Malware Analysis Report

2025-01-03 09:27

Sample ID 240604-3szxwagc84
Target http://google.com
Tags
bootkit evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://google.com was found to be: Likely malicious.

Malicious Activity Summary

bootkit evasion persistence

Disables Task Manager via registry modification

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies registry key

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 23:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 23:47

Reported

2024-06-04 23:54

Platform

win10v2004-20240226-en

Max time kernel

351s

Max time network

415s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com

Signatures

Disables Task Manager via registry modification

evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\salinewin\salinewin.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620184661753446" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\salinewin\salinewin.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2512 wrote to memory of 1284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 1284 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 5024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2512 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff98c009758,0x7ff98c009768,0x7ff98c009778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4844 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3208 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2868 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5176 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5248 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2940 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=1900,i,2466165574525192946,13464438768055873976,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\salinewin\salinewin.exe

"C:\Users\Admin\Downloads\salinewin\salinewin.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f

C:\Windows\SysWOW64\reg.exe

REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f

C:\Users\Admin\Downloads\salinewin\salinewin.exe

"C:\Users\Admin\Downloads\salinewin\salinewin.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2c8 0x4f0

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f

C:\Windows\SysWOW64\reg.exe

REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39a2055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:80 google.com tcp
GB 142.250.178.14:80 google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.187.238:443 ogs.google.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.213.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
N/A 224.0.0.251:5353 udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
GB 142.250.178.22:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
GB 142.250.180.14:443 encrypted-vtbn0.gstatic.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.187.202:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 encrypted-tbn1.gstatic.com tcp
US 8.8.8.8:53 e2c66.gcp.gvt2.com udp
SA 34.166.9.70:443 e2c66.gcp.gvt2.com tcp
US 8.8.8.8:53 70.9.166.34.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.178.14:443 google.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.178.22:443 i.ytimg.com udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
GB 142.250.178.14:443 google.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 192.178.49.163:443 beacons5.gvt3.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp

Files

\??\pipe\crashpad_2512_VEUBAYKXTGRLCJRG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3f68dae758bd9baec9ca70b02dd32c6b
SHA1 680e6a043e5d4156412ced26e9ba5d854b2891e7
SHA256 d9275ded68a76ebb4f21185f745f504b9bfc2760ede267036df35e1a24494c56
SHA512 44c332d19795454345e96d655018b12be7466c13050f4781e58e06ed389e40cb4f624ede1b1cbdb564a2ef7c32d31b039d60423600876d3895a56b112f3f1409

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae0fee8957be5df99f0e9c8d3000b824
SHA1 f0a15b98c4a2e3f377c42a4fe7ea6c942d3aa0e1
SHA256 cc955342c540ea19fca1f7ff748751a44cd9597b271679f7a629c0ce927c0642
SHA512 0062be0b6afdbfd121770cd046cf6ec8653e8841b92d51fa2ecc3ca989731ee0286ad333042b423fa00a420d356fc01f2d134fa5ecf820c117f864658779d204

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2a16d2eaef1b877e567905bc839636b5
SHA1 01603968cb36f94d13fe49a867d89ea3435a85d0
SHA256 1c9e594ee55b51eebb6fe5e5daee2161b2234a49c32ae0a527dff591d3f52290
SHA512 b0033b5c7bcd6b1b5020f7a8614fa152f854292cb9a24b599c9f76ffe1407758a4dc18de7809ff79f21cbc3f60ec83859e965dd4196bdc830ca8c4d3971246e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8459ec5b803945ab5e8073ae7c4e6a2b
SHA1 7214541e0aa7114ad9c6229772c875fb9898de93
SHA256 ef6203f8f15f333e403f6fbd2215398faa7e3c5bdf63ba0d2ca8c0064f94e67f
SHA512 4efa45ba64339d31399e2816e3b24c725f500496bc776c45ff1d5ada075365508b6b7b02e947d1d90f3bb043352c3f423a5a9fd0ee36780db59eabcc600235f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9597d45f75d68650a3b347a5a0c3dbe5
SHA1 a29ccc4e53cc8d4fe697b95ec79ad4aa1caeb2fd
SHA256 4307b931bdb47214d5316edbfca425c3999d16cd69fa33e83c31c8ff5639d939
SHA512 57b8e9f819eee01abee3af61b10925079d33617293e91cb53c7aaeb564420a92076547a4abf3b79a52d6b3658506753a64d70a0f97ba68a3a1783ec84097eedc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58241d.TMP

MD5 671338aeb81892b42e07068a85913ea8
SHA1 1d5cb9c49f8e72bba0422530b854053bf1b23eaf
SHA256 7632ebbebd4b56105755ee48f452f9ec00d1eeaa8c1db6107115c6e968b9444f
SHA512 7bf69af7e7fd4be81a27eec393e5e1804b9b6ef78c873d4e85b764aae0be10b76816e586a99e4a7bffc960b6b1569e2198011895809dd2c0def6481a739bd70d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 db4b294caa6279294449816633009ffe
SHA1 35b763a679f807f36937ac35b18033efc324b654
SHA256 493314badb3ea8d78091ef15422071771ab0447294acc1dca1803c8060fcdb65
SHA512 82277f40a63b313d54c60fb93bc974c69babb699824998cda82bca88ee6a018cea4801bb72d563848804b6485c06e58dd7d2c2b7d92243c1f88ced719a52fc06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 876bc8872c1dda7bbcdbbb8d025fd6a8
SHA1 8c34c5ce324ede62498f4cde025cc03a8b2cdd1d
SHA256 60be8385f140e35db58210172646ec86a5ba24addf4ab49b36b27ef0c4f8c680
SHA512 69cc0e42b78f7722b6f3ae780bedafa0009b3d3a333c9970440d7b4c0434f0768192e69e4b8aaa6de597e7678ad76537188bf6c99c0ea33a85ec9824294b2646

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 11cc6aab8840a359739c9754b23ef32b
SHA1 a21f1e9b9949a7dae5dfc32b9dd59e217ee76385
SHA256 43ac76109367b48f2453bb2a0f30d71f71037f11891b0830c6dc2b8d4a0e8287
SHA512 3ea13ffeda432c459aaab79bb8133da05d745e5dd8d2cae8311d49e46789ce066479795407b5d420c4c593865dd37a46d26d2bda239530688debc624e9a4c10a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 708d2eafc7a18894f4d7637cdad13a62
SHA1 58e77c14a69c11556dcb04b135716d9df3051a39
SHA256 a683b8c27778bcae91dbe4d8ac598ce654dfd115a6ae3195286c38fe324c6bc7
SHA512 c2d1f742afee97d0356c542f424cda0599ec533ada684d7603117a2d86795cdb634e9ccc11145a012bd94cffb083dde4749b091b0fb46522ea1a31f70d64afe4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d4df0de071ca189ae2edeac28aa2dd09
SHA1 6ec64afb26919854120df2f413f37b11d373add6
SHA256 721c4523e1d1f2e1bc1b42eb0462ba5532fe9cf5ab6d73a0363bb44e7807f58b
SHA512 ba35a64e718f97fc64a6394b5182242f0e9d37eecff2e53623bf19ee1114611648d31ce7cafd335f066a5eb67888e024fdef5cf74e1e422ba84ea2b34b95d5d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1c0f0662f210a57ac062f502889eaed
SHA1 d4d0448455c1f4e75ee27f808bfa81dfa12ca4cf
SHA256 5646691787b7172dcb6121a6368947f691e16bbb052aeb151b1bb078caa1de5e
SHA512 b4ef098835450422186bbfc2161ffaf2b280373e18812334d151e754038683abb87fb5cd89ec5d108bc61a2a2e9ce9da8ea3e1d68c64056b9a748da058e674c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e83766b63d7fa67f746deba95d93bd2f
SHA1 d5515beaf560d8508ad3797ab2d58997bf7c0b22
SHA256 907eb09e6c36c7f4e4488052adefa0a571cfdab95b5c86bd265a8cd09d41c1a3
SHA512 cecbceb184180e59dc4c5416e24bc149ca9d20ab38b8ab91dad8b0c58ea8d89562017d9dd42de5306c8f0a395e5a5749246799c501053c0807281aee6f4b4a3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 19b14eab51212eb5b5b7fcde8125e35b
SHA1 2d31173db5cc318b24d30e5e3d0d7797804e8b04
SHA256 6dce1921d7a30a69d3c414b85a0c8618f3153af5f359e6bb65e11b3628cb68d8
SHA512 09472a9950621611d6e41cc14c5207ae48fe27877868965f5aed5b7682678c0a694a7416ab309ba8bddc42338ee1466741cd8e08bb8c6e2ea1ea1276b6aaa4dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 59225dec512dd64147896b733d41f9d6
SHA1 d5e18c377c0c1f268cdf74efbbf50937a005832f
SHA256 0359b72b836ed5fa3510b4f8aa38aca9b3697f354b1600ff3aaa2f75f9102b51
SHA512 92fb0203d4faaf0d280a70578db16e39a3704d9a300299e618570dc15d5c9e96f3d71b44012b23587b5b578a830189bbbdacb91d6569de87e09e0200ad3cf241

