2f0b8c5ea4e7923690e4c4424621c2f00cc40d3c62790a2389addc5ea8ba14a8

Analysis

max time kernel
908s
max time network
1231s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GodMode9.firm.sha
Size

32B
MD5

1d01fd0b33402e5ff44edebe9bd58614
SHA1

16f90b74c587b40c57e378e9c9c6f75edd3a7fdb
SHA256

de7339b5b21862877008d60e7816c9b0fb6d45aa5b6acfb713e6b0283536cc17
SHA512

b8d845231b6eea4c18f24ae17abe57c4d4aa73e2829506b7bf68070e9cd71cd446f3b227105b223ad1538454250f548c4b75892250a65055cf4b969a57c6ae66

Score

8^/10

bootkit evasion persistence

Malware Config

Signatures

Disables Task Manager via registry modification
evasion
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

salinewin.exe

description ioc process

File opened for modification \??\PhysicalDrive0 salinewin.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\PhysicalDrive0	salinewin.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248458618944660"	chrome.exe

Modifies registry class 4 IoCs

Processes:

chrome.execmd.exeOpenWith.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{8553EAB4-CB1F-4FAD-91D3-D97F1B55B12D}	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

3468 reg.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

3728 chrome.exe
3728 chrome.exe
3728 chrome.exe
3728 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

3728 chrome.exe
3728 chrome.exe
3728 chrome.exe
3728 chrome.exe
3728 chrome.exe
3728 chrome.exe
3728 chrome.exe
3728 chrome.exe

pid	process
3468	reg.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: 33	3516	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3516	AUDIODG.EXE
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe
Token: SeShutdownPrivilege	3728	chrome.exe
Token: SeCreatePagefilePrivilege	3728	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe
3728	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

OpenWith.exesalinewin.exesalinewin.exe

pid process

1652 OpenWith.exe
632 salinewin.exe
4184 salinewin.exe

pid	process
1652	OpenWith.exe
632	salinewin.exe
4184	salinewin.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3728 wrote to memory of 3080	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 3080	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4496	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 1428	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 1428	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe
PID 3728 wrote to memory of 4364	3728	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\GodMode9.firm.sha
1⤵
- Modifies registry class
PID:1256

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ff8bbae9758,0x7ff8bbae9768,0x7ff8bbae9778
2⤵
PID:3080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:2
2⤵
PID:4496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1432 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:4364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:1
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3324 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:1
2⤵
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:1
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:3420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:4776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5172 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:1
2⤵
PID:740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4848 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:1
2⤵
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5424 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:1
2⤵
PID:732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5352 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:1
2⤵
PID:960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4996 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:1
2⤵
PID:3004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5240 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
- Modifies registry class
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:4540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:8
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2808 --field-trial-handle=1856,i,14459971705641228120,5794060701437113024,131072 /prefetch:2
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:972

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2036

C:\Users\Admin\Downloads\salinewin\salinewin.exe
"C:\Users\Admin\Downloads\salinewin\salinewin.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:632

C:\Users\Admin\Downloads\salinewin\salinewin.exe
"C:\Users\Admin\Downloads\salinewin\salinewin.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4184

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
2⤵
PID:1596

C:\Windows\SysWOW64\reg.exe
REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
3⤵
- Modifies registry key
PID:3468

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
Filesize
50KB

MD5
40333c9d07daab8ba8a53f73ee3f974e

SHA1
36c2b17a7c48fc28036534f445b79fca9658f0a4

SHA256
998313664fbeab2403238a77e6c50a4541d20805b30533f67de1a12c624fee54

SHA512
4a893bf97a02f88a3ea7830b5f72eb56295566a2c6ceafa33fd80f74f81edadbb4172f71c0e12e4a06b1e927f9d7b0cc62c5ba070cd50f3f25c8b670a1270de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
Filesize
612KB

MD5
a583b39f19252d5e929044138520b689

SHA1
51fc5bbd8694b72756de25fc60f13151d132ef01

SHA256
0123ffed642c61e4754dc6b590a20af667dc7d0b4262335c8b4c46e562ad3823

SHA512
434f70f7361014f9d2f87de0c29a2c2d1cd240333e99a4a61722404534783210575594c4ab996ec60d682157ffd5b2b87278cfdc9a2fbaf08213c42f1f1e1a8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
Filesize
35KB

MD5
fbf149f3cc52c0e994c22360da1fdc3c

SHA1
71c4a5d6a47d01dcb40c659951b5ce38faf1fef0

SHA256
53e46cc83cf44a5dce1b018be9011952eb7714f2949757cfa2e3efde44112dd0

SHA512
9046410e4bc370c68e98c5c00875469bf667cec7bfb14046df5a8547be292153d3621da4f1bc4ed583b044f739a3e56dd9f0fc70bd79196568aca2949501d1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
bfcb3c14f8abfb4a54db3081f5109305

SHA1
fa93e6057b3f8ef096aca62f4da542d33574c74f

SHA256
3f15d64531a13c2e7e1e05e8257e663124db5df61f38a14ca490527e91659c23

SHA512
1f97db22ad6526bcbb237ed56aa31f4d9ea9c8712f50d857aa45190634f56c55b59eefff733430f53009d91c8053fddc061219690010302ccd8e9088391a19eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
b2c6192c190a31dc7d90a35914abfcf4

SHA1
eb5348cf10e2e9d1805ef6c67897ac192d385f2f

SHA256
1033dfd5a1c7373244f6bcbbd00823b0ee4afcdc923db0ae30b854f306f76038

SHA512
53b17d4c6e0521586e6bbfa7698dbf78f5b8436c6ce0f38054d5f14840fc694eefce6f92adc07f17596512cca35b5703d792c1dcdd6e909a4d214272d89dd46c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
c7a982c1ee1154afb5998b6f6cad6499

SHA1
a8ea84a14eb281ea927b3a33894814ea26de531a

SHA256
08cadc1166d5218cc2ea552022a3f70382129a0000bfbc652d18d00c220f416c

SHA512
506da1956b14fadfe28cc5ec9af5a508f477ae591142af59ad5ffcc06d381ba89a891a344cb210b8d2cba0693f0d7ad27cdd483f16d7c31ff41c81b276412db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
1542d1324280fa7b095d149790a935c5

SHA1
32816295ae614043e054108a3a771229f61309bc

SHA256
8b9d020545eb41a5c00456d451bf025f6996bd444a108a2f33f29bf532ebaa96

SHA512
ec4cdc01b2f0719b4a8acf6bc43b478d81dc88f966b48fe1659007159bc43ad14899b032bed7e402f616622ca601447b8ffde49e83d32466c48cf9abddf78218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
d51c8c604c8125afb12a17a204072fce

SHA1
f3afb113880b16c7d943b4f746599bfce8d23dc7

SHA256
77b7f4397878c512a85cfd2ac2619bc3f062ccdbb3a75a2720e4b47dc0688e4d

SHA512
f9a50b288c27444408712e13531a82c4bcd7e24f10f2d8e31208a0ea09ab3b2bf1f7da099172f383f807d77a19729ab9050ff3f926440899a9678da3a6cc4fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
86c08c3890190177f9185780be29a675

SHA1
145e7c01ae031d39c9d1d46d2e14cd938272bbfc

SHA256
278ab2195d89217c1eb5444999e7ef18856ffb15d43b53648f0150224a5d3204

SHA512
ad5e63a33023ba46bd9c0b5d6d25dce5f48f18b8c48fdbcec090a860adb5314d03166030df714902202c0ee0cdd53523a0bf2d3eef07a823f9396f3aee5882be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
881fa323d1e4e758d7b128e0c2d9179f

SHA1
411ea022dfbb468596133e9865b4b53e765093f9

SHA256
f7431ca72122ae52c4f5a45f70c65c83f13df0faed52fb3c330f09b2ded33b84

SHA512
8c0d108693876b88ab7ceddbdb8aa9be8db69d4e4eeb43cd6c2a085f78d99a486c02a0054b2cc860862fc75154f5de7a4ef93f8326031f8c341c317f7ccdac64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
eb13275a9af858bd6be27d25b9c0d1a8

SHA1
1f8b0957e47ec42d7b4545ec8be80e24c0e6e41e

SHA256
171ea0b450144c477729f74fcc1b31ca117fb30c345de7156e700a67afb5ab93

SHA512
30e9bdcf0da050ada4c293af922b0705930c85f4b75a28ba0741768ca972e28fbbb13c7a11f210879efbbec7a19780ba428ad0a0ac4434d87130dd62708c9ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d9cc0d22a0f7562e132941ad0dfc0276

SHA1
fdf7c15edf7ed8a82d441d20c0dbf7ea03e0d72c

SHA256
c8f8714b3572be5ce4ac8e0a77503b460dffb77b62e078f48202ce8394e20b33

SHA512
805da8356a6ef293a9e56a767cfc6da60d777acdd097ae65b4fafbdea7f6c8cc90816e82abf2c0a80b80e86f746d013de56e96918bc2720291b8f5a10fba32e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
dee6c6e12760ef2519d57d74afb9742d

SHA1
744b3d8e0df56540083183dbef31137b0e481002

SHA256
71237fd2f841ee83391d76cafa71e7916dc8a4f94d3ba5e2e7940eb37fbcdea5

SHA512
72e14988deb897bc0b81b606f73eb6e90f2a35e1240083d15866ca6854168c59279079030540f00694d1702a9b1cd0f9d0c61d6e5e7e334e9c0a9ef8bb1695ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1e1e6ada4aa41412304e00f161757b84

SHA1
50e8f6926e25eccc10c889a2a6bb3520f238a2d1

SHA256
472934fc214ed7fc0c07d76c42c91696d6875f080ed820ef6d90757ddf5df547

SHA512
0f58790707575bb6543bc4c09c4ea89534a82ea5bfc4adefba7f8f0e7b093b1c739583521ceda9850b573977d0db02d583e02fa7d8be4a8330ac5e0e3c66ae9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
1057308fbe8e329ac2b50124940ff3a7

SHA1
aeb327508f80f5d0900a2fdfd7fa878ce22c1402

SHA256
b19880e93edb369d0e12839a55806d50b5800d4889d6c79d69b646b9f4ce4ba2

SHA512
6594d8295e11ccdeba73481b7ebabc1a5aad4ec3fbe942ab5e81fa889eadb14b632116477c027befb48b909d5dd7ec2b79940a2393b8db74e832e61863d41779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\949227bb-fe01-486e-ae2a-1e903d1a78f3\index-dir\the-real-index
Filesize
624B

MD5
a62a533b3c6447bbb93521c89181996b

SHA1
19eec700eb783f486bacc539d7241f7d3d74742d

SHA256
b025fd10a75246af68aa36abbf9d1b730b7979e0d84c9ff9aca875ca31fa4df7

SHA512
326b84414390f0ec704718fbdf82f8b6b4d46613fe700fa7601060d2d8d0ca8935178aa9d832a999a951a670892f6c4b67284bc85f5eed9dbdb81de471d8c2de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\949227bb-fe01-486e-ae2a-1e903d1a78f3\index-dir\the-real-index~RFe644dd2.TMP
Filesize
48B

MD5
1012e4624ea159abeafdb5d590615073

SHA1
b1e013eef7dbc2768f71d5b40d36b9c581f4792c

SHA256
4347e04917ba20aa63c6dad56825ed4536e27e26c5748c98e728adf28fdb0761

SHA512
6100556416484735abac8f2148985f0d5c479341736275cc1faa9993093a87b16e9c3d2252437edaa57baddb7819d1d713fc78fc8fb226c817566e98e1a5db35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
20536f5d7b0966a85ab071739197a45e

