Analysis
-
max time kernel
356s -
max time network
600s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 12:04
Static task
static1
Behavioral task
behavioral1
Sample
7up69l.jpg
Resource
win10v2004-20240611-en
Errors
General
-
Target
7up69l.jpg
-
Size
12KB
-
MD5
0b2814fae1c1db46b9c61afcc1a63f49
-
SHA1
0f4700cd7aa6713ae76c6ffd8804340b0338c301
-
SHA256
69f43617b38f34ba3a45a9bf75829568078ce6e6b86cb75c2babd2f891810e4e
-
SHA512
a267d1f4a5dce71e7e64ef8dcac796248a884c3de8adbe011f31c171613a415339c2f2973e1e0b62375c473aa019666b7008af919d0c979c2eee3cb2fdd93286
-
SSDEEP
384:ahv/XX5Ry8NCVH6ZYklmwQQc+8WHxvj14UxeuEjCB:adpQbhiwtQcTWRStrE
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
salinewin.exedescription ioc process File opened for modification \??\PhysicalDrive0 salinewin.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 2 IoCs
Processes:
chrome.exechrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{453D2B40-676B-4A76-8853-D93172D109A9} chrome.exe -
Modifies registry key 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 3508 chrome.exe 3508 chrome.exe 3620 chrome.exe 3620 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
Processes:
chrome.exepid process 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe Token: SeShutdownPrivilege 3508 chrome.exe Token: SeCreatePagefilePrivilege 3508 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exepid process 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe 3508 chrome.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
salinewin.exesalinewin.exepid process 3960 salinewin.exe 5028 salinewin.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3508 wrote to memory of 3004 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3004 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3140 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3052 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 3052 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe PID 3508 wrote to memory of 4200 3508 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\7up69l.jpg1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac6e0ab58,0x7ffac6e0ab68,0x7ffac6e0ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4936 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2080 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4496 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5092 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1056 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3340 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4580 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5148 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3304 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5436 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4492 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:82⤵
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x500 0x5041⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f2⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f3⤵
- Modifies registry key
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3915055 /state1:0x41c64e6d1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005Filesize
202KB
MD56a16cbefd2e29c459297b7ccc8d366ad
SHA140da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe
SHA2569462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60
SHA5126a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006Filesize
24KB
MD51fc15b901524b92722f9ff863f892a2b
SHA1cfd0a92d2c92614684524739630a35750c0103ec
SHA256da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4
SHA5125cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003eFilesize
18KB
MD5d901b5af5f864151bff85b2d514ac109
SHA17411be4dc348ac16d33dff482e06d030f816c950
SHA256afc60d937b0628e14dbb3686f8e07f6b3cf68032d1c5072500acf64e0eeb24ec
SHA5128acb4ace442d3ba60d3335c9eacd950bb3fea24ff570acdb80bbdd88b26e959290c249b9fb35ddc4e7a4750ac5fa7c6d567bbe92004728fe06c4f8816aeea1d8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003fFilesize
31KB
MD59d5f66fe81c136a3d70b7224576908c5
SHA1efda963697faa24c489373d07d7eef0039e14721
SHA2566e7990ee51d2b9a2785e9e9c26bff8cdf2aee56ec7c855740e6d7c8d0e4ff693
SHA512dbd0bd0b462fe2b5877f868c22c132b59a3c7efb99e185b79a6d16071708cf78d419e34a87b1b56307a6a708de28d91bcc86a6e3799a3a7b4ba2b6e3cdfb5d92
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055Filesize
41KB
MD598abe2adf0aee54d67175dfc926dff99
SHA171bbba6b438593f93c8ddb2d91ce819c5588bf01
SHA256686bcb9e5876d9d4b43cba51f30bfdd9f3a18ae8368cdc186545d9a202c70f98
SHA5122335338d54083f5c40e62ff4b18e0ca96998a09d8aea95cb9747afb2e53ad010c998c3871eb0734f6dd54300de328faaa1c5089dfbe21425f41353688bcd4624
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064Filesize
142KB
MD59ae18ee8883bf2dc8b9988b18e2b40d4
SHA1cb21ecc4aebc647580aa2571a01b270c5d2e1ec9
SHA256e784ad477366aa141906318f7a1ea3b3d522939d2450b102abd9badaab7993e8
SHA512b1e2bfa80ff3abe68366258d27eb9238dd17c29167402c1db1926f3182db4dd3fd473c2102942115b10725768bc9968c4d8ac378b31ad7104678440261f09f1a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3075f4de7879edc3_0Filesize
280B
MD52680c8c821bc71c3e3a322bc71b69b7a
SHA10b84ea536518453cad78de8a3e4fd7b62ecf4132
SHA25640c3350542d3a53836ea566aa2110134963c27c45725558e87a7315a80bea4db
SHA512c4c032c8568644ba3b8d96681966f4468242b2bf094122e7761de01fd71ee551341378ea4bf28aef94f7199893f42201adf20a98768a18e8fedaeceeb04daaa5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7757b8ddffc52a9c_0Filesize
19KB
MD5ec089d3516b9011b07247d80b317db59
SHA1df4312ee297aad118b756a71c8852cfa81a3b775
SHA25646642c496b72a7b92b83014322f10170ea6ebc9afbc10415ddf318230aef7d72
SHA5128660900b47864a0000f58858d2022b2b547918824e0a50cbb24a49a3029e0400eb4e1b5ec4a97f4176c464ac482981287146c168322ad5e856ef41a59d837940
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD5cb6e3a2bd3112193c16b113b08cdc35c
SHA16d8e82c67a186dd8afaca94d901a5627e8207e9a
SHA256fcb34a8f87eb236da8651fc678d095feb9bff8562c76ae5e16d04a2b83ddad0e
SHA512773a2cc79922d30a24f3939031665c107e66e4e3d6336efb501dff828ba614b37e78c9f87bf32ae188d1f3b07304a76877bd4c4487faea90bb1953f77a0ef8ef
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD589a19605a345fcac4ab9c07c0f97b3f6
SHA1e943e98f8e527e9340e9762444188c4063c252a5