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07342f6fb0900764511598ab01d795b9
SHA1 74023983d0c5650cca84a70e7ffc4addd46b6719
SHA256 d1f71bd783d8df5bd4536805a98316d907f2fb204698895ee9ab46c78afff24e
SHA512 72cd61eff46ae889d4cb1e16048357bc5af219a0711335840063270e6992d3e130164ba521b7b26236bb4ec1d981a6388a542b0285e15b3d914a38e641d62f95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d6cb6ddf6be3fc2ae930eca04518f763
SHA1 bff89636bf2d5f437dc041d146264ae56bb106c3
SHA256 7c6c6f73485f132b4c756b5b1a730f6b844816b5abd6a2b64f6e30ea429b5a57
SHA512 2a43ce270822e92325f7bf4cd48230852cda4e423e71889e0b85c9294039923addf871de086749b0d7635c8b79034bae24fddb5001d5f084fef4b30b17719d31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf23300d4b1b3df34d3bf52a902a67b5
SHA1 b95b6cc288fa932d3c855ab9a5eab57281a96e60
SHA256 df54083e727e4bc51cb3a6ab282986cc95f7bf2f437fe6f0e7bc868151e9792e
SHA512 58289bbcc69c527ed327c8eaacbd3b318cb40549e577233e1473a3fdd7e80ca147b6c29fc9cc1eec4d0b838b5d52501f1c52db10f935d59c1b5485ce64dd3e48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 346547a6f6c79ecc84b5e78033612114
SHA1 fa7d480f082c1da0d8063119c5313f4ebf821d39
SHA256 974b5794e766ef0ba7c1365572f264a975486e58d7399e17ba4f1067b257a3ec
SHA512 9fc5f578ee715282e4233c7f825d20bfccb32b62f1eb9210d36987dee8977d514c1457ae9ab39e0afc30f0d2872cb1a8f59012504ccc9d51764e3cc8f0f09dde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b43db.TMP

MD5 ece376f39b9275e958e78c3089fada2e
SHA1 ea8fdf6faf303194edb1c2b9647d0897a024cbb9
SHA256 9e059fc5c0db66d909e56747c7a902856b229d00f7adc374dadf931239cad3f1
SHA512 fcc660946e7798299a0d2f1a047cfa7bfe523a3ed1afd362ca1cba10fd647b76e6d5e4e32ceb3002001e5abeff7d129a4e23dc24febe58a1c83f8bb869f5040f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0c93e7b6a5872480028e95a7378b6e4a
SHA1 8c4ff48a90a638ff83aea02c3f3bf3f35914b4a9
SHA256 26e77e7bd018a47bc02c3fe3ffb62b9a185cf217ce91b3c64d8f915b99ff0fc3
SHA512 31aaa383d2313dff6cc9a65de56863cb0d20befd3aefa3a20d515ea113da92f27731d6942254307b7446b03d519e74264144e3b768a71297c7d27bd3fdc38842

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fe600d685f3fcdc6477cfb379120f5b4
SHA1 faa2e5b8cbd01b4ab11de6c8ec24c2c7ed214b55
SHA256 be16fa032da698e18fe21ca9ef8161c3a43c4c7bdbe1776b3dc38d9779f63d39
SHA512 d2fdda709baf64d6edbc471278b4df6913be596dbcc52510a4f533150b62bda5716a175b740d9db2ce070cad6f0d9c71b31ca4da0f6f8ff70a89ca0e9641e1c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 169b3170b01471aa86ef8914f6d418cb
SHA1 54d321228dcdf8847cbf4d3553af39e9c44679d3
SHA256 d39d2afa59cf2de73539488bf2f799efa236f538a35cfd30b943ed237b221cc5
SHA512 4dbc2b223bc2f05cbd7fa7d6befcb95c5484e9dcabab68043482b79377b92ad2b4b018af83f0275c5b8dc8a424d22ab796fdd3d0536577724ddae334738977b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ef9dc484ceb33c4de521efe4b965a44b
SHA1 acd6fa63b25be6b81229d84611036aabd8aaa677
SHA256 89d047b166a98d10b8f581a74f69e654516b4b5665bae74c738d778cd0aec567
SHA512 7c49ddd1c28f8a63ae7c87a2772325e11b494f0611c0d8fae6d9175aae3d868b458a3194a32835f17d8ac140e1c382cab0d4c92800a5928e254f7f4a18aa2f9e

C:\Users\Admin\Downloads\salinewin.zip.crdownload

MD5 19a966f0b86c67659b15364e89f3748b
SHA1 94075399f5f8c6f73258024bf442c0bf8600d52b
SHA256 b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d
SHA512 60a926114d21e43c867187c6890dd1b4809c855a8011fcc921e6c20b6d1fb274c2e417747f1eef0d64919bc4f3a9b6a7725c87240c20b70e87a5ff6eba563427

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 942bfa92656aba6735af39d4fa3a938d
SHA1 3223a8bc3e81cef4e6d2f9914b354a0f345d9923
SHA256 0cd0b2a4a72ac8868428f2062c22e2eeca99effcbbe1f69da7459de9c831cd4c
SHA512 7a13f206f2e3bfa4f1566050a8864b6c79eecefcf85e54c6f60a7ecd8171d50547fcb904043c916ce1a309ba5a076354a192bfdfa5b11a52f78fab042e3404e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9235f14f8c17256846df756deeb95577
SHA1 f5b531a264026e632d6f5c968d0d78799a4532ba
SHA256 48714cf4b94ca20793f78f30fe49a270265b7c0d84cbd9718927c96746785725
SHA512 1d6e1f28c36dd665cf767d17fd5f509e6a5a5f20500f5d8e24b09f718c31fe128e22afd6c51a778527c858810634031c7670ab4244f4f5bafb68315c8aa18888

