af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb

Resubmissions

30-05-2024 16:03

240530-thqrsaeh82 10

26-04-2024 19:20

26-04-2024 19:17

26-04-2024 19:15

26-04-2024 18:18

26-04-2024 17:46

18-04-2024 16:20

17-04-2024 20:42

Analysis

max time kernel
127s
max time network
129s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
26-04-2024 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

advbattoexeconverter.exe
Size

804KB
MD5

83bb1b476c7143552853a2cf983c1142
SHA1

8ff8ed5c533d70a7d933ec45264dd700145acd8c
SHA256

af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
SHA512

6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
SSDEEP

24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

advbattoexeconverter.exe

pid process

3344 advbattoexeconverter.exe
3344 advbattoexeconverter.exe
3344 advbattoexeconverter.exe
Drops file in Program Files directory 1 IoCs

Processes:

advbattoexeconverter.exe

description ioc process

File opened for modification C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini advbattoexeconverter.exe
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3344	advbattoexeconverter.exe
3344	advbattoexeconverter.exe
3344	advbattoexeconverter.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini	advbattoexeconverter.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586325702220560"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2200 chrome.exe
2200 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

2200 chrome.exe
2200 chrome.exe
2200 chrome.exe
2200 chrome.exe
2200 chrome.exe
2200 chrome.exe
2200 chrome.exe
2200 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2200 wrote to memory of 2460	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 2460	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 1240	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 4200	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 4200	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe
PID 2200 wrote to memory of 3728	2200	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe
"C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ea17cc40,0x7ff8ea17cc4c,0x7ff8ea17cc58
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3324,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4396,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5000,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4508,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3348,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3352,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4868,i,2551141246079703203,13196757364230421040,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3848

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3588

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7ced9976eb82a4f136743451c7333756

SHA1
3c255b7c92390c44fd77e6fbce6ff825ec84bdc0

SHA256
22601b79adf72a82df6a09c73ba7889156545a4ff3098ed00fafc53ee183f537

SHA512
316fc7b0d1f0d8e548de7d777b03771bdbeda15657a1f81e459240d17b93d4637d942d2f6db0be157209e09200734805a99d8cabdea50eced150ebc6b1cd6da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a7a3d4e0a342eec36c7dc4c71e912ce

SHA1
959811d85ad426ee7b65d394b3cdd5702c66a0b7

SHA256
1288bdb183ef4b8ce701c5160c5af5791b19abe92b084442b663a9249d03cea1

SHA512
6173d54c6c4c95a4891778f593e8601f33c7b7f2ffd9fac763a8a346dc1a2d73252a4fe0db2e288c87c96273eccdc7787dad25fbc7b9a9ab9f53ea897c6441c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
61bc0adf941732a4ecc656fc30ab4c23

SHA1
9069c77718a3e8c7fa737991a86c9014affdb8ce

SHA256
b6ffbca2ed67c196204414ee4ab7e69fe9f38636a8c1115c497b50b8b025728d

SHA512
3556a53ee1fe3d9fb9b1db2332a3f8c29d0fef783cd7bf611068635d533ae50455cb273aeb9d61e8b1707ca909ebe9742f14d7066525036320f073c98e55cc1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e14be8c3dc6d3aad94d9782b48e8039a

SHA1
cc2578dd6ed5f0f6914f81b0a7b28ea0ab2295fc

SHA256
b6d5dda260bae7ced1116743532fd2bd178e9fbe379fba2927a007cca904e945

SHA512
7bf2570a4e26ba504321c8b67775737e4025652b8ab28fcd2304ac48b7883040b4dfdfef8c6bf87669d27c461938974c34f33a001bfe08642082e0fb3691b097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
13b7c740b140ceb86a76a444a352845d

SHA1
e9a7ee9d46299632a1f55f8b12b6a21dbc998734

SHA256
69d46ea115f5038049cce161cd142405854fee46988ac694d3771ad63cc3ea30

SHA512
d14ac06492fcc40490547ef6506c1bda186210de42c6530d90c4a540d7b88913ea8c72b89a77df0569d955a0fc6b700e7bf70ddde0b823d2a6be2b1b23f6102c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae2be66f4daca21dee51b592bb9e6487

SHA1
b66972995e87e22bcfd9d99bd674ec77945ef42f

SHA256
9fc34167c2ff3e9bcf4d7a358105269af44fab1cb2bd636fd868c2ee2c0c54fd

SHA512
0dea6b49039ee7645812522e2e494e1200f4e098a5bf7d3a68776089ca6ea10c231f62b72fc15920ba1e7e1b8212cc3596aa740089a13c9316642a66f12c8f03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf47de77a6cd85b725ca141ca90afb7d

SHA1
7bcef60bd5f2577916c028cde3bf44d6f09643f3

SHA256
c68954f303b81a5dee9f9f2fcd87c4d79cdef08916aa970a0d8871f481a64735

SHA512
41fa0128bf17faffd38926c7be413845a8defae63c8b9638e2dfda5a42c156e3fbb0c0cba71c5dade223f61394ed96220a5076483cb5d75e920c2ed78f0c5a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
538c7bb464a2749b0500c45cd296b15a

SHA1
663cbbe244a58982c193c20082db98d9b01713e6

SHA256
f054772e07aa1e7a3039e70d44073367d5d97b9719ce5ad1b3faa6a930f6d008

SHA512
a831030ad99f948711e6446c8e2de93153381c138bd681510a695a9d3535b5b994e0989a82a4c22b9cbc3f6e5636641433b56f7bd734d3f352066fa826219ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
79169e71896e1931cc68a3ec8f5f5d50

SHA1
a510d27e161cf3e67d364d6ce28278d52bfa6c61

SHA256
32e24ddddc3cc186c864e0e20a4581d79e0f9a31d6b297c67674862490323866

SHA512
8b1dc7c93e15843ac49c377dbdaf1f42623a37597154dd4d742f07cef568fd3e89f5afcaf16a885d7539c62d9e064db891cad2065bbe7732d21e113e1a502cf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll

Filesize
100KB

MD5
30439e079a3d603c461d2c2f4f8cb064

SHA1
aaf470f6bd8deadedbc31adf17035041176c6134

SHA256
d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a

SHA512
607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll

Filesize
20KB

MD5
f78ee6369ada1fb02b776498146cc903

SHA1
d5ba66acdab6a48327c76796d28be1e02643a129

SHA256
f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f

SHA512
88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9

Download Submit
\??\pipe\crashpad_2200_KJVUICRMJPRGGWUV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit