Analysis Overview
SHA256
2ec0182c0cafb89a21d8223d2778087261b52999399136ed2f3f17a9a7b102a1
Threat Level: Likely malicious
The file QRcode.png was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
One or more HTTP URLs in qr code identified
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-10 15:16
Signatures
One or more HTTP URLs in qr code identified
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 15:16
Reported
2024-05-10 16:02
Platform
win11-20240508-en
Max time kernel
2699s
Max time network
2660s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Melting.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598278654379580" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Melting.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\QRcode.png
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffb843aab58,0x7ffb843aab68,0x7ffb843aab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4108 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4564 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3980 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2724 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3460 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3456 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1680 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4356 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5068 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:8
C:\Users\Admin\Downloads\Melting.exe
"C:\Users\Admin\Downloads\Melting.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5492 --field-trial-handle=1812,i,2302519483565704598,10060243509213240616,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| GB | 142.250.179.227:443 | ssl.gstatic.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.14:443 | google.com | udp |
| FI | 216.58.211.227:443 | beacons2.gvt2.com | tcp |
| FI | 216.58.211.227:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4060_JOUPNNJLNWPYGDFF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 47afc064093aca5b76b68bea3cb44b81 |
| SHA1 | a8794c8cbbaf7ff28391acd0e169273d62c2d39d |
| SHA256 | 6ad8877a4750eb871c89ddf78f57cb69ed96f88992625351a1325b91100d10c2 |
| SHA512 | da2e37cc551a37831d43b47e5c2262ff32901fd68e0b1198251a7190b886fe9ce1e1238e0bf053ed714fd694f6634fdad6352a916fcf40353eae93f50043c2cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1863b6477c09a54cdc4476845a1df7f9 |
| SHA1 | 3ddac65c73a6db76defe7c219df024f2fd1e050e |
| SHA256 | 43351996bfdfda0cc8feb4bd87e069598c18e8509a12197d0deb3daf21d3b5f9 |
| SHA512 | 1126650037317bd5d0f66153e6eece7bd87bba07afa658260d7653a79582efe6fc24a07ac88b9a6bfb9260695ecd7461091b96a0f265f33486a5c564fd988fd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 09c3a6a40e0297239991a09440c25484 |
| SHA1 | 1dbfd66851eb6b49f584b64a1fb59c5d9adc2cb1 |
| SHA256 | fafc3a9ac5a04ddba678456efaea0a3d35a468a4ff3aefed6a3d413f8571d0ee |
| SHA512 | 510192cbc408efe1735cc43c13356d27fa164bacc227cc042ad702990ae8bc64ed91a0e786e00998269be8d5aef815b0535a2a5d732ab6a38d7832c01bc789e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 4f6f8df2dacaa5edf45b52ef0fadd99e |
| SHA1 | 276db3ef440309a7f29e6b2755c489d50e7da1f1 |
| SHA256 | 8694cfb68ee6170648996f8c6f003b68ff3e4c92cdd08836a11ab1ce2695df5b |
| SHA512 | 6410841fae5dcfc98484a17c5197ce904b8aeb036604b13f99573e2bd62b2fde3d841a3989790f0cd942967ef4c485ab4ee404e11511632ec9544ad9f180ae9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8650fe7285348ceb47c43c85f321eda3 |
| SHA1 | fd546edb5e8129f0c256e854159746091e5be208 |
| SHA256 | 922aca36e84bba65a83caa1550b681828fb1773ce9f18b6ad5d52ca5874101b0 |
| SHA512 | a546b4f253433bd791452c874f48307c6c9b3017428c2069608718aeecda7ca2ed02656de4af5d8de914046f46ca1d5d5a5edcf998921ae53da1ed888a03e32a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 77691159c48481712c7d29f52491a0dd |
| SHA1 | 81ec49a69dc9e5e043ae6bc62372b14f3b7a17c7 |
| SHA256 | a6d72eeb23c67e4ab915533a0db78517d1190e058c9a5a5939ce4990af85989d |
| SHA512 | 27986b9514689075c76b9f42cebfe8ae2d9ac7242fe233db9c700cd394f5dcaa1bb51c05ef797fc09d3f0dd80bc268be374626e9870e8a271272e4738d00deba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f6208b2a9b6a025f21772fd81dd76476 |
| SHA1 | b8e68039533a5f7608f1466e3d0c136dd40054c0 |
| SHA256 | 9ebdb991b659d2ef2561c08a010b041553e30c5e4a04c110a321119051bcc135 |
| SHA512 | aef0f6bb486265ccb70c623aa9557fc67116b80a6fabd68438fc7ec5cf69d62e9b2bc882a124f51db2e4d0fda856fe401cdcf62db6223544461a10195756e28a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 90a3c0d2f8e48d4f02cde36445f5b0ab |
| SHA1 | 20bf9dfd3102a330df577b10aaf442ea0d6bfafb |
| SHA256 | a4ea51c65fb3dfc701b0873eaf982cb9fbef4469074cbc5187d47f9a09a055d2 |
| SHA512 | 830841c700e4ae20403a856d785335c76b5e506a131adb1642683cfe3a0d7a79c51e274923c3895ea2941e235603b842c2ff708717893aac76ad7222a77ea8ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fdd8a59acece709434168b4ae97d54dc |
| SHA1 | 3cf6060bbf7cf93068b02e13020105b639ce0f55 |
| SHA256 | cdb67917f7aaa1f8872506d4ca2b1354e8c506f0d7607840f93460589d1fb37c |
| SHA512 | 814f961424d647ba9238761240557f33e5fb348c0eedf5c714cce107436c8f516b5007e41f83727c492124f3c0622653af0f82231cfe5e23b6b175ab650a923e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 01f70bec72775773d28064f670471ce1 |
| SHA1 | 9960006623bf12a7b0ccf32d931439694b9df863 |
| SHA256 | eedaabe6cc13b6f1d557a1ec6895620b2ef537320b3ec4a489a945304a51180a |
| SHA512 | 68d6bd259f69ead75842cb8ebea7c5e1ebe65f027b001365a78ca28181648edc65657d8f5531a7d68c45e95ed58c2ebb9a69338fe74cbc280036ce6d9ba44b1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 737d236a24357d2a326e37b5aeecd020 |
| SHA1 | b78a421e452b707cfd201a9a3f37a51806759c26 |
| SHA256 | 87f6596884650238e723015305a78ee011958b061d74310fb9b344cf0bbd24a1 |
| SHA512 | 422ce6faa6d6f9158d97a6318f4fb37a43791a385f038067f594b94c3f6cb588a428315cb8813ef8eb23603c9295579f0effae8961d938322eb71750f05d2357 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 18ba03df919c7735708fba7f7ce2b1ca |
| SHA1 | ac3597eab080b02bcaa45eaa4e148249c521a571 |
| SHA256 | c17e81d7d1ec1d192ce6a1134f799cbaa86807c03bb5225671de62af1520ccef |
| SHA512 | 6319401fb8c6998adcc949b8d460e538ac707fb2843dd819e956e33638d618ecd6977bd08019eb6a1b440c7b9d5f5655b52e052977a15dad1b791fc670ed2035 |
C:\Users\Admin\Downloads\Melting.exe:Zone.Identifier
| MD5 | 8bbf19ce2a2edd6f64cf1eac6727d091 |
| SHA1 | a555c6bef2a5dff8315a5326ecdaaff98af9f38d |
| SHA256 | 6e776446a1c55ad3cb5b65f428d2de21e401890c8e5dd185dd78c15d8eb5ca42 |
| SHA512 | b37ed86c3a25eb0ff77fe7aad80deb0f2ede1291b1eab54af7a3de6c1b19afc7915422b0ac997e32fe799921b3d9fe1133bc95f2100c4ea082fbaa2127efa188 |
C:\Users\Admin\Downloads\Melting.exe
| MD5 | 833619a4c9e8c808f092bf477af62618 |
| SHA1 | b4a0efa26f790e991cb17542c8e6aeb5030d1ebf |
| SHA256 | 92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76 |
| SHA512 | 4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4f15ce19-855b-4f34-9fa4-8efdbb0a9e2f.tmp
| MD5 | f1cda02047d23b24610df7b187905c4f |
| SHA1 | 3b14d955dc5e8c66d65b5b9d7b7b593165a513a3 |
| SHA256 | baff0100c074240ff05b1a0b7720a218f914f079de94c40a86b13c34204d3a7d |
| SHA512 | 7860df0b5ff7ed7aa590def7009afb8ce9707914084cd07957f91e3dc002404b31307e771b6ac2299b421a8d02013ab5d44e2581497c9d1e09543a11440156b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1cf472bf3a835ce6509f17b47c699d25 |
| SHA1 | 249f8f2497e92b1d2de88abdac206fa9f5c6fa33 |
| SHA256 | 5cb04e4a359353cc2ffae6b9a379ed4cd2941cf916fae5429c5ae4595cb5d937 |
| SHA512 | 85c58a5b61040db5b73edee8b3a57f7ef70035aa05c4dcae6a9e72337386bdc1a45ce0c9b79c3b867e641a5937dba4ebe66f4817d327bede7c3e41a8dbb1219b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b77fc79ab7f5bf2c11c6a8e8d941014d |
| SHA1 | 7b22671a94fd3dab8d12e9d72861a1c5989cd1c0 |
| SHA256 | bba097f96338c76d695278c88aa613adcf47ae59c4034d2c2c5ef80b1d5d9352 |
| SHA512 | adaf1902e516a67e0a7d66a871f3c7400fa652d7067bbd5aa517928cc67a61b41ed26df5d32bc2819755ce39a669e75c24d5b920dbc3dee468cd7d7158c9be2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5959de.TMP
| MD5 | 096c8d509d445b18599c4b19d02b6780 |
| SHA1 | e2aac1aabada701cc4e1c83b25e812f586fe3c43 |
| SHA256 | 8d7267e1dd3bf2839b4195c4c2f9ca46af8cee890cb12a181844473c1f7be76e |
| SHA512 | 97d4625067372ae121291fe921f996c2039e11d2f6b1dc2a98e024110047ec91450bc0b2b3d0cb85aa18d006c88d32d685f35330055352a4b8c49f20b4660816 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5084ab27423e46fa7c01f73aaa04db24 |
| SHA1 | 1dcf15d55de54e299c888bc4cd10f7c76e3e6377 |
| SHA256 | 7f9d895522e6370ec25f711223053ed780c01ab56c2ef7505fb129bf32e1f5b2 |
| SHA512 | 4e611b623da7a130ff52b3fa25863422555e03938768e1924c617066b2107958958ce1e4cd1b1d753640ac9aecdf384c47eb3859fe81b4e49db9429e45b56abf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c126e9d15dce2c5c1fe5ae2bf16b84fd |
| SHA1 | f20b84d45709e5b39509b9e1666858b388b60290 |
| SHA256 | 6976c4ff2d131c31521f577f716500b7828af0e9dc6544139772e7b917c74969 |
| SHA512 | f60b05e0c4332674cc5ff4c6171e3a6faa56a60898301a709106693504af9e9e46b5bbed75329f6f5bd971a6389404ebe99f0e971f7b8acc2e486b5c0fbc8145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 24bd7c782cb408d53955956aef3736a7 |
| SHA1 | bf45d4f4f9f4a9693ea5a23b844f515e3890ecd0 |
| SHA256 | 925678c322ea0915ac5116ea4e2e02a7fa3906d19356c11eb18acb81e8a01718 |
| SHA512 | 55af59903d8be09bd3c2ce0922cb8645d1f3b24b5566c5c5f615501a1244894fc5e362d5274869abdd73ec5939e84fa8a6a835050be350dc15123e36d0e2a761 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7c4dcdb0e9e9812d130d4fe3ca7d7a42 |
| SHA1 | 67a2b6e9e4f49ebf0dfa1038f20cdc6f6b2fdb2f |
| SHA256 | 8f168f9593f14e32549c502dfebc6a35c5645b55d882e57034569bca9b1b4ea3 |
| SHA512 | 7837ea67cf84451b6c1306616269c3266b67eb12137cf613766eb60b21eef40327db71b7ea97249b10007c13d75d0274fca59e5c6fbe20a3ef97b339594efb72 |