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0a9e0d2107550cea1a6c14074fcc157f
SHA1 6b7dd258a5600833ccf795381af2b0fb81f7cefc
SHA256 0d369ce194961de906996fcb59412490d771114c8e0bdd9faf83207b0c118d06
SHA512 9da6d28ca4fbbaff250271488187377bbad2b57666178e3ce2bf158816fa0c0e55770d911aa7dbd337f5f867f97619c32ee54fc876c9a1baef8cb3a8ad3a1be6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4109a0a3c2ac5d73c0ccd14c1e58b38f
SHA1 dece8eb0c4f17be148a2a9db4533d37c7853ea48
SHA256 dabd5f67e798874adfb6b3900f6bfb04556b2a308ddf5d5f9a226d648197ab37
SHA512 85819b9ef5427b92c05d7b2852b7e3fcda3d68ce9b43a2f0dd7d9f9e4fec591ebaaefcb404739733673059d21da1e008decb1fc85de65c0794bedba17e678f36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 5f2d024bfeb88a0dcd01ce684cb0dd74
SHA1 4a8288433b5e90142d0bf573895f7d18bc991ccc
SHA256 351c022d4e2756ff8b22a14b07a0f59c9244f61d466bd5f4aabafbc849cefe4d
SHA512 7c98a3bfddb9b9148bb56ff10020f0c7273359e7d8939ad2c731be3f5b93be49251c54063fc23db8e27cf5027ec47cb17e8ec3474e24bd2772ba745e5983f87a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a8798292ecb30bc8fc2c267e5daea7d1
SHA1 3c2a93586bc1a14d28510233767b25f2bfd8e83d
SHA256 e907f9ab450d74fa9af6c90b4bec69ec858c0c03b948b402c538dd71ce7748f7
SHA512 6e129c837dc1f62e7b33f72a5cf300b39d7b4616a0dd33b9f79102f53bc024d4f169e29c82554fc1831a8ebb0e72cba7528093560c51710d26a851d1dd9c3533

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a8cb81e3f260fe30e42ec558b92d33d9
SHA1 fafca465d66bc5d1a373f25dc5bd650f958ca768
SHA256 a744e8141dbd26ec24496ffc1c710ac313e8958599406964370c4f8944f80ada
SHA512 775efd7c00bc8674c98a262d55335f6b32fa9625139cbc7e33af066eaeeec3992ac892b5db599efbf22f16aff7ca28eecd67762d90d31b0d8d77feb800c0900f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 313cc6e051a9f7cad94b80a10e264986
SHA1 5c28b2d11f97cc135efde216f908cb3a547e73eb
SHA256 1bdf834f696f76128f9cda10eca0dea02f1a52d5c3740447e44d4a9c0bcb05b7
SHA512 ff3ed6f7b14ab72f90716dc38ced415881da6d8d747bf7ba68b0beadbd03cabef23adda872801236dc69bc477d4a9db8c944597b6e3b3cc94bacdb1df8188262

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1da3d98e4c5ade039b32c1c91393e80c
SHA1 ae7d276d120c2d6563cd0e16fde379355e8e4b62
SHA256 f479326d57e79546c7c43d3b76a22fedcb8261371c10bb7d20c34b3b5cb4fc0a
SHA512 a39192c55e7f21ca59bb478439b58c4554f3971aeb014f4a30d21e5099c1e2d995964a64c93c2aa7a1b4db416ed79202d7f725cbc29298e782b253650b8bbd51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 41a1c2c21aaf7ff985e778379780becd
SHA1 7a28eb4fddd2157666349d0a5df1fc1786d4c601
SHA256 37e3d5ceb0b4265b400cbd696d0d328f0b641f2fd8f93df3aec08cd4b26f2037
SHA512 52c04df5879815da205b94e21c8e36ea9365aecb574083a2b5bae482cec59fcaf2b66eda6cf96f25ded90660523ecce5d275a3ed81e9466fde0c7b8b3b0714af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b161fa3599208e12a33725c6be2f0a9b
SHA1 541503807b6eec9dd866297beaa13035c15a82f6
SHA256 cf2e9a867876af4bbb67ba7aae5ba09688a2fa728033b2fb6fbdf79f29a007bc
SHA512 eb9bbaaf74c76f44ec9f502dc36e813814ef1af18baf73065e7742f1fe37ba53fc437b8ba71fe9c5aef6414b02d7a2c5049da084c2210de34985e8ce7c8f9ae7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 7c72e4ad60ff9eaec0b21d5a8782e936
SHA1 ea71b1735ebb271b21821c841a3df5f7e639c37c
SHA256 d8537c8c564b641d5182aaf130b7ab0e090b6232f85a137bda8898f6476b42df
SHA512 0da0fdefd29084ef3e40649e5356891dbd386b13da781d63d2e2d497236ddff219a134ff0e51ee93bf57556995d1726a3365b3043827ff797fd4c4d0ad612e0c