af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb

Resubmissions

30/04/2024, 18:00

240430-wllncacc7z 10

30/04/2024, 17:54

240430-wg1lpscb6y 7

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
30/04/2024, 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

advbattoexeconverter.exe
Size

804KB
MD5

83bb1b476c7143552853a2cf983c1142
SHA1

8ff8ed5c533d70a7d933ec45264dd700145acd8c
SHA256

af09248cb756488850f9e6f9a7a00149005bf47a9b2087b792ff6bd937297ffb
SHA512

6916c6c5addf43f56b9de217e1b640ab6f4d7e5a73cd33a7189f66c9b7f0b954c5aa635f92fcef5692ca0ca0c8767e97a678e90d545079b5e6d421555f5b761a
SSDEEP

24576:0xFkFHdJ8aT/iziXH6FGnYhqQuimKC6Qpor:0IdJ1KiBYhsl+r

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2844	advbattoexeconverter.exe
2844	advbattoexeconverter.exe
2844	advbattoexeconverter.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Advanced BAT to EXE Converter v4.61\uninstall.ini	advbattoexeconverter.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589732939423271"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2928	chrome.exe
2928	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe
1796	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe
Token: SeShutdownPrivilege	2928	chrome.exe
Token: SeCreatePagefilePrivilege	2928	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2188	2928	chrome.exe	84
PID 2928 wrote to memory of 2188	2928	chrome.exe	84
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 2280	2928	chrome.exe	85
PID 2928 wrote to memory of 4784	2928	chrome.exe	86
PID 2928 wrote to memory of 4784	2928	chrome.exe	86
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87
PID 2928 wrote to memory of 5052	2928	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe
"C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffeacdfcc40,0x7ffeacdfcc4c,0x7ffeacdfcc58
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1740,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3580,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4336,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4664,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3416,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=224,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5036,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3284,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5384,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4796,i,4732475648395485187,3893942310777058988,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:4544

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2548

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
24e78e9c05bbbaed5aeab4dd1361e535

SHA1
70bdfd0a86c2caf5812ca5f6db5c74443ce12c0a

SHA256
e5c96d4879e2d99df2aa9ed9a172920e19babebf1c61245479fa4d7c983f0ac7

SHA512
80c50aa80626224314323b21a9ed131d82bbeede4e818ad4d37ee7e0cdd60290b2d0d9437447741af824b6a05d551a145acefd966d207818adc54a90122971fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd36834b514da3b82268288a0c8a5e78

SHA1
bbd5e9c549f7fa0d1ef3b6ae162f4e9f8f2047f5

SHA256
e326cb531f3a3e0d778c89fae72d97d41f1d4e2da6914481d333de54a76dd79b

SHA512
1e66157ca887d0d3d6940cc0806900cb064ad932c0a0ba869673cd4e8d6ac3735b1e2fe194425c5e66381afa2853f3a35654fb543244aff4da381302d781e0f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc58207faa792ec3f336b0db8e8fe9ba

SHA1
dc2b74a74586b118dec8fe5aac46f39b973c558d

SHA256
a2693b779ea684452b3672b430ee2ae79758820a14561e072c186cd7a01b04e3

SHA512
b1e5140c1b526936cbd77149e63aac538c5ae7222de213d8faeae293992474b41310f6c0c8b2f492e1dbe742c8e6cfa987d696f192685b1ff0fd4b66109f497d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
519990f63a7b011df0c3ef3ebea9c8ba

SHA1
72032098321027f89a6dbdb63d357f97b4303cb6

SHA256
07835879022dbb164a4d696aaa953184295cc174e35c7b275d6ed60c4ed4426d

SHA512
bef18a601977496e8b8fe822deba11143a010010cd2cc5e82ddd2180eb6bd3b26145b136696485c8e34510b64b2ee3acf3ee2d57541035658f96e4e86653dd2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb837ea21402b8f4d07c0e802981f087

SHA1
53a966979f7c04f21e702afce28265acba772b86

SHA256
872aa1fc7f2e81aca8a69609fd962787b15b223f177aef22cc748d5d82878008

SHA512
353184b4001c3d6352600c34031aff358cc68454b961aaa14b7e056756b2fecf4b9a2b07e075d8cd3ddeeb0cca3c832a6a4a3f1ffd97dbfbc1afc218a3bc5a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63f85c5c2e72878a9fbb9ddc2ae5dfba

SHA1
e34b762d5d7e0b3b1bfb58225bf9545c17bc41c2

SHA256
2411f337e366e8fa340fff5b50392fb8789bb304d14ff0beecce265861e8b15d

SHA512
53af57d6e616acd8068171331c758fee79284807bbb4859213ef87421ff421e24803f3cee47abbe8c56337fd0342c6e86da6d5e15ce8cf513202b0d331fc70c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
93798d558ccc932df608ad7cbe8104f4

SHA1
a7555c864b8ed15edc1b37537f231cccae252a1d

SHA256
63942486e99d357c432974578f89a7e16a00ddeb3e71734e2de7dad5cbf74302

SHA512
fdcd7502e5a42de708cee16749879c8e4e3284e8a3187cc47ddb91c8e11a234f369429aaf13d115465fd7a9588b2f6f5a810330d4603e41dafcdcf79b04fb42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
54f7cebf34b12cafe1ff0db0308a47f9

SHA1
a61a0921fa9d165b2da01160aca74abdd73d5de6

SHA256
8e04bdc56f77d2744417ba53ae2cf2f392f902b6f065047dadbc37ce44273381

SHA512
3ab73fae6ba645239cbb2da346c25b499fb2516d5c028e659440633dcb9565819abe22b6c7049a68c07d68bd8513f984f45cc9e8a72a2f3caf508cf47ef38fcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll

Filesize
100KB

MD5
30439e079a3d603c461d2c2f4f8cb064

SHA1
aaf470f6bd8deadedbc31adf17035041176c6134

SHA256
d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a

SHA512
607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll

Filesize
20KB

MD5
f78ee6369ada1fb02b776498146cc903

SHA1
d5ba66acdab6a48327c76796d28be1e02643a129

SHA256
f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f

SHA512
88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9

Download Submit