SHA1
7309524e2ffb2b2fcf52ddf8c009d2cb51e43116

SHA256
ee97b0e1f8d4d489ff55c2f0f75b81c085cc5f68957ffe075f85c4c0e5bf0bcd

SHA512
880b425f06c09c8cf3ed64673cd9e73dd101b03728143b6bd4d310157be43ee337cfd150900f33a3cb715c1e42fa0f41a63823ca6c57b1b47656eb4478cd0e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
129B

MD5
aeaccc4f350b0e8ec165ab2f77033349

SHA1
8c4c7deda5b1758fc5bb89e6d4e99ffadfcbe9f8

SHA256
730cbd198826d13ccfdfde50533a5496e193a22d4952db222eafccea9a4b1e20

SHA512
8fb931fdd844b813832f3523b1e758a4c38d9171d58da31ce81d46b3e3ac4d990ef44acb55032064e476b99974927f2afb899b273bf8d3bb217022879576778a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
125B

MD5
456ec41d32b045e1cc2d1ae0045566d1

SHA1
573572a7beeed2166e67f4f126bd4488050fef18

SHA256
8f247d5cb6e21a6ee2cbd0f6b7516c2e0394a887b46ac7c08c6345eb97b32648

SHA512
378e10a5fe37de662e570770dedb7ec2bd1a2ac4e191bdc18ee5993c662a9d637fb8e5cb10899a4694b34bb9ef8e9e0695ad2bbc84f40b4621dee9d72d58e000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe63d8e1.TMP
Filesize
120B

MD5
4ff6e891fc20a7472e15c02c9d6a9119

SHA1
a80c47b74cfdcb57f5237897d45754108609436b

SHA256
9351abb6246fb092a29c77d61f65886a4c49c093cc1e144234a142f4fefcd865

SHA512
90eb8b0d8e4ea0c0260578d61f499f6b082ede9e695b26d3581e4b4116e8d1fccb613828beba4876c46f1d8d53dfed886d10754fe285fd2c0fba46ff6aa07937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
14KB

MD5
2021e75073392964e4e9387b1a3831ce

SHA1
32a706f04ab6ae42b4b179222583c37731086f8e

SHA256
241f64f125d94bb3f7f07f09905b3f9cc81e978eb849f3c7acede73cc3c329e4

SHA512
7216e5e73b86de99d67f66fef996ca6cb3f871b4552d47baa0b905d0f8f8d8ee75cde87e142f7349a6cec150dad5e5ddb18b61b40890f8e7ada3abec9a0c23d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize
137KB

MD5
a48a02b54916b78ac8d69dfb48feef3e

SHA1
60b66f9e02f4a5c7e414110b2fed3df7eb78aa0d

SHA256
42b90f2a7a1de6eefa6c7a59d9ac211670742730e2f0a9ae5f895ce557365daf

SHA512
dc500576cb35a608b20d1e1facb58c6c89654f5fb045f3e3ce87dd4d89f1ea877df93b89f9ba5639022e71e3f81a715d3f41686d90c9d6b82c59347487c35103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
d419244dc613a3a4dc3c554111e1e117

SHA1
f258f09ab6ca5519f52b2c10b3ed31d70c32ccbf

SHA256
91e6d74af66529b2eb66ba1b0d7b3879b9d69b4b2b376d3296f33482dc8f8f43

SHA512
83bd0c35908ca601c4bd49ef5bf40cb0ed7e82cf0b4bc0f8957be212cb869be04654036ceb9d60e6d3625e9e56b7d88b954435194997d2631ac3654b48c50898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe643941.TMP
Filesize
48B

MD5
12ffa38985420687974e08b35301fc14

SHA1
cc01c1fb894fc8f960adbb696a1e1c00cee24bb3

SHA256
07bb244ac6b7107234afc77d21b248b51fd334088e8a0978f226a8eb3597acc6

SHA512
934aff8b45a3217795c2968d3a99c0eec4fe7b0991a7df8cc88f31710517985e31377f881722196696f0e52d5d2851414fb4d13cfcb607853dae1a6a99d7429a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome\16.png
Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3728_90267956\Shortcuts Menu Icons\Monochrome\0\512.png
Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3728_90267956\Shortcuts Menu Icons\Monochrome\1\512.png
Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
df78777eb30c6499e7ab7735254d542f

