hxxps://byconecta[.]com[.]br/993495898941/xx/

Analysis

max time kernel
128s
max time network
125s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
08-01-2024 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://byconecta.com.br/993495898941/xx/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133492248382048438"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2920 chrome.exe
2920 chrome.exe
3308 chrome.exe
3308 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2920 chrome.exe
2920 chrome.exe
2920 chrome.exe
2920 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2920 wrote to memory of 3988	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3988	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 3468	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4556	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 4556	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe
PID 2920 wrote to memory of 1296	2920	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://byconecta.com.br/993495898941/xx/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffa9d1a9758,0x7ffa9d1a9768,0x7ffa9d1a9778
2⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:8
2⤵
PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:8
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=316 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:2
2⤵
PID:3468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:1
2⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:1
2⤵
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4816 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:8
2⤵
PID:1876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:8
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:8
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:8
2⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4644 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:1
2⤵
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5500 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:1
2⤵
PID:4332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5208 --field-trial-handle=1840,i,1042306001513016064,15998417241935912211,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3308

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4748

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004C8
1⤵
PID:1004

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
966b05dfba237d325a21cb5c541604ba

SHA1
93a8fb525ca973fa288734144566cffc98298659

SHA256
08b869a6b19349b538296b14e3d43d62899ec9d6d72984e65dd0041747f4cbd3

SHA512
cf402226b6f36d6f9ba1472ed2874edf98dd373c21241d0e543a10ecc7dc734ba17f84a4fdb069b4b59a51982091e9ef2f04cacf866b52ac7429eb768ec3fc9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
d1b0679a70ec59e976bccb3f2558aab0

SHA1
4cb9b1094aea00d0fa63fea70ee9c791bcd52001

SHA256
91d79ca2c9d18b0be4aa14b984bcbb0bb00d9561d2aa47ce73e446730eb0ef98

SHA512
3467ab1863893498c235e796385706a62fb5a2fd14a0302902e5d964fd1aeb6060c6a1e31e74c1db2d4b5e626df1b03230e828b43664a8d9df2b0b169c62c9cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8e0e95d353576c0fc87b54585e100304

SHA1
a485d0df0c7ba1072008f484d968bdc87e13f55f

SHA256
d92b0c045ee81eb87e9e1f97af4f12659ac2e33ae3ab5bffbff919651419b87e

SHA512
c0d7c037003aa2bc2242c0fd646fdd310a943d89ec65463062d3bf72578714c09813d5ceb1c492c9dad445522bf36692594def0fa7941e0dc4a34fdf90af9ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ce4b04199aec763e1a3cb2f28dee60bd

SHA1
178e16ec8905e6c6968eb8273803864f56fba28e

SHA256
d6692272f222674779b6bf4a9e9cb659a9537539f9ea53d77d726fe3483826ba

SHA512
64aca31ab27fefd406de429ff445ea7a211132c569a7dfc3edd7865c8ebea53bab81a83fb8b80e17d87c0b7005bc5bb5d32782bab1c494f03e77528598192f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4171c485e2b9b40f0c770e64d1de25a8

SHA1
c5159a78a4e9ef33f033ed76cbc09a78283b2064

SHA256
e920746589779164fc8ba961bdb59d2ff1c0026ff3c9490250801c6b233fc9f8

SHA512
e2c3242dda62683ce073e118bc37e31796cae3958a847b4a48b19510917fd2b334e27ccac27a78ed78d0cb5fa1f9c3e053653e6e25d5a5dca1307bcef586e85a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
33c969caeb23cd6201a36c17526d3bb9

SHA1
3632c98f1859f35e4c0c5cc2659b9889a18690dc

SHA256
0362929de16a4b56ba6ce06506d6ce8c556cfb5df7de316c5b1db80283f7de92

SHA512
1089d64f952bcc407abaf089b57335a6a6f8331127753307029ac03a6915acd7f9ffaa1e654ee0d610cfa1cce9cd8a9860f463ce0297d90a085068104a0ca149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1d9393d2259f2bf7645edeb6667bedc4

SHA1
4ef1434a43b21a0251d522fae6470c3189c0298b

SHA256
c06ac5413b9bc05b46c3907973d5efdbc96e48e12a44868721d315b9faa7c75c

SHA512
25b59f82fdedaa3507d1ebce7bb8dcec01f20cfdd3115c8794e35f6a68b8a362424eb4c70a563d0b302a7e5c6fcb7594d4d78a632a66b8e96ac88da6e78444e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
47e1e8ee2b6327a072e0789009af5d99

SHA1
2b2cd53cda66d44bc413ff153d93d1d286864cee

SHA256
318674d87ab85dafa49c6e45c1418e3b8262e8b2f650472b896bd4a1e9908395

SHA512
ecb48cab1b93aea79d1f7efb79e31ffaed4e861a526c3080f390cd3962f27cd5a09510979aa3a5f494647428b2cedd7982100211526c659ec8d800c1f0e8c3ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
52fb1a241904d356fb44869a9a9e2e1a

SHA1
a17759492a39188656858ac9b25bd2c0cfe5baef

SHA256
76adbe5a9d47b97ad02932c88f8b47eee3c2cc017480b13de4d2becc755af6a8

SHA512
eb0e313953abe797d63bd8e7d1630c59a815c1fe003ca279adc65539153c11f3d0425aaf322251dadc4326b4eb9e681df4202bae2f22f8b2e46fd8790a453895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587143.TMP
Filesize
93KB

MD5
f472b36ed3cac1fcb69bca3aed4eff55

SHA1
b1ff8f5c983700fbd13130f153454d3f76b41822

SHA256
357f85d81d66c2d70f61e87ad53bdfc2ddfde6657da12cceb6c2c146dbcd9569

SHA512
e4d5558323ce89e40faae4e7205aa117eed926169e64eea2c4fad7b6a7653ba8970e2086a52a8ebd41b45699d68ef9859028b5d0b9e740f58bcc0b2e2fd4922f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_2920_ERCHJHTAXTZRZMBC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit