b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d

Resubmissions

21-05-2024 14:25

240521-rrjzgshb5x 8

21-05-2024 14:22

240521-rpy1magh69 8

29-02-2024 20:48

240229-zlxbmacb5s 8

Analysis

max time kernel
15s
max time network
125s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
21-05-2024 14:22

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

salinewin.exe
Size

283KB
MD5

2b1e9226d7e1015552a21faca891ec41
SHA1

f87fcbe10fa9312048214d4473498ad4f9f331ce
SHA256

7163fefbf2f865ef78a2d3d4480532fffb979300d6f0a77b6f3fc5c4b0d2cada
SHA512

1852f6d05c9fca962178bc190bc8c90f0ca54ea99714480690f44417e49eee6c392579091ae8a6cd053ec47ad1980dbbbc0db3e0e00520ee1bdbadbf8dc9d69e
SSDEEP

3072:HZVUJ58IAelkapH3shY6iEwgaBZP5pHQpYR95WPNpNMl3:nUJ5PzB5ZPPHQpY35WPNpGl3

Score

8^/10

bootkit evasion persistence

Malware Config

Signatures

Disables Task Manager via registry modification
evasion
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

salinewin.exe

description ioc process

File opened for modification \??\PhysicalDrive0 salinewin.exe
Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

1780 reg.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	salinewin.exe

pid	process
1780	reg.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

salinewin.execmd.exe

description	pid	process	target process
PID 2428 wrote to memory of 2056	2428	salinewin.exe	cmd.exe
PID 2428 wrote to memory of 2056	2428	salinewin.exe	cmd.exe
PID 2428 wrote to memory of 2056	2428	salinewin.exe	cmd.exe
PID 2056 wrote to memory of 1780	2056	cmd.exe	reg.exe
PID 2056 wrote to memory of 1780	2056	cmd.exe	reg.exe
PID 2056 wrote to memory of 1780	2056	cmd.exe	reg.exe

C:\Users\Admin\AppData\Local\Temp\salinewin.exe
"C:\Users\Admin\AppData\Local\Temp\salinewin.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2056
- - C:\Windows\SysWOW64\reg.exe
    REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
    3⤵
    - Modifies registry key
    PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffcc9d6ab58,0x7ffcc9d6ab68,0x7ffcc9d6ab78
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:2
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4340 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4192 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4092 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1820,i,11122215045256441436,16617956485175604777,131072 /prefetch:8
  2⤵
  PID:4820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc9d6ab58,0x7ffcc9d6ab68,0x7ffcc9d6ab78
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1840,i,5187986434827129176,12963319897900352193,131072 /prefetch:2
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1840,i,5187986434827129176,12963319897900352193,131072 /prefetch:8
  2⤵
  PID:1728

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2500

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E0
1⤵
PID:3908

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a1c855 /state1:0x41c64e6d
1⤵
PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-1672260578-815027929-964132517-1000\ReadOnly\LockScreen_Z\LockScreen___1280_0720_notdimmed.jpg

Filesize
62KB

MD5
6cb7e9f13c79d1dd975a8aa005ab0256

SHA1
eac7fc28cc13ac1e9c85f828215cd61f0c698ae3

SHA256
af2537d470fddbeda270c965b8dbdf7e9ccf480ed2f525012e2f1035112a6d67

SHA512
3a40359d8e4cc8792be78a022dc04daed5c1cc55d78fe9cf3e061ea5587baa15023ce2152238f5be5cc5124cd468f220cf9dab54344d93edd3dfcd400b24469d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\31b16235-65b5-4ac1-80c7-3c59708970fb.tmp

Filesize
261KB

MD5
af8e85519e60120a5e39f9491b8ee06f

SHA1
fdd298bc903de5a1bf29efbcbc5831f14ea05c38

SHA256
fb133b0ccd1d6336ecaaa639688089d89edee94a9c90a1443f503dcae7587b45

SHA512
142ba27cf7e8289eac427a12ab7e463f8d9b097d0dd3d3c6a940e64d96519d23640660f6b6ea10ff0a8a6d86cd760a28beedfc0b94b926174da8958ae5704f14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
00f5c4a9a141cc379bc9a130bebdc3a8

SHA1
0effb629afca971619e6dd31c10e6c33f4fc39cb

SHA256
9bb958b97dafec04a3d58740e47a6cb7749791128234a3cb758d08ed3a557572

SHA512
c8c4e44a5db48076f1bc51dd9aa4b7ab0cb26b9f58d26c8b9aa91afccd7ca76f4863f7416a9b85eb2ca6508ec5240f38a9a2f940907a359ed8b0957632568135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
14ea28a9c4229d614b5d8b72f5772173

SHA1
17c0d4c749c12ac4f92f32d27629438ae4eaf5bb

SHA256
8530712ee33edd4a4bd698d04840992641cfe7c1f68a9f03cce7074cf1e5b952

SHA512
85b7bd60d43c7e8fc712c459c12ebe00e4a61b0c884bd788078fc6bbc48a6b097cb7b1e7a9a99b62d3a7b4bca00c7b7b384e0c5fe5a4339eac1656a72bd9314b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4adf1be777f72d7744db56849fce3ae8

SHA1
95e0f471167852ad497c768cb00e417cc0a48eae

SHA256
372b9493966d1a06fe5f2797f69a2321b2144a2909fb959a7fa47249e0bbb7ac

SHA512
eb16800f9302a42a7b4008981595dd06647e565c3b13426e34a301310614d68165f680888e262adc487de09b1007642cd8ac82fa911e18dbae0ceb747ae8df2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c0034356e399fb5c2477558064dcdd1c

SHA1
503eda943ee6bb6d5160de8550d47a068cd54afa

SHA256
55d530866d9707f14c4c1143e3e7c76a35c45ed5788b996eaa8959e3210cd723

SHA512
74971f7356d54e1820257ffef196a67a54f1ee7c7b7d8b2e0d5823e3a87fb883a62fb0f1dc7b358c20f99197e939c00c3f9170b72403521a97e220f8e5b88d83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d2c81a73e486a9996cfe81cd39d2f6e2

SHA1
a50cd319d8c3cbdee17ad9844865ce8dba02bfd9

SHA256
855032fe892d13cb1e4d712d50070f1ae2d0d022732ce10e4d068931b34fcadb

SHA512
8d970a7a2e31fec046310e68f4ae17712acc90dd5f791909bdacf0d5c77496596c8c13a9e5c1b9bc8187bf12e68c60efe58caaaa71fe3e8f4617e493ac6691ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9a166a6887821488cfb816c3b0160813

SHA1
78c1e30233ee4368ce6c20c0df61f286d17fbc84

SHA256
9c0b207cec2bf5dca84997dfb0b5427259d03a403f6c81cd798a4528d95fca0b

SHA512
b53d47374948f9145ad78b77b978abddbb8f846b633d58da6cc43d18ac4fcef0430432474994ed9ccf6b382117fc9be747fcdd29829b4223586ef53a96f3d41f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2d065ba861382927dd906d91d8c1b183

SHA1
1f436ddcc95c5d06ea625ccacc9382c493f9a269

SHA256
01315f59f1c04c7e7eea511f8b35f6822c69fbd51407a82ef486ae487bf37998

SHA512
c013d9adae399ed72de6bc857689dc389396cb227a7a2ca692b87b13996d80a2b65786ae493aac1288a7bd1475b061a03ab5b41584d5ebb0880f3ceab2fc5b39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
20b08c8f6f14c10f9066085156cc25fc

SHA1
839fd40fdcba6882eb55aabf1afbd0d2d51dc8c6

SHA256
0372cec522cbf0f035191326ac2bc0b864a27344fdefe7e18d966164dc15578a

SHA512
422cf82e2ee22aeaab1e78bf6981afe20c5a58ddc8239915f6310bb73b25764029abd3c9ffb11b410fcbe89706d1ce7633b5dbfdf30202f27b71bd1414409b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5b9672fec501dc32cc18e8039174786d

SHA1
842c79a9369016882b8dd2cac53182eff6b999a7

SHA256
039b9ddf4f47aa0f84fb4b0cc863a66de50d65d27347d69bfa08aba2a6486d76

SHA512
9dc7eb5617fe92212e38b724c0cd2faa59823ac10dcc7650e9da90b08a9f6fd96cda1a9a94a9b487d6a80f25bfe3f3ba5cfb4266151afa196dc7e6a73b382312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
6bd851960a47ef685b9f9f4ee0150709

SHA1
d91b3ce7555b6cca597fd43bfec3351fff37d7e4

SHA256
8ee57cce6da69f014ee4b16f8e2f695faf81c6b4098cdcae9a536655b6fa5b4c

SHA512
df1ffdd61413bd5dc501ffe7c991bb47b60fc143c13f62b7faaf2a5da5cbd029f52df44de4552b5b71bcea0c2790e9e5826541b9e8e78abe427ad20443b12d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
9d068e390186091fd3bed685aa6b88c8

SHA1
d8fdf5b95ec0e630d9991dbe6ce79abff97703a7

SHA256
730b26a2604cfafdbb0bee6c2fbd5b5379b0a7fb85e6140a56332a1e116af3b1

SHA512
a959330d1e1e6c395548819b1c0fc181f5166b06b4ba2150255d1eba132c37d6581d4d9d7224f1a821fac5730dc64a02567114cb82bdfd439a272702aed1c3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
29a5d1e5bb6a3f3ad49c471d07a71091

SHA1
4f0611030fed9bd2fd907e2a415f8575bd8e7ee5

SHA256
8590421f295174cd00ea1f640217fff3da32b3aa50c98a7c90c1668ef2060420

SHA512
67ac4f5801cfb90679107842c314994101b10194e66084db999f2ec39c1cc62f2be14f9aa3cff2486ffcd339156aa1bcc1b022c72d03990a23168359d7d47216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
8567a0e381ded4b11e840ccdc6e38b65

SHA1
ae06477cc6e61b2e6bed40fc14534a6fc4915e2a

SHA256
05aafba1d222b73268d3f2eaf60b6865c0031c6f6de81e094ea57dd01ad1b545

SHA512
6b11797f92e28c528892b6eb8aba9e9688e69374e44749b68ed36cffca910e9ec12b6ca25a8fda19dab86ed9e0feb74fa87ca02903a151784ebfb25c20a748ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
f92bda471b0cd6aa6eb7665e57c42ce0

SHA1
9d570376a478344f298d459cede57a7ba4fa7aeb

SHA256
984f7d7db201efe2a9ff3a55c319366f92ea7fde9b9c41ba5baae1c3e69b1744

SHA512
ae45fa869c80475c9c4939a2c7f3e5a023be261a549867437ed36c7d03ef7a76466030c3e2414300fda3fca6f47a235dcc7c832e3c2d4104929b777e2f54b2cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
6940cb5124b7ebed93f9758096cd0013

SHA1
7ecc3a5a052d577b3356f87ad0502479ed1ff782

SHA256
42e73b726c00c87a67a42f4b88d2f29ed2df208985ab47fd5a22d10052f825cf

SHA512
16bde62c6dffe21c1ed5564ac1b2e3ee11d46e6da213ea3e11c626bb550da99b146af7088407873d9ec80519e5b44068b677c5fe16a0e1c15f8432f2b8df8028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
\??\pipe\crashpad_476_VNMYHWBDUCFGXUEY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit