aa33863fa7a35c58a14375ce8e8a

SHA512
be936df7f3909055722862a2ac7e8da0eb4bbd75fd2efde00624b958756dd10130c40f006b8ad7a4caae92fe9d8a8981f4b94d21f8f4978fa0ec51d45570516f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e95556054cc76e0283ade9a584e55ded

SHA1
15eba4305e2cbbb05b705eb4a57f255226f9cbef

SHA256
84799168a56647e74c2f963fbe7de90a6eec546e6b257f69a9afdfa64aed8e5e

SHA512
499c61329a25db0fa05cd3316e53cee1742d7061326ebddcad0c250e5ea4a7b09235c86ed4696753a8d48985b46ef282c041473d85608be860191996436eb29d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebf362fdf9aacc2e75e8d83c8a5fbfb8

SHA1
cd7e41a4b1ecfadec193de8c1d7a77922b870201

SHA256
718affa22ac15274c9cca42c245a5208d87a1fd99f7b468d447d67fdb77c905d

SHA512
f75b7bd1ddeb3652268951de054880fec6e2f8be8d86cd5d22f0850cec7c7d5a49a42b641b9c00209e6ae2d68e19ae06b2f3251bb8169c332dd8cc386b4fa9ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aaffee7683cb968340dc3af0734f7bcf

SHA1
bb79a195059bf7eab4de0ce9def3a573640039c5

SHA256
b9be87e0c67ad0837b2818179497cdc4bed18e0e6ff1ca660d6cd36c79263620

SHA512
2d812167ccd0da67386ede138fcb7f49b75d5f3063224136bb6856e138126521a217bd7d172937db8cb1aa7e613e3f576ced5d1fd852c18f9d4542aad9e22cc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1c5b509c8c99408ce5322e3c1c49c2e5

SHA1
062efc14cb862c1200e95d1271ec2f278153cb0a

SHA256
262b5fe0581ce242ce8bf745a5089358fa88ae9d59a2ee06eddb660cff56f3dd

SHA512
5cadcb6b634630fd2754637cb704cfc332e699925149a281844a51eb449a3aa960d7a45263c20b63016610dd91f40c414d87a9974f160133cc8f4b1c98921f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7beab3116ac85fa0571dc219b1224721

SHA1
d830cb2ff0deb87510b2b62db1e84a742ca7a15b

SHA256
78fcb9de187503977bbdf2b8e344c606b7ede9b048b6fae621fc62b1c57bfaed

SHA512
bd0f8fd3c3f6bee939009e8efbb599e070f5e7114fddef6dfba86b95141b88d93291babfb92eeec79816258276cb3c31a4c3ba582a643926bfd11466b9f3ff86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
7a78ef6ddd931311c5d3b957df2a710d

SHA1
fa54af5eeaf6be253973c9c0f14b0d0a752e12d4

SHA256
92832cf877b5566026bb01d25d5e9294231eb43e5358855afe22b7d731c90655

SHA512
8971a54494fdadce8a56c27c9671b75825925cf10ebe1e71aefe90c21dbe90517fc24999c7d35a7d38f14d5e9a133397f99b2a7a0c647493b140dbe5faf20580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
d6487d8f48b3c3e8b11cd7ab7884c6c6

SHA1
9e634eba556cc32c502642beb5c166aa946c04e4

SHA256
daf9af20533e7ba098fcfbb4d5c53f187e16e491ceaa518cdfdb8c7d36744564

SHA512
3710bdef819b1ebc65ee8e4b2e10e1650a19364bb87b5424a8a981a197ecee1106a5a5f957e7611a6ec1d2e891a63ad355a5f63c7e332bbfe04f6ca8fb6b3d9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2024_286767643\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2024_286767643\ca091ce6-a3c8-4b4f-9cf5-840c73cf22f1.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
memory/1460-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download