af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb

Resubmissions

17-04-2024 18:49

240417-xgsrjaaf62 7

17-04-2024 17:58

240417-wj98xsaf8y 10

Analysis

max time kernel
130s
max time network
129s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
17-04-2024 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

advbattoexeconverter.exe
Size

804KB
MD5

83bb1b476c7143552853a2cf983c1142
SHA1

8ff8ed5c533d70a7d933ec45264dd700145acd8c
SHA256

af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
SHA512

6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
SSDEEP

24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
3364	advbattoexeconverter.exe
3364	advbattoexeconverter.exe
3364	advbattoexeconverter.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini	advbattoexeconverter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578535158416835"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3777591257-2471171023-3629228286-1000\{9A178D7B-2255-4078-ACA0-E0554EC9DA0D}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 4772	2140	chrome.exe	81
PID 2140 wrote to memory of 4772	2140	chrome.exe	81
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 3472	2140	chrome.exe	82
PID 2140 wrote to memory of 4908	2140	chrome.exe	83
PID 2140 wrote to memory of 4908	2140	chrome.exe	83
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84
PID 2140 wrote to memory of 1636	2140	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe
"C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:3364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffdc00eab58,0x7ffdc00eab68,0x7ffdc00eab78
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4168 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4344 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4368 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3984 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3348 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4084 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4076 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1816,i,10876887794206944235,7705048806379810719,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1436

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9232992e-0e93-4bb0-8a04-057948486c71.tmp

Filesize
16KB

MD5
29c54e824a4591c4a2a78c0493b83725

SHA1
f15103ce3897190adefd5c594ed4786d150791b7

SHA256
1f7888e071abd64510010c0e9f1cf7785a016571afd7a67d1c2d6996d598e319

SHA512
def3e970e45d88c6c8189ab76308e536c6881b2422cf54356769017fa3dd4cc735170e996f951e12196e552cd2e7fcee58bfb547c4edee1e2ec5f4fc741f9348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
b75074633fd6b6aefffb85fb2da04445

SHA1
d0741f1a50e48f068bf83f22c996a0502e4dcacd

SHA256
f15e84db1792bf2da99d72aec4d84866ffe9f3f5de56ed2223563fb9aab7a150

SHA512
5786e2ed991e65bef9cfc91f7c1f72c6a21f4ac44c6659b1df61b5d60df3563d13bc55e400217cb4b5fe143f1d5c25f0a1cabdf3d4826bdcafcfb5ef21bed1e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
1c40c41233eb88c57645fe778c674a92

SHA1
ebb7f9a8847da2d89642e1d5c9cc58702caa8cb6

SHA256
05a3e119fbab0697be639127a4d412d1b5d5501f2d130b1222f4939fcbd8ec9f

SHA512
af4bd21824d00ea23e62afcd2bf8dbaa566d0d3dd92168118507d7311510fd6c20ad5dccfb6fb750f8f6f20c1ca9c19a684d9b503833194c0aaf6191694f197d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
274a1e0ed39ce98662216d09a2ef3163

SHA1
191c212ccb872b09752f2de87ac18e6c1637db10

SHA256
5d7420dd83af1a4b4b1efb598634e1513c171895cc00648d272f6c25d1443fe6

SHA512
96ad1d8b4010a95907876fe986b36abbdc9bce6141f397de55ad7e44f1571f11dc552d7eced7f7f212bb8de48ff93647d6332b37e273715dd4e34d0d9d069ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b95f503a2e461b82d5e542a35aa3d13d

SHA1
620102efe6861c28acff9262306818dc41d3db52

SHA256
465a65b6210e1ce69df073f8d4f5f919cf5ab1ec8ec567d456e4ef87b9c07153

SHA512
a20c19f5ee0af78e2834142f4b2df681bc9fcd1f78cca7d8c9e01853676bffecf537e794c23fd61c0d99a2512e7d4614dc78af481f347d68eb477361e4d05ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7fdcc6be4f6f4a853e8dfbaeaa7002b2

SHA1
06929755f65effee2d2e22cda60631d35ac0aa62

SHA256
628907113c04922443454f760d4e758c13dae4de4d243a5fa220e7090ae74c39

SHA512
c9ca005724f8dab55309ca7655e276dd47becc463e212a54d2d5abde39e82722d531684b3ad9f9e376feb398a367c4d4c4945c10efb57fa5a3d4a030f56b5fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
e7d3a550d156a3aabd6df0963d9461ca

SHA1
72abe236c2d17c4b3cb6d202d2ae336ab2f6ac22

SHA256
db6fa74077aba360ce5c64d6df18c3409fe27e74812167ca3013d4830986d1d5

SHA512
007a8a44b7c49a024d497dcfae89dfe047b311a6d1493d7fcfa362d1155989e9959df57cfaa795cef84f1f99a2fdffaa903f56b6ad6ad74464a290880734d7c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll

Filesize
100KB

MD5
30439e079a3d603c461d2c2f4f8cb064

SHA1
aaf470f6bd8deadedbc31adf17035041176c6134

SHA256
d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a

SHA512
607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll

Filesize
20KB

MD5
f78ee6369ada1fb02b776498146cc903

SHA1
d5ba66acdab6a48327c76796d28be1e02643a129

SHA256
f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f

SHA512
88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9

Download Submit