SHA1
48173a3bbabe2be3bba8d4b465eaa7c2c15c9d92

SHA256
c5cce74145e28d0f523bf2ef81f6e0251562d0c62f41fd650b553d499b984e97

SHA512
1db9b165a80646c6a94f366895ba4132bb3000bb6241f6d30f536c33cf95fa0860c8e2e80b2b02d1d8d7621bf59b767d7c4df097455f49204bda180b5234e0b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
8e8cf8d8992a8bf0c3c86ab844a666d1

SHA1
974e09e0e80b1ec4c07f46c558171f52ba8a7baf

SHA256
1c2bf8dab516514bc32d27dafac7f831e93a72c00201111b21b547f68b1ba14d

SHA512
734ff2096d5ef40a314c3212b304607dd59cb5e78b2408334a56f635c7696889ca1d271ad08877453193252e20e908a5742b87dc134d4a372e2c9e610afec06d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
480436f450149d41951679ff2f59b2f2

SHA1
42166eae4cd79a871b4afd347728681fb59c4624

SHA256
887709188c926d709f6ac3b4a1c7085f695126a13ea27c67dc7b7a9b9c400df4

SHA512
a897d0f99cf52f6250235192109af307292b227d0c94cccf41c80f6a30ddc09c67864e24a03741b7364fdaabda38495fd6b8f2ad4a13cd00b4afeb9536278acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
ee5aafdcafb9b690f70be0a313f98d1e

SHA1
e1f939f2e824ddbd801cb780843d331664b63599

SHA256
1dd8c578ff0b6820a905d6be746ee08d49486039f827b75bdf29cc49b1484b22

SHA512
473552bd5e8776640008a78bf89601361a7839b264992e98af475cfe1da4a403bb9efb3fab23fbcdf332e6272e33820344694f662b0679fc8f51edd80286de5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
630bf6565dbde717699c7cc070e6b3f3

SHA1
d9bc7d2ec6c6b44982b9ad20561fc46c04691534

SHA256
997cb2c586d8e7406d1817d7449750932d52207264513fc304272c2fa28ae260

SHA512
68cafe7c74c34a406fdba4b6e5d0bc77b725076c2b3229fda1f584a22f891516224779252e2efd562d3937bc96fff09317b1979fa8014338a824789d2263ff41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
106KB

MD5
02338c76eb6a28f9d605a2274ee196d3

SHA1
ba096115ebb2fd694110b3e5043c0010eb4a21ae

SHA256
f7075926e2c18e42862eb94da0c192af2d1bc455cbda743323cfb454aaa21c07

SHA512
cd8dd08013e809506726ca9a0fdbb8b1aacf76e8f7da81858aa2ca290cccc343e8d2b80c9b5a79a3dfe306551df60e7ac257e23e039ac86b45df777533ffe747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe643df4.TMP
Filesize
97KB

MD5
7058b717144652fc491b26caf9103673

SHA1
3ec85c661662a85f96c582467993b866d248b9fa

SHA256
68f0f3f3638730c59b713fee34e76b4eeeda1ba0e6d5785d0a0611d90df429fe

SHA512
e73d66d57a01c67a995a8a1e1a852dee982b8e05f233fe315eccc3cc58ea45fba3ffd2da7e71ffcf15678ea7d995c3924997d28b199b0194342b0b49c7947e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\salinewin.zip.crdownload
Filesize
203KB

MD5
19a966f0b86c67659b15364e89f3748b

SHA1
94075399f5f8c6f73258024bf442c0bf8600d52b

SHA256
b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d

SHA512
60a926114d21e43c867187c6890dd1b4809c855a8011fcc921e6c20b6d1fb274c2e417747f1eef0d64919bc4f3a9b6a7725c87240c20b70e87a5ff6eba563427

Download Submit