SHA256ca6af9221ab6fdd8995853be2980dbbf6bfa4b140368d3e4aeeae92de50130fd
SHA51297f3ccbd4a852efa25917261aec1567f46f08848fced7531da18a8e2151be78ea2ba145c9ff193b86079dab08db6638d67825e904e99c3f46d5fc96b52a9aaa4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5d3177aeaf07ad564a0c5c19695d2a2c6
SHA105f2799afc54323a23f58080b745100dd335e38f
SHA25677ea0a3b23321cf7f270993948de586818b52635bdd3c2383e29a6336287e1a6
SHA5122bf272d13607fcb0a1e9f89682f70031f2c902e096e768336143c37ff8601e2100d6095040703d239984b4184e13ef8c65f545ba680ec493982d7f695cb41b42
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5c3a6142923fd5246b44dc14f5f4297d4
SHA1f96533d6e90d196cb77617b512515ec5a840cde5
SHA2567dd5b2978d3e1e34353739f0324f7aff91d1eb76184dd67c709327788adb678c
SHA51275810535778e69ab48789626f3a3d412dbd637ee1f677f9ed46c384bcb085a083a9cf377b056f923b2971bdcb883d41526ac288e114b67264adfa55087eb010d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD50d206d285a35631625e404532f01b737
SHA1fd2e830a3b13403a639b3b910a631b263b481afc
SHA2564810ebdb4313708537087803d305e64bb60a35334ae3315f848562ee75fcc8e5
SHA5122c1f732e95d79259495c4203c77b0889bc9163ee36c2717e34578dcdb3e3d7d455818d43be470d694159af36f6dc1f4a8212f01fd89a4c6bca04c4bdcdbffffe
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD51ebc1fd87fdfe695e9830493ab983deb
SHA16b5ee382685fabcc584cbd1ed9e53e1da07e3432
SHA2563596dfdf07ae0463ec498a7ca3a58b420772828ce32404eba152c98ac7a31612
SHA5121c637d22910568229f2bb0f5a6919d2b4219765c00a76e656a95feb57c57d82a838b6c46a46870294312a46f062d51692bda967952d698a0eae9004f6de6778b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5d50033e18c68105d8a9590d6d752e438
SHA1961cc4988691064ba173bc9242bcb1b6c55585ec
SHA256c8e1e927773560e97d88f1bd649e8351817a61834abf454ffb5cfd2e44578523
SHA51251917fb5b84c77b2e2d1917b3517d755481aea06116960237ea450dbc95dba9dbe092fb2e6e3eda3be039356d7fac30e1ebc2b04478ad4d7a18b8be3f076aea1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
4KB
MD5b4bdaa4161a04f89e7809b9155cb6244
SHA1cac3a0c96408ab6e16746e4f0f07b55474a511d6
SHA256516f9a437226843942ffe5d527273d4e29dc2885588371781c32e32b882aab8d
SHA5123d10326fbe8ebbe7bf4c1d6eafaa89d8955b7dd20375db0ec610f7176b5c681afd2ea108d1bdb7fbe759fdc65e46c2df47c51e8dc92bb80ec516a621585c93cb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
4KB
MD5520cf9dc96d8d1405ba84fed6a4beefe
SHA1ebe574442471d588f1309b3bad02f50d58828ce1
SHA25680299532a7dc3f6a55d77fc7b701bec2cc22670e0f29c7a0e3467049766f5770
SHA5125c9d93654e3f4e20130e80f5378a12b48c67cec41bb63a7d36ded1699ef7f87bcbcd205ab93292e2b2f4384ea728f7c8b52f2b163330d5c3bd4a72c30e8629f8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
7KB
MD5c26c5b773a2cf9977d61d97c87de661b
SHA1fba4c7ecee0b23acef21b1ac11665c2d837aabf3
SHA256fba9398a26649de5d388ef7250a005bcea83900a11e6983ca20572db41f71dd1
SHA51226bcfa54bb07a19571e048279e027bb05b7f45a10adcf6c4fa4a1edd5300e514d23e6de8ff99db41d7d1904031a7127c46799ba8f0ea5f7a9de5c0f16aa571f0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5e423672e08140491325c5f934d58befb
SHA1f8e0a21c1091ffef4a77c606f1bb17b6bb12357b
SHA256f77e8271d2478db27397e7fdcef749dd4315c0ebca3269440ed1fc66bcdc500c
SHA5123ef086a0f107f808c8fb44f2a119ed267626f6186b303f38981601c62487e2488822892668248dcac264af7bf74b00f976b4c3a68a8377e29a43ad45354f87cb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
6KB
MD5b2fb8ecbd6e9215b7287211948ea0151
SHA1f66c689b70991cd667832264c57b727a1dc914a6
SHA256c67e8cffb72d920cb879f01cd4a4bb1dc2bd30ce5bfb667bc934d961d1612838
SHA51204206ca89bf6bb72734c718a16d2f8f6c314ad92d3ddf9aa81e879326b4bf5684413aceb43d11189e378a962975a1b27c1ac7e66b84c5daad9f800938b1b9b80
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
7KB
MD5ab1ef5f87a932c505ff56adf2bfc6584
SHA1c4fb090df28353d8245113386c845f1a076f19e2
SHA2561ea138ffe57785f005e3f43304eabbc4e644dc94afb8d77f2191c3454a742ef5
SHA512a63f42667541709a7c037b7a7fe8713af2b78b72cb4bdb73c6da6b0e2a15cc308aeaf41d459a598a1c650122fef21870f804799022f25ca298ea2c60bbd054f8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
7KB
MD59e1ba858f6d80dc365f4b79c5fe92d46
SHA1b88c95fe9ff23afa2a61914c554e0696bb42bd99
SHA25638ba05d085267b2416143447219a3193fa09f4099b68fbe53c99bf745b1dae29
SHA512406a23b627c275cb15078f391dc243dc7f74b82452b00a08d7ae39c15e99c38d54533d14c1ab729da6800b8e5a3758250b1d6440b190b30990c31baef348c365
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
7KB
MD58b3e03bb942ab62b9bd210ec1a4b7350
SHA1a14ee23275cfdd7ee9a12d73c13c5c92846429ce
SHA2567ae5db6e07d400e388357342bb161f69db1ad5bd94f9d1fa116f9d8a6be399b8
SHA5129db139ab483517dcd0d7ff2ef9ac30db469ba8e6b7d87b00220544cf0f59f699fd877545be4a6991f9995c55ae41c2fecc8dcb79334966f2435270cb357777d7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5d56af333811932ea6ebcfd235cf0253c
SHA1412c0bcbcf62c25b090ff4be918f192b7b66b524
SHA2562036ffb7b176d175b082d258e4ca9f68b7bb4fdb94570d53f81be6561b91f354
SHA512671d87694d101210c807ffe507523378177e2b5a727a3362d617969ba04e1c724842cf840f08b0aebcefe0e686bb865196e00fb2150c78ff5777b24f5b91afa3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5470fabbeabe1a3c655446bcbc79dd89b
SHA1cde80d71cdc8cfdfe7f458bbbb04dc0fce01703e
SHA256be5d1a330198df6f9edcd07d96d6496b8fed437b552480e889b22eaae36fe297
SHA512d935f9affeb47ce97d80cc298be1451bde4cbcafb082cd3f00ee751898cb5647e7cbca41e7bf3c55b630d66f337ef1c27e0d968a3151f6b45128ec5f15423870
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5398236df6af23fef34a1b3d11aeef6b4
SHA16abf0629b04156a40681f13ca42b83ad0d6bf557
SHA256947cdfc339e832b317f7d9ee6efe0f13ce42dd7a656397f8b28c652c204172b1
SHA5127f676fe1daf9043e349ca8159f4dd21e9bf9c254d26ea9b29c7e42082724dfa15152dccf8d5f3d5a06cc6bd1464382338fd19723e61da80415687abc3bf8db5f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD525e25423611e5d940a279946fd8537e3
SHA1db04be3115c014422cb46310792a44b7547d4a70
SHA256b553c7d4035871207a2d8eceb02f9d1ecc792ec1e078f1ae6a556971f47a1457
SHA512c5c68b5ca3a581f374cbcd4512954bf1e8cac1a765b440d95c2ae671d05dbb148fd22ab4ac8a9e4b1f12aa07e8943f290b3d8e576fab917e1a3f901c9d35bc90
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5e8980bf5529bc1ac44cc739902952c55
SHA15307e47b929e45fa2d0f680936d0c78cea25a1f1
SHA2569df63d8ec512a2e9126db82facf737569734dad49486d9a29bd6f5ccff6d54fd
SHA5122d128fd17e10fc877ca9a3d6de1cf2f5acb688d7a271db797fe3a98a357155b0e0fad4af3f3c9fc69eefe491c89a0bc72a55626aa78dd4bf72482a6697de9417
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD518c694f811f191c56420471007401247
SHA1e156b7b032a97e3e95b9a28c20411823dafd1ca4
SHA256d2f83fd626f57fb26656cf05ac4bb3c58805d8faf7c762b1a3ba78add3fbb68f
SHA512cf5d49f4b403490557a297a1c86adde08fd98f1c903923b51a8837141647f5e24fe6b2f4969e1b80518e0abb8ae92bb754c05ed364843fd7d777e50d3f02c4f3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD596ab2bae26cb2cd1deeecdfaa70a13d6
SHA1a8030351f5e1c16aa89fc028f71f4910b54bc62f
SHA25624d37703c65b1207c70a53abba4a03c5f8752ba6d072b7164a40aad8bd35327b
SHA512c4cdbd58931b874c140d379e5316ed3efaccea3f24a4926983d7f2a47b99c2549f3d7c2b8086d0409b37b149d3d8cfae0ecb9c59cae60ba9e46553684aff7e2c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5738956daecb4e4a092116571e6b15278
SHA107ca7df131f04ec1507354e06bf0ff2e02632ab3
SHA256d247fad01dca444f38216cc0cbef597a0b5a9d12ddea588dc108c8c6ab2fcc47
SHA5126bad6886bcfda2069d85e7824f943b9c2b31e3b8b440c740699e2ea8d09faa41cc74bf609bcff9f4233fdf2c32b00a8b3d94aad465ef744820bf65a7df719598
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD54e19a52d8caff7ce3a9fdf467c739594
SHA1f46321390173a03a3dd5d15415da04ec26005028
SHA25686e95fa78f279f9104a4711f5beedb5580e4bc1f3829f1bfdb2be4d3a7dde838
SHA51283d750ac45f2035fa06e24f72cca2bdcb7d6236e6fac608f34384c1962893dccf274f9de493ebdadc4a9188cba2249404f545ecb9fe01cbb94f914c8628e77e9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5717b3228ca8650850570f838a44e8566
SHA10bb201f92426ac2490f4a0eca43754d51e7bf0b3
SHA25601c88a59cf10761e7293cc55e08dc92c43171665b7705c60787d84ec157ab06b
SHA512725098a3320da3c7f01bb060f6213ed86e05f0b7948598cd86ac256620b45174c0624eda8d5a00eb6b0c22fb56cca157dd76647432719836ef2aded30cd4fe25
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5a647fc5a6e64a8a3c0613dbca11fe28f
SHA1f62b13cfaa569958bcef19c2994d97e5262da58a
SHA256ec3964e4064e27525d367d8a7cab60af16117ed322d049ddb7773aa739d066b7
SHA5129aacf14eb56868009d7c5db47a1b2c718b0090a7dbc8f0eb8be89fef83887ac798ed62932760c3d20dfae83099cfab3c9335128a263c1037e3ec7f0ded4d66be
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD59657f7864da75365167a7f281175b6c0
SHA1afac594f8cb7c4d3a9d4b4fc527aaee46c569c2d
SHA256b713f1069250a929fb7039136e00384a51afb4d1c7bd3e7e7b14ce993fcb789b
SHA512af8260e9a6b287eb966222bee4d775b447fe29b5ed4127a852365ee85bab5fe312a4c7f6929a673d9521487291816987c22ae61d547fb48a933a1cd9f2ce8956
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5b9b0eb45a432a8b9fb89385134052078
SHA1f784855a6501102410171397fd44297e5e4cbe9c
SHA2569bbc2b57a8107b5a0409400b9c05bf682a652e42b9cae3e6ccf13e82da2c72fd
SHA51267da74276d7fc6ab143d2ad719c7d2ec9bb7d8b2dbf418919959bb5667ff6b54292f36f1a7b5c37fab27a795d3a2947ba058ed66d5bfc81adae56f96f5914e76
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5557f0df43ae861218f42f0f6919881d4
SHA19f10e9729b9632b32a2a672d36d49b4f95b42ea2
SHA256572c7c3277436ad9f21179ebb86ef42fd4ba639b2c8fa66ad75468e9471f4c47
SHA512d635099b72d32a863259247e4e11764e53d0a3b666976c32a947ef263da251992a88d5289efe91629cf11bd1406768a0cdce588e31e8e4e52367aa05acb80a76
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD5535768cabc6d166848e55bff5a02a6f7
SHA130263efdedd5ba895353a4304b610970f914cfe3
SHA25665b7e022401c87c6f95aaa7c659cef19deac5c56fc92ed33e7df070c78b2884b
SHA512635a7714831844dd5dae3215e0948b23018c7dfa167a4804c3b973cba049ab56b0e6991486b10c1c9fbe59676a6cf8eef2adf57b1dae4883c08606c409ea9a77
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
8KB
MD5ae1b84079125f781e55d578895a70f85
SHA1a83334ea1eeee33b9c38d07d6df4f6117289b6ed
SHA2567924644cbd15fe06152b848757a39b715f32b4df12f5cdcdeb4b05e87b52c472
SHA5122b5c6b442337ffed5c360e0133999e94c81b69eb3553b3c5a1f22bf22d98756e6123c9a60535bab3dec1dae6cb655cd9194b506b0f5c5ec16ff8d5ddc628d59d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD59821b6a9ab662ef914cc76b1ce792fe4
SHA1993b165f65988d97f73811ee5e3b609d9d84c25a
SHA256e892c66ae9f3bdfd8073d5ff845c8755f65145ae19c5fd273695970c1c404230
SHA5124b813fd3289b9e3a48b0298adcbf02714ae99e74f836521a88a12e0968ea947003c35bc50b8a099eb3e7622dc42bebb8eca41107e5fad9b3653a79cea6d4a9e4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD58cf0083a5d34a92cdfff8afb4cf73aba
SHA106f1e33802cd4fe4886f307ba13d6e8a1426754c
SHA256b460d7ec71cf2b232681ec6c138cfff9eae7b76d051b97ddee641cc54ada70eb
SHA51248a424d3102192e05b94a87e0e3b87fd5a34f2222d5b1542c110e0f2fd398f801bea47f11d699be3049ed137a4af9d5c5439a9c539d3ebcf4947c33e32aa6254
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD52a40c8667061da365ae7be886c624244
SHA111d9a5269871a568db9541cc32d241a4c115630b
SHA256cd23ce59a6903243eec3c0ea2ef87f7e92dc864eb9f480af774ca4bbfef049bf
SHA512a81d3243b920557d5545e7441e91fe10937b03d5897a336ba102f7f7e1f3f7de4a06026a466283e59e5cc0f9b13127f38fcc56b41f987fb66b2dc54895e92e32
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD5f5fd9720c666cc06a0beb099cf59843c
SHA1b3bef720fa4d4cfe82e9cfad49acf3f2d724741a
SHA25633845e816bc62d2a0e00eefb8073a99cb122618f530d55673ae73a5be6ba492c
SHA5124f1bab0d706ac08d900568194cda7974db31e2de320684c4b18948c68d36e3bf7b96f47f9ef3b1e5ab9c8dbf8165dff6b9aafd4d8187a50cebd3d6700028440c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b8f3afc8-e642-4ca4-94af-2877ffe50eab\index-dir\the-real-indexFilesize
624B
MD58d9f8ae765194ec40aa34c560a654711
SHA136fbf4c4a6affda033651143166548ba5d29f0a9
SHA2566c0bb876f1aee41749e872d876792b5d9cc417eddc30efb2c9798ffe3418d0c1
SHA512261d0b34b2c18332e4be7ff79072cc06522c134e1032bd86b7e1066be31cd531af9136774a9e74b7d3371036ea6d8a0b95a1268bbb2bf391404e78e89d5dc40b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b8f3afc8-e642-4ca4-94af-2877ffe50eab\index-dir\the-real-index~RFe5c7fa7.TMPFilesize
48B
MD56005b9b685dd81bb76f99c432a026de3
SHA1cc2240b29ece0f1a7f9b421b879dfa66d3b12bc9
SHA2563e926ec0ccf597452def3ac4320ddb9287cded01eea4b56e29d81d3af40e109f
SHA5127cdf28028e2f2f2eecc9e1c1732e64e451ac8ad95110ebe6c2ed431e7ae78cbc8db773388b653cf0ca1687a16483e23066d3f9153b460c33ec6ebb8874c85bda
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fd9ef328-f0da-453b-9e70-4f3ba6bc8c15\index-dir\the-real-indexFilesize
2KB
MD56cce93343d5fb0c0e3cd0ac7ff10cd6d
SHA12793ab5249ff1844fe0ad4fdc1545474f87c0582
SHA25687b6b061cac06ee46495525350e41f61982fddf3f58ca660aea1468bfb699bb0
SHA5123abe40ff95ee05a4623802193d270d64a8296663af716fa4aec24a326c7e37781ea93ab71519061f36105113c82e6ca0b054b07442eecfa7841358ba2353f9bd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fd9ef328-f0da-453b-9e70-4f3ba6bc8c15\index-dir\the-real-index~RFe5ce055.TMPFilesize
48B
MD5212605db84fd7c7a5180e2c57fe6f08a
SHA19d6a638bc3165fcfcfdfd22bb495f53d13944b69
SHA256b826e8a9a280d9d52fb7ec0978101480769318368b51ae6f8e981a38f200f986
SHA51235f1db09d9361d4bc959d3fc806d7664ae7aa58f67058897f6dba88b1b3f359545fe77e2ecc58e8b1dc9b3883ee2d363626f5519ea5b7c84d7e1c549add8dbd1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
176B
MD584feaed83605cbf0948fd1152a265dc2
SHA1f570b4f4aa7635e8658a8a47884545debbc8ffdf
SHA2563106f92b146d6c92a42d76dd6bb11c82787491a15158ea968be8abff114406d0
SHA512186f92222e0874da31490c79d3a389f4c05497b32ace002375929438fbe8ea6ac942f801eb5c35a7eda07a938f37d3e887bd14a9f410f1f67ed02d967b3e47e6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
185B
MD579b1573654cb8c443549a6251ecdf4d4
SHA1f40f3dbf3827effb2488c9e9c76a40497841dc9a
SHA256fbdaa141bff31882d9531f29b95de5be01466b4c99fd12232ff441e7d16cf6c5
SHA51227c42e460d99d61f398f569e6f85b86983bc7098723e413e9374126ad14691a380d17fb6838e020fcd74c5762c036f0e2efdbb5b9d3afac4521501ad7de33729
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
183B
MD5abffda7690320b551e9f16182abd7237
SHA11a28b337a03df5c1a6eb11c7150c7180e955eaf9
SHA256cb0e0d9bdab77b53f1a5f6a017c69d2d64f57790c9c5542e5e724380f4107378
SHA512a84bb3bd879b2994b686eca33c932139dc510209420c7a03858b80f4561955d38880a3c72f188fe9b864110bd2aeb957cb1c6f36d0d133b89eea13d1199f7ee9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
112B
MD54e672769dd96b6e0393fd903c6845afc
SHA1e100ec217c4179407465aec8f8a8e8292af72950
SHA256be78dd4d61f0dc468144c976629967d1c85aef775c693ebe0e9323ed6b3649e9
SHA51259ba832df2698f8ac8556f04bddf3676bcec4ec68f497baeb415c2a5227bfc438e0e7ac7a36f3f5cb870dc00cedfb6e283e0124a9a8742c8e81cbe761c7b87b8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5bff5b.TMPFilesize
119B
MD5c09c7a8e507281f0c64e592c9ffddc40
SHA1fda33a7adfc497f9c28bb72305b07ab10d36479b
SHA256dfbc5e38936e2453084b3cf7d755707f0df640dd296060784d159b558dfb4e7f
SHA512264d50410d58911aea3bc6cf7e1d762ce89e5700b606c0eaeabb9f9215c590405d9702e30a661877a0e44951894cf212726ac543d15825de4298373353993243
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
120B
MD5b68e9e115de2aee7922796fb56e6d7c2
SHA1b523fb07c4919e980f09f78e5f02908dfeffe4bb
SHA2562662329d553ac28d122d5adf7f24265af27efc1d18ac95351e360e01896742b2
SHA512c71e4488372d3717ebc1b7d28e2a4f29631e043e75c3fa45a7df415cf32d58f100a9be8e41565fda9219e892e0dd5d0ff4d2361104dd1f2785b93a57cb593407
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3508_1516881753\Shortcuts Menu Icons\Monochrome\0\512.pngFilesize
2KB
MD512a429f9782bcff446dc1089b68d44ee
SHA1e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA5121da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3508_1516881753\Shortcuts Menu Icons\Monochrome\1\512.pngFilesize
10KB
MD57f57c509f12aaae2c269646db7fde6e8
SHA1969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA2561d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA5123503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3508_1910812948\Icons Monochrome\16.pngFilesize
216B
MD5a4fd4f5953721f7f3a5b4bfd58922efe
SHA1f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA5127fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
273KB
MD5c5e1706830b595797a4497bbbd6b5308
SHA1492992b6016789924a91ad2813bcf36673062748
SHA256dc91e1658d6b316297e2ef6a5a37e0ffb5d048743c3a94428a8e106119caed26
SHA51285a564a37d755b3be39bc56407d83fef6ea5752a0bbf7d859e05ad9b7567040d8601e46dd6d49e8f7b46d49e5787845da9842d502cbaf151fc582e92347c99f0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
273KB
MD507bb2a2745f4f46fbf8d67a5f65a8c9a
SHA1378a29232b27c211b57ab03d878a69149690ecb6
SHA256bf2b5011d06fcc72801c39cb18bf8594cdea44e6bf23b8e096cc1820490a231c
SHA5125b0da428caaeaa36efad6c351ce7468b7bf1871cfc2b285a10bf69ff3b615ebc8fe1aaf1608a034b59ba86cf7823e1dd2014844b131df4c62a26b722ead94073
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
273KB
MD5b295676ab3e1c301f7851c43c28fc673
SHA125ab6612b144367c167c8b9c73529df091af1fc2
SHA25691527ab2a26933ead65dbc14b02f79ada0edb1b16f5245db96bbc39f3a18c2a8
SHA51270fdc1530fb8124b2404ab5779d8d977c7b1b76a0a04cfdc16fc901f433a50eaba431251178bd90ab71e026c323271cea4984b8471ac144c276c0f20a6fd1e50
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
97KB
MD509dc871fc0a53f252dd58fda4358d5a1
SHA1261d57f3fe3a601493cb240012ecf666f2e3fc42
SHA256caf48dfa3252b1b9c9b1838a0f2ac4a08d8c1efd3b111a2df79d0b852908e37f
SHA51221e540121819d06563d20bf2946709b1b0435ab0d67bc5a12227ab4539797d4cf408a3ac525e605284e5c65d6255ff627a7f9a20447ddcc3f74aaff3ccd96d02
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
94KB
MD5533ff21f0a4bd5d12ea26f6410ddc32e
SHA187014f7ade798b4cd15e3141d5fd50b3682a0b50
SHA256e3de63bf9a4281f5a328e75fcb8225862db1c48b73d65bcc6339d888ff5f070b
SHA5120bfc8ec8a17466f9da32df3bf8c8577ebec46331ff46ccc22432bdb3cd08d9847ec516dc84584385d49ef3ef615771d6166b7b56067344da1326f95b473ca4cd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
98KB
MD55a9e6f420f081e536b4bc282d0916b00
SHA1fcbdef3906a6b1ad342d781e5f1969b9546a57b1
SHA2566dbffcf48b04b4c14c5147fec146867a583719b4be9bb23c53212b30367c9ccd
SHA5125190bee260a41f603734c20b7adf6910a6d4dde5151867f206588704eb3c33cd3f4c328006872ec567339f16d55e4def7edf507346ef079fd4bb1bcab77f4a6f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c639.TMPFilesize
88KB
MD5320d0b5f747a86a7243b1f47723d5b32
SHA132a9b55214c94e27b586462f420cb8f01b70caeb
SHA256ee0cbea5c0d66434a8d097bacb3f1b0ebdb60daae7fdf46e9e6943709df1430b
SHA512b4995811730ffef5454a2ba1e98cae678fb4023c10628741bf91ec204cd16824804a55869e82c11acd0cd75ef7437915868edc1c53b9837679497e6e099907e3
-
C:\Users\Admin\Downloads\salinewin.exe-Malware-main.zipFilesize
12.1MB
MD5c8bf514a334eaa148cb3c6135c2fb394
SHA10e47a89c3729db5a6f195c6abb04e5129d788df8
SHA2569127560918eaefe69f1959bcb7f7e13b7e3a7ac156b564922829faaec9b96f67
SHA5129879a258f429ef492cf495dbddd4f2b9c9fbc061e325aa8ad870ed05049b7ad595b26d223d20c55fc99f403fc9b5d0235353d71bf5d9a39ee4462838feb247ff
-
\??\pipe\crashpad_3508_ZBGNYCGPBWDNLMHSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e