f2e4b9fdd539e4e57d4b36b59c86090ac4ddf78d2a3c132e5a8c0af4a5ca0d26

Analysis

max time kernel
73s
max time network
298s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-02-2024 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BatchOS.bat
Size

21KB
MD5

a50c454a7c0caedcfa3c589f48adde9b
SHA1

b63d82471cbb23e07b3e6d4a6979a73cb1d71a14
SHA256

f2e4b9fdd539e4e57d4b36b59c86090ac4ddf78d2a3c132e5a8c0af4a5ca0d26
SHA512

5f9b0f45a3798db2a4dc2dfa2041cafc2fd354ff46c15864bfcc7bd988e409f1506a83d263d7c6c8f5de548fcc63a06ca6d1dbf501de175000715511e0cee62e
SSDEEP

192:gLSttr+AJILuomifFXZY4W3VfIpt0sMKB6A+Ic2LtDv3lvZHElgb1mT+VdKjolSt:VhclZY4N3+AhvodQ5CZt5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 2704	836	cmd.exe	29
PID 836 wrote to memory of 2704	836	cmd.exe	29
PID 836 wrote to memory of 2704	836	cmd.exe	29
PID 2584 wrote to memory of 2604	2584	chrome.exe	32
PID 2584 wrote to memory of 2604	2584	chrome.exe	32
PID 2584 wrote to memory of 2604	2584	chrome.exe	32
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 1500	2584	chrome.exe	34
PID 2584 wrote to memory of 2632	2584	chrome.exe	35
PID 2584 wrote to memory of 2632	2584	chrome.exe	35
PID 2584 wrote to memory of 2632	2584	chrome.exe	35
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36
PID 2584 wrote to memory of 2868	2584	chrome.exe	36

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\BatchOS.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\system32\fsutil.exe
  fsutil file createnew BatchOSDir/bootsector.bin 512
  2⤵
  PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef64b9758,0x7fef64b9768,0x7fef64b9778
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2820 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:2
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1316 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3728 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4016 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3744 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1292 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3696 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4084 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2572 --field-trial-handle=1180,i,4033672194853504961,8712721064029064818,131072 /prefetch:1
  2⤵
  PID:1808

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ca2f15fffa9553b86717f19b675afe54

SHA1
5fb49907ff37df3eb8a86345b9befc0aa3522ad2

SHA256
7e1e86806c0a3cf9ae01d625fd091c779aee34840e906431c1a7addc4e2a95df

SHA512
39854c0387cb136cdcb9c0fed8b3b1746637115feb817073e24f5731fe22eef3bdd541dd5e05dd1627c9b47f20aa049c428ebc1efa05963e789ba90c8723d754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b1de0c62b9f97ff88eaa08d1248a5ea4

SHA1
b280814081ec1928bc2c30d683aa682c61bfaa57

SHA256
ad50c8b7d3591a81c43184243ab022ed238b6639ccf71b09f226541a9d2ad544

SHA512
ec3b1f6c97b30a24cfbea88fe403160735647a09a3a53dc62fd5dc7bc2c00cd4ddc0b55a9a97bebba946d007a480d371451cf4d7b2a76b19e9913a120d630c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7bc7641a539978cbf93cd345d2ada9d3

SHA1
ba851ee40121df3c1b8ccbdfb29195aeb0340758

SHA256
89f389e76a570b5179459c509b3fe8dd5288339ea4abbfec82be292867720279

SHA512
c2957b7c1a15a94345db7a523e491d2af96a06797e200246dd11a7c5a9c234bbd0af2e31d0c2adf2a1c217f2cc11dddafd68509b6c286a2581d6e829d3ebac5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
a2441066f241609bf81385e64b943dbb

SHA1
758f6f251225dd3eaf0ea93f7788d43220032a0e

SHA256
c7de611fa17ef844c81fc2e0d7575e3cf69645759a56c98b62560f3c2ebe7dd2

SHA512
2b132221e0afac18d83c1f23cb0014bd8748ccfd4f1749f23c3f95d17b2a98c647fff18b634d191d94f7f8d8ccacd1b7202f37b76f57c2acab57901aaed82fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\BatchOSDir\batchosbuilder.bat

Filesize
226B

MD5
17d4c604bdc818337886fd667f50a88e

SHA1
f321b4be3bc32b6f9b594a19ce67795be03d033f

SHA256
99206a91ec442d2ff768f54d8ce0adf50a16215c59d208557b443577b97f536c

SHA512
331246cab022c969c33be43fa42a10da7f4e743ead68d0a325d6d8e0985c3a21a72a723f896e36e3f32dce77b462375481cf0175a9e8bbbc638d840165b0f17a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BatchOSDir\batchosbuilder.bat

Filesize
232B

MD5
fe75839176eccc8a98e19d4b2f0642eb

SHA1
c2a10ab668186c51f7b6b7230caa7e7d86536873

SHA256
19bdc704acd4868f9b7e334aa9d407419f0722317297cd7dfbce889448be5af5

SHA512
13f533c41038c688a18bfd4a40c832b47df5e77bfcfb1083992cbccab04e546707114cdc4982c4d75cafa0c4da5aab0e1ee6aff22cfa3285ef53e063b23bab81

Download Submit
C:\Users\Admin\AppData\Local\Temp\BatchOSDir\settings.ini

Filesize
121B

MD5
7080b4054d2939cf1b9068bf75289494

SHA1
be9944c106db703863e44308a2e67bb2e7c8ff88

SHA256
d0347c6645312df82c080c7fcd96327db49d97a68bd63eb66629c59355135a6f

SHA512
64f1ca2ce80408c8f501d008c7d180f72cdadd79588234c027a64acbe639eafde2a896cf0912b2e38b156e49ba020619ecbd0faa917133c226f64e730b17ae63

Download Submit