hxxps://github[.]com/pankoza2-pl/salinewin[.]exe-Malware

Analysis

max time kernel
480s
max time network
504s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/salinewin.exe-Malware

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
82	raw.githubusercontent.com
83	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\asm_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.asm\ = "asm_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\asm_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\asm_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\asm_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\asm_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\asm_auto_file\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\asm_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.asm	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\asm_auto_file\shell\edit\command	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3920	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
3936	msedge.exe
3936	msedge.exe
4236	identity_helper.exe
4236	identity_helper.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
4916	msedge.exe
4916	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
692	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3920	NOTEPAD.EXE
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe
692	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 3820	3936	msedge.exe	82
PID 3936 wrote to memory of 3820	3936	msedge.exe	82
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 2144	3936	msedge.exe	85
PID 3936 wrote to memory of 1156	3936	msedge.exe	86
PID 3936 wrote to memory of 1156	3936	msedge.exe	86
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87
PID 3936 wrote to memory of 4912	3936	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/salinewin.exe-Malware
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95aae46f8,0x7ff95aae4708,0x7ff95aae4718
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,8032041981118977371,15484913058211695642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4652

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:692
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.exe source code.zip\salinewin\PayloadMBR\Data\decompress.asm
  2⤵
  - Opens file in notepad (likely ransom note)
  - Suspicious use of FindShellTrayWindow
  PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
59KB

MD5
4bc7fdb1eed64d29f27a427feea007b5

SHA1
62b5f0e1731484517796e3d512c5529d0af2666b

SHA256
05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6

SHA512
9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
18KB

MD5
277fdee241a520433873c520e31bbc7c

SHA1
28ddf5b9f1353a3acc38a50d8461a791fdbabc4a

SHA256
743027653f691df64995ab146b00c862b25f3c0d97e90b25e0ba0060ead8df9a

SHA512
f2770681a541ee93d159c663a03f2421b5280f736256f44fb834fd165db9d8e0e1bee5eb484dbfedf4e324862322f0c462af0ab5b4389e366f3d716e2b1273d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
18KB

MD5
9df4b1790bd403fefb3e0c399256fbde

SHA1
67ceedb00af0dd8bf11a89f87a12a3c04c6cb735

SHA256
dcd287295062ade50409586db9ecbbe6de0d5cc1af7c10ad2a05b0dbd479e2b5

SHA512
09ea54b853f8bbc53046e3d59ec0fcd5503348c40908c9dc47e792207d732dd37cd7394eac559668c3781215aeb360ab16b473f00b328601d817393fb0517a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
130KB

MD5
b61b5eac4fb168036c99caf0190ec8d3

SHA1
8440a8168362eb742ea3f700bb2b79f7b0b17719

SHA256
3c495df6db16ed46f0f8a9aff100fa9b26e1434016c41b319f0c1009b7ab2e1f

SHA512
cbccd3aa5a1bdfddba5cc38956b5523a422a1151cdd0680336ab94f07aabecd1695062a0953c32c8209949ea6a4859c625c6deffe5108e8d5e48290017e51874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e39827951d5fa720cb83adada77fb08d

SHA1
1ab52b7aa35f07e3c525ddcd7f51a8f11423ba6c

SHA256
91b47e26dd4605d87772cb48c8ccf84091c485251be43a949cb76facc6d02251

SHA512
a766d02dce7287fab4c56996343da8f9b99710665c42c54898d28b9fee2a7bf79158b847803216ca2be4e268956c26ede418cd166c88d1c18b21713cfb9d32ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
21c1a9a4408fcffeb6f12368b099295d

SHA1
67fe35404b35ede62b92a2053ad5b5ba29cbd244

SHA256
603257a63235a3ec4bc904917b0fd16c1a99fa7ef15ff85301785f4351374eba

SHA512
0639f0ef89297261caf0be49eb7c295f638fff7b92710b211d6d5fcdcb20d4613604f753440afff0885c370a3d7dac97a150efb74f70133da3a5db5ddd2d5bd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f3dfdc45211591d8bbe4a564d3d57701

SHA1
dece7f7d78bb333e1708e4eac383be5201f10887

SHA256
2b37fb97761c1615cb02a62dc9c9afa8467bde46208e3679801d14854c4d5063

SHA512
11a9870f483d0a5014415ed2f8bfa82fb5117d02bca3b207d05aabd32e13d7abe01e351a1c052f0a3c655b985c5a1689d33adfc26f2aa9277703dd2e2ef0c26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
5760b7dffb8e58306c53414558155a22

SHA1
742020b1ba3d0aaea7c0b9767ebca81ee2e7d9cb

SHA256
3f623f00ff0c445cfdb7d3858755ff615a4b00123b05a364c2ec253621b0eb72

SHA512
c53684e05514b6a8f6b1689429cb25beb82af91e3abd3d72962cd11dd0d4698f47047562087cef2b6c9e4e6134dabc90604ffa75ec8930f7b187f0341de4b842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
a7d1701142cca705f833d70023ef4e1e

SHA1
1b76853132abfcddb4fefac42bf9df5d013c9815

SHA256
6c92f51e7f056e73c407228fc280cb7ca4d00ab02674d1dda4eafd7dc9f070f7

SHA512
806b7ccb375cc6116e64a9fa15229d783615d13b54cf40251561d9b664f0925915c5375ad88f5ca8d061e01367de239c29da79adf693559af53eeb7d9b1ba1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc6ae671ebe9f075fdf73095513c2cb8

SHA1
22cdeebba74abc9bdb7fa69682a7f50d8cfc4f3d

SHA256
d0c47325a3377aba52b7e496d66ff93dbfcf20a39456f1c0164d674a881695c4

SHA512
88bca6fb28c7501842a0b29372624915c7c5f632e814086952f2f2b7a33592869f4e395dad74af0a3637029499a6981fce6c1e926683b8677c76a4849a0bd43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9fd0f808d48d940111072a88b25be948

SHA1
2dce950d55f4f010d5b1f268a5e68736f682a843

SHA256
b1c6b0f61924d8a8749cd55f2201dcd424e46531908379365c997980a97093f0

SHA512
44f68c40a93b1b3b73758eb12d2ee04c13cf8fdb7c0e92581882b5245d563bd495085fa801aee94b5c01b4c615d7f7b957141e6193041afe4b8935c54d6023a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac6f4994003c7ac089e10626e4e56168

SHA1
aa189af8ca990877654b9bc82b93c23beaa3f1b0

SHA256
4d2b2dc952a17c64eeae23d28ddb6690242669576a57553a25a5539bf832df4a

SHA512
527d25f94ed85377e2e84cbde7083b3d6a85949a1ea02183bc54110aebacf075c086c989268958db9e16dee423e8fc2d24c786946df486becf7b3d55cc46e015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06316149b92b86661823287f88957c15

SHA1
b7f72526998573f32870770b25f243ebaed7c341

SHA256
b2bb1aa428e0e085ee599e20d5ed66c196f34a52ac6b3f95b15011ac166c9030

SHA512
f2dd04f37bc81b4a23ff85c0105cae3de5b1363481ab5c71a5acad7085b973ca35f2f95b0867f1cf24affd38b35f53f9912c81ec6dc4b75e6c8be01c61da4d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
efc903ff7b8a98dace24909a48fb2d40

SHA1
6843db81b45619bf883c89ce03915f7823e1a1bb

SHA256
4d41ae0b2711c04b20477058a939f540a734a90e25c6d4cc5c2610a31abd8c4d

SHA512
b80893cb1d8ea259eb317714d86b7c7ca9e783b18880d9171def75745ff8652ab2e49ed2e8baa47e2fc44478e472952b316eeb29d5f81018b2cfa38cfc9b3160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
53f8c88f4b7689bec9b8bf784dc8b517

SHA1
97a51eb6b6277eb77918f99f1e47e30d6cb02d24

SHA256
fa8880f02e4278964adee0d23a8160bca1a6f0a32558f31341a2fe8f504391fb

SHA512
5fb881c5e5869d98eb341bc85876336f951b331ea127d0242cfc2b23221dfb8f0f8855c5cf4f6324c0a60ea4f9a03837fa0d1c57c31874416c98a72cdedb91f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9efb965ec4daf16b0a54d929802deb62

SHA1
863ceaed01466c1cc0154e27845bd8b3eed6ec52

SHA256
da64ede7886bf3ac93e71a262d9ee3c44eaeb556797f1fae732e64b72b6ec71b

SHA512
06bfe2aa89284183d5543bb9d5bb97e96b7ae66de7ec5b32a9c92a4175f76c70ebcb1a8b240a2489888631e103956062c8d8576a6db7e62e9797550fea0b81bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
7195864473f796f27cbb4de1983ef08b

SHA1
be80ff7da1e3c5395a05a34c11b92c983c79806d

SHA256
61839e50c401e76b89c33719b0eb3d9735e22ade310fa9038bee3d3197f6fac8

SHA512
52d225e82df302777d8a96baf850bf8a252573b5bc1e25ed159db4faadd7fcf4e3ace1578c86f8682a4f101d9a7d69ce299b725a1db803a40b100bce00bee51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
864B

MD5
6756d9a1e29b9d01370a9b1317906d1f

SHA1
a82a24acc9d5c06d2641e108eb0f705ad3232307

SHA256
143e45136fd3a88b2ed12e016c93eecb12ef8faf17d2951b3cc1b37e137b7f8e

SHA512
0fe2712c81d263476ef153aca0d3d5e5527c012ae31f12e7115c3780fce67fa333fefd636bc81d3b6503bbdbf89f98a512d933fb534e321332456d0f4080a034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
46b074348f50bcbfb93759530257352c

SHA1
59587464317349e707c4ba45486de54d970d96ee

SHA256
b2cf2ce00e7ea45d6bc029ce4c1e5bd96e3fefe17c50d7598961bf8ee5d176c6

SHA512
9b14879ba49b803dea176114436e94cd5dceca872164a20026a0cdbfa7855fa5b750fbc739adcf6e395276bcca04166d1e5cdcf03d2c772b35714dd3bb21048e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bdb2.TMP

Filesize
864B

MD5
83b0793b530cc83743308698b3ea50dd

SHA1
7a34712d541fa9ccb10c91b3c015019aac297f2b

SHA256
07506e9e2b9564668433a968b6f9dfe00c1ee2e7a7c0d6fb71ec9f934f5148f7

SHA512
eeb4e255f076fff4349ac2e7be9bf22f69193dee0b42410b908f191c6e150ffe1de52638db0cddd0560176fb5f57fb2388f6f6a9eb2ab5b0d71af7de64d06200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1837a2d4cb72f021718de3f9fc1b0cb5

SHA1
108e66b7a931c2fe1a3de13b3b1e34c11321ee27

SHA256
44b08b066e7d4bb41fcfe7b2e78d74f78a3a5bf586fb55042e622fb462c23137

SHA512
00dbdb02d19ba94eb1555ada885faeb65945733e549d9eb325260857bf38159b45436a7ea5f9c364c4f2d40b89f5b92b595ea8f1e426305eefb6e7b679dba0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5afb99dfada252deaaab2785b25e1a5d

SHA1
50c47d46eefbcec54939a6614daabd974841de37

SHA256
46c2fa0e324b2a8505d19faf7744cbd4c56ef9e2fc7401c8c407c304a0270e68

SHA512
03249410a5e7db0b4a2a691c817122481c26e7e71e71cda8bcb9d610643d73d17ae203bd2a64e9e941df05f4a4b394286c929f9f95ab46464b29834b1d1d9d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a860c4a8d2b57a0b8b28e98e4ee9ff25

SHA1
7cbb7da832697ec03cb713fe26cf23235ea20acd

SHA256
dc9362c5327f34747b02f0d4ac42e16ac31c8ac23de17df87b4170eacf913e9a

SHA512
61dec454a67ed4cba7d4814370bb95a70c5a5d4424376493b58b5adf1aa5324dfda1f6614d23936390397e8e95c53aa1039217ddb84bc96a39a6323f41207820

Download Submit
C:\Users\Admin\Downloads\salinewin.exe source code.zip

Filesize
11.9MB

MD5
2a2aed5bbdbffbe427fae0495b39c303

SHA1
5443a547a7c6b921b50bf5bbc4348fa506f0b05f

SHA256
78aefd46d31f2bb67f0b9bd0d831f10f21bfd9d44b9deebcfa52c45e85a72473

SHA512
988ef2a1e45c55e4d9ed3e268af6d80c3cc39e2ffed4639693e2d610669b84b077394fdef7eabb978ed985b21586f40ee0e09f211c243e65d62e398007baee89

Download Submit
C:\Users\Admin\Downloads\salinewin.zip

Filesize
203KB

MD5
19a966f0b86c67659b15364e89f3748b

SHA1
94075399f5f8c6f73258024bf442c0bf8600d52b

SHA256
b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d

SHA512
60a926114d21e43c867187c6890dd1b4809c855a8011fcc921e6c20b6d1fb274c2e417747f1eef0d64919bc4f3a9b6a7725c87240c20b70e87a5ff6eba563427

Download Submit