8f6787371c660aa144c6521491afe4bc05252874c623cec155dac5dae9777ca9

Resubmissions

29-03-2024 00:20

240329-amqg2acd8z 10

29-03-2024 00:16

240329-aksvdacd4y 10

29-03-2024 00:12

240329-ahhavsda23 10

Analysis

max time kernel
45s
max time network
94s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29-03-2024 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ro-Byfron-1.0.exe
Size

2.2MB
MD5

2d1ee30378ae7634acc1b4558cfc170d
SHA1

8442725a2528e8bb849110987580ca9c110b379b
SHA256

8f6787371c660aa144c6521491afe4bc05252874c623cec155dac5dae9777ca9
SHA512

733786a5968e5e552fe18d199424992d745408bac2f206bbc3ea7a8ac4589eeb67e47ff0941c3389691edd1286b5007b629024f1bc1a88e0a0f62f0f48459785
SSDEEP

24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtW:PBozBdhEV7q8bOQnIFWY+3Je0w+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2568 chrome.exe
2568 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2568 wrote to memory of 2472	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2472	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2472	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2932	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2160	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2160	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 2160	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe
PID 2568 wrote to memory of 1448	2568	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Ro-Byfron-1.0.exe
"C:\Users\Admin\AppData\Local\Temp\Ro-Byfron-1.0.exe"
1⤵
PID:2216

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5ef9758,0x7fef5ef9768,0x7fef5ef9778
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1372,i,5808008001461356596,11129571461385125866,131072 /prefetch:2
2⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1372,i,5808008001461356596,11129571461385125866,131072 /prefetch:8
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1644 --field-trial-handle=1372,i,5808008001461356596,11129571461385125866,131072 /prefetch:8
2⤵
PID:1448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1372,i,5808008001461356596,11129571461385125866,131072 /prefetch:1
2⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1372,i,5808008001461356596,11129571461385125866,131072 /prefetch:1
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1620 --field-trial-handle=1372,i,5808008001461356596,11129571461385125866,131072 /prefetch:2
2⤵
PID:656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3276 --field-trial-handle=1372,i,5808008001461356596,11129571461385125866,131072 /prefetch:1
2⤵
PID:412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3940 --field-trial-handle=1372,i,5808008001461356596,11129571461385125866,131072 /prefetch:8
2⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2628 --field-trial-handle=1372,i,5808008001461356596,11129571461385125866,131072 /prefetch:1
2⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 --field-trial-handle=1372,i,5808008001461356596,11129571461385125866,131072 /prefetch:8
2⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1372,i,5808008001461356596,11129571461385125866,131072 /prefetch:8
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2916

C:\Users\Admin\Downloads\Ro-Byfron-1.0.exe
"C:\Users\Admin\Downloads\Ro-Byfron-1.0.exe"
1⤵
PID:2080

C:\Users\Admin\Downloads\Ro-Byfron-1.0.exe
"C:\Users\Admin\Downloads\Ro-Byfron-1.0.exe"
1⤵
PID:1348

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
3f6cc25329026dacb4d49585ad3f363a

SHA1
4a70966b997278bcf9b766eb4a8c624cfaa14d53

SHA256
d99b6f19f05402b130ee5d57bc6ac3fd70c6b9831ee27dd0b053041ca9d2f5ea

SHA512
55fd052a9fe389fb86ef698d80c16d3a3066680dba3915b5c8c1e6b1b727fe2cfd520b3155320b3c23edaa5476aae0aa29069563da0d4d02c6f20d26985351e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6bb59f8e-f59e-487d-b0a0-d274c4fc09de.tmp
Filesize
5KB

MD5
218a08e6d200d8b5b7742c1e0ce61ced

SHA1
211cc0b4673be38a08d42083cce6d6929e7d87cf

SHA256
fe895830252f5e94c93b85122588f23b0c2588c8bb5668556635278ac5e60e93

SHA512
16bd21fff07ec82dd9c7e8debfea5012f2bed1b631408fe6445fc85300214abfef174d8a923a5f54283ecb8c5c5282671e471a5382464f30405dddff5db863ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
1aa2d838bb03d6e5ba20948d71c4465b

SHA1
d27c4f71b0aa6c4974a5beecac1c4a631eafa56b

SHA256
b6c9c6f6bfcaf53290834a97f147ad8a5847020666828c0515573f601be3982f

SHA512
9a81fc532ef0137732b98a3ab9dc881cc302ded2e77d0e0f867c62f67cf0725860c6236f64aa25d219f7e90275f04a99a0a7f5b12c6ee752bea7d6fb69340b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3CD2.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC93D.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Downloads\Byfron-Bypass-ByfronV1.3.zip.crdownload
Filesize
1.1MB

MD5
201d2b4e8eaa71cbadc3602daca145bb

SHA1
0f71a894534495b2c38218a1c7847f95422988fe

SHA256
1410e2f1ecfe6eaebe24796b4cc3ca941caa38117ec8746599ba1371a3d1a075

SHA512
278b203ceef0d98875b7756a231c3beb526c1c4656d1b2a808f40030879196373c93f9170fb768ed9c2ded4a67eb11f79fea378e953c7c583464da6ae8bc7ab9

Download Submit
\??\pipe\crashpad_2568_JAQBEISLPLGMFVKE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit