Malware Analysis Report

2024-09-23 12:06

Sample ID 240612-n82n3stgnf
Target 7up69l.jpg
SHA256 69f43617b38f34ba3a45a9bf75829568078ce6e6b86cb75c2babd2f891810e4e
Tags
bootkit evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

69f43617b38f34ba3a45a9bf75829568078ce6e6b86cb75c2babd2f891810e4e

Threat Level: Likely malicious

The file 7up69l.jpg was found to be: Likely malicious.

Malicious Activity Summary

bootkit evasion persistence

Disables Task Manager via registry modification

Writes to the Master Boot Record (MBR)

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies registry key

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-12 12:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 12:04

Reported

2024-06-12 12:15

Platform

win10v2004-20240611-en

Max time kernel

356s

Max time network

600s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\7up69l.jpg

Signatures

Disables Task Manager via registry modification

evasion

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{453D2B40-676B-4A76-8853-D93172D109A9} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3508 wrote to memory of 3004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 3052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3508 wrote to memory of 4200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\7up69l.jpg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac6e0ab58,0x7ffac6e0ab68,0x7ffac6e0ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4936 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2080 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4496 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5092 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1056 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3340 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4580 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5148 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3304 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5436 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4492 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x500 0x504

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=2000,i,2114631528519239152,16133610480154787919,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f

C:\Windows\SysWOW64\reg.exe

REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3915055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.187.195:443 id.google.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 86.204.58.216.in-addr.arpa udp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.195:443 id.google.com udp
GB 216.58.204.86:443 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.36.117:443 beacons2.gvt2.com tcp
US 216.239.36.117:443 beacons2.gvt2.com udp
US 8.8.8.8:53 117.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 142.250.179.225:443 yt3.googleusercontent.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.179.225:443 yt3.googleusercontent.com tcp
GB 142.250.200.46:443 youtube.com tcp
GB 142.250.179.225:443 yt3.googleusercontent.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 rr2---sn-5hne6nsr.googlevideo.com udp
NL 172.217.132.71:443 rr2---sn-5hne6nsr.googlevideo.com tcp
US 8.8.8.8:53 71.132.217.172.in-addr.arpa udp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
NL 172.217.132.71:443 rr2---sn-5hne6nsr.googlevideo.com udp
NL 172.217.132.71:443 rr2---sn-5hne6nsr.googlevideo.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-5hnednsz.googlevideo.com udp
NL 74.125.8.230:443 rr1---sn-5hnednsz.googlevideo.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 230.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
NL 74.125.8.230:443 rr1---sn-5hnednsz.googlevideo.com udp
GB 142.250.180.1:443 yt3.ggpht.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.195:443 beacons.gvt2.com tcp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 192.178.49.195:443 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
NL 172.217.132.71:443 rr2---sn-5hne6nsr.googlevideo.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
NL 74.125.8.230:443 rr1---sn-5hnednsz.googlevideo.com tcp
US 216.239.36.117:443 beacons2.gvt2.com tcp
GB 216.58.204.86:443 i.ytimg.com tcp
NL 74.125.8.230:443 rr1---sn-5hnednsz.googlevideo.com tcp
NL 172.217.132.71:443 rr2---sn-5hne6nsr.googlevideo.com tcp
NL 172.217.132.71:443 rr2---sn-5hne6nsr.googlevideo.com tcp
NL 74.125.8.230:443 rr1---sn-5hnednsz.googlevideo.com tcp

Files

\??\pipe\crashpad_3508_ZBGNYCGPBWDNLMHS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 07bb2a2745f4f46fbf8d67a5f65a8c9a
SHA1 378a29232b27c211b57ab03d878a69149690ecb6
SHA256 bf2b5011d06fcc72801c39cb18bf8594cdea44e6bf23b8e096cc1820490a231c
SHA512 5b0da428caaeaa36efad6c351ce7468b7bf1871cfc2b285a10bf69ff3b615ebc8fe1aaf1608a034b59ba86cf7823e1dd2014844b131df4c62a26b722ead94073

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9821b6a9ab662ef914cc76b1ce792fe4
SHA1 993b165f65988d97f73811ee5e3b609d9d84c25a
SHA256 e892c66ae9f3bdfd8073d5ff845c8755f65145ae19c5fd273695970c1c404230
SHA512 4b813fd3289b9e3a48b0298adcbf02714ae99e74f836521a88a12e0968ea947003c35bc50b8a099eb3e7622dc42bebb8eca41107e5fad9b3653a79cea6d4a9e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4e19a52d8caff7ce3a9fdf467c739594
SHA1 f46321390173a03a3dd5d15415da04ec26005028
SHA256 86e95fa78f279f9104a4711f5beedb5580e4bc1f3829f1bfdb2be4d3a7dde838
SHA512 83d750ac45f2035fa06e24f72cca2bdcb7d6236e6fac608f34384c1962893dccf274f9de493ebdadc4a9188cba2249404f545ecb9fe01cbb94f914c8628e77e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d56af333811932ea6ebcfd235cf0253c
SHA1 412c0bcbcf62c25b090ff4be918f192b7b66b524
SHA256 2036ffb7b176d175b082d258e4ca9f68b7bb4fdb94570d53f81be6561b91f354
SHA512 671d87694d101210c807ffe507523378177e2b5a727a3362d617969ba04e1c724842cf840f08b0aebcefe0e686bb865196e00fb2150c78ff5777b24f5b91afa3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 f5fd9720c666cc06a0beb099cf59843c
SHA1 b3bef720fa4d4cfe82e9cfad49acf3f2d724741a
SHA256 33845e816bc62d2a0e00eefb8073a99cb122618f530d55673ae73a5be6ba492c
SHA512 4f1bab0d706ac08d900568194cda7974db31e2de320684c4b18948c68d36e3bf7b96f47f9ef3b1e5ab9c8dbf8165dff6b9aafd4d8187a50cebd3d6700028440c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 6a16cbefd2e29c459297b7ccc8d366ad
SHA1 40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe
SHA256 9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60
SHA512 6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9657f7864da75365167a7f281175b6c0
SHA1 afac594f8cb7c4d3a9d4b4fc527aaee46c569c2d
SHA256 b713f1069250a929fb7039136e00384a51afb4d1c7bd3e7e7b14ce993fcb789b
SHA512 af8260e9a6b287eb966222bee4d775b447fe29b5ed4127a852365ee85bab5fe312a4c7f6929a673d9521487291816987c22ae61d547fb48a933a1cd9f2ce8956

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cb6e3a2bd3112193c16b113b08cdc35c
SHA1 6d8e82c67a186dd8afaca94d901a5627e8207e9a
SHA256 fcb34a8f87eb236da8651fc678d095feb9bff8562c76ae5e16d04a2b83ddad0e
SHA512 773a2cc79922d30a24f3939031665c107e66e4e3d6336efb501dff828ba614b37e78c9f87bf32ae188d1f3b07304a76877bd4c4487faea90bb1953f77a0ef8ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a647fc5a6e64a8a3c0613dbca11fe28f
SHA1 f62b13cfaa569958bcef19c2994d97e5262da58a
SHA256 ec3964e4064e27525d367d8a7cab60af16117ed322d049ddb7773aa739d066b7
SHA512 9aacf14eb56868009d7c5db47a1b2c718b0090a7dbc8f0eb8be89fef83887ac798ed62932760c3d20dfae83099cfab3c9335128a263c1037e3ec7f0ded4d66be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 89a19605a345fcac4ab9c07c0f97b3f6
SHA1 e943e98f8e527e9340e9762444188c4063c252a5
SHA256 ca6af9221ab6fdd8995853be2980dbbf6bfa4b140368d3e4aeeae92de50130fd
SHA512 97f3ccbd4a852efa25917261aec1567f46f08848fced7531da18a8e2151be78ea2ba145c9ff193b86079dab08db6638d67825e904e99c3f46d5fc96b52a9aaa4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9b0eb45a432a8b9fb89385134052078
SHA1 f784855a6501102410171397fd44297e5e4cbe9c
SHA256 9bbc2b57a8107b5a0409400b9c05bf682a652e42b9cae3e6ccf13e82da2c72fd
SHA512 67da74276d7fc6ab143d2ad719c7d2ec9bb7d8b2dbf418919959bb5667ff6b54292f36f1a7b5c37fab27a795d3a2947ba058ed66d5bfc81adae56f96f5914e76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d50033e18c68105d8a9590d6d752e438
SHA1 961cc4988691064ba173bc9242bcb1b6c55585ec
SHA256 c8e1e927773560e97d88f1bd649e8351817a61834abf454ffb5cfd2e44578523
SHA512 51917fb5b84c77b2e2d1917b3517d755481aea06116960237ea450dbc95dba9dbe092fb2e6e3eda3be039356d7fac30e1ebc2b04478ad4d7a18b8be3f076aea1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 398236df6af23fef34a1b3d11aeef6b4
SHA1 6abf0629b04156a40681f13ca42b83ad0d6bf557
SHA256 947cdfc339e832b317f7d9ee6efe0f13ce42dd7a656397f8b28c652c204172b1
SHA512 7f676fe1daf9043e349ca8159f4dd21e9bf9c254d26ea9b29c7e42082724dfa15152dccf8d5f3d5a06cc6bd1464382338fd19723e61da80415687abc3bf8db5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8cf0083a5d34a92cdfff8afb4cf73aba
SHA1 06f1e33802cd4fe4886f307ba13d6e8a1426754c
SHA256 b460d7ec71cf2b232681ec6c138cfff9eae7b76d051b97ddee641cc54ada70eb
SHA512 48a424d3102192e05b94a87e0e3b87fd5a34f2222d5b1542c110e0f2fd398f801bea47f11d699be3049ed137a4af9d5c5439a9c539d3ebcf4947c33e32aa6254

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e423672e08140491325c5f934d58befb
SHA1 f8e0a21c1091ffef4a77c606f1bb17b6bb12357b
SHA256 f77e8271d2478db27397e7fdcef749dd4315c0ebca3269440ed1fc66bcdc500c
SHA512 3ef086a0f107f808c8fb44f2a119ed267626f6186b303f38981601c62487e2488822892668248dcac264af7bf74b00f976b4c3a68a8377e29a43ad45354f87cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 25e25423611e5d940a279946fd8537e3
SHA1 db04be3115c014422cb46310792a44b7547d4a70
SHA256 b553c7d4035871207a2d8eceb02f9d1ecc792ec1e078f1ae6a556971f47a1457
SHA512 c5c68b5ca3a581f374cbcd4512954bf1e8cac1a765b440d95c2ae671d05dbb148fd22ab4ac8a9e4b1f12aa07e8943f290b3d8e576fab917e1a3f901c9d35bc90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 533ff21f0a4bd5d12ea26f6410ddc32e
SHA1 87014f7ade798b4cd15e3141d5fd50b3682a0b50
SHA256 e3de63bf9a4281f5a328e75fcb8225862db1c48b73d65bcc6339d888ff5f070b
SHA512 0bfc8ec8a17466f9da32df3bf8c8577ebec46331ff46ccc22432bdb3cd08d9847ec516dc84584385d49ef3ef615771d6166b7b56067344da1326f95b473ca4cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c639.TMP

MD5 320d0b5f747a86a7243b1f47723d5b32
SHA1 32a9b55214c94e27b586462f420cb8f01b70caeb
SHA256 ee0cbea5c0d66434a8d097bacb3f1b0ebdb60daae7fdf46e9e6943709df1430b
SHA512 b4995811730ffef5454a2ba1e98cae678fb4023c10628741bf91ec204cd16824804a55869e82c11acd0cd75ef7437915868edc1c53b9837679497e6e099907e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1ebc1fd87fdfe695e9830493ab983deb
SHA1 6b5ee382685fabcc584cbd1ed9e53e1da07e3432
SHA256 3596dfdf07ae0463ec498a7ca3a58b420772828ce32404eba152c98ac7a31612
SHA512 1c637d22910568229f2bb0f5a6919d2b4219765c00a76e656a95feb57c57d82a838b6c46a46870294312a46f062d51692bda967952d698a0eae9004f6de6778b

C:\Users\Admin\Downloads\salinewin.exe-Malware-main.zip

MD5 c8bf514a334eaa148cb3c6135c2fb394
SHA1 0e47a89c3729db5a6f195c6abb04e5129d788df8
SHA256 9127560918eaefe69f1959bcb7f7e13b7e3a7ac156b564922829faaec9b96f67
SHA512 9879a258f429ef492cf495dbddd4f2b9c9fbc061e325aa8ad870ed05049b7ad595b26d223d20c55fc99f403fc9b5d0235353d71bf5d9a39ee4462838feb247ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a40c8667061da365ae7be886c624244
SHA1 11d9a5269871a568db9541cc32d241a4c115630b
SHA256 cd23ce59a6903243eec3c0ea2ef87f7e92dc864eb9f480af774ca4bbfef049bf
SHA512 a81d3243b920557d5545e7441e91fe10937b03d5897a336ba102f7f7e1f3f7de4a06026a466283e59e5cc0f9b13127f38fcc56b41f987fb66b2dc54895e92e32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 09dc871fc0a53f252dd58fda4358d5a1
SHA1 261d57f3fe3a601493cb240012ecf666f2e3fc42
SHA256 caf48dfa3252b1b9c9b1838a0f2ac4a08d8c1efd3b111a2df79d0b852908e37f
SHA512 21e540121819d06563d20bf2946709b1b0435ab0d67bc5a12227ab4539797d4cf408a3ac525e605284e5c65d6255ff627a7f9a20447ddcc3f74aaff3ccd96d02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b4bdaa4161a04f89e7809b9155cb6244
SHA1 cac3a0c96408ab6e16746e4f0f07b55474a511d6
SHA256 516f9a437226843942ffe5d527273d4e29dc2885588371781c32e32b882aab8d
SHA512 3d10326fbe8ebbe7bf4c1d6eafaa89d8955b7dd20375db0ec610f7176b5c681afd2ea108d1bdb7fbe759fdc65e46c2df47c51e8dc92bb80ec516a621585c93cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 557f0df43ae861218f42f0f6919881d4
SHA1 9f10e9729b9632b32a2a672d36d49b4f95b42ea2
SHA256 572c7c3277436ad9f21179ebb86ef42fd4ba639b2c8fa66ad75468e9471f4c47
SHA512 d635099b72d32a863259247e4e11764e53d0a3b666976c32a947ef263da251992a88d5289efe91629cf11bd1406768a0cdce588e31e8e4e52367aa05acb80a76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b295676ab3e1c301f7851c43c28fc673
SHA1 25ab6612b144367c167c8b9c73529df091af1fc2
SHA256 91527ab2a26933ead65dbc14b02f79ada0edb1b16f5245db96bbc39f3a18c2a8
SHA512 70fdc1530fb8124b2404ab5779d8d977c7b1b76a0a04cfdc16fc901f433a50eaba431251178bd90ab71e026c323271cea4984b8471ac144c276c0f20a6fd1e50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 470fabbeabe1a3c655446bcbc79dd89b
SHA1 cde80d71cdc8cfdfe7f458bbbb04dc0fce01703e
SHA256 be5d1a330198df6f9edcd07d96d6496b8fed437b552480e889b22eaae36fe297
SHA512 d935f9affeb47ce97d80cc298be1451bde4cbcafb082cd3f00ee751898cb5647e7cbca41e7bf3c55b630d66f337ef1c27e0d968a3151f6b45128ec5f15423870

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 1fc15b901524b92722f9ff863f892a2b
SHA1 cfd0a92d2c92614684524739630a35750c0103ec
SHA256 da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4
SHA512 5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e8980bf5529bc1ac44cc739902952c55
SHA1 5307e47b929e45fa2d0f680936d0c78cea25a1f1
SHA256 9df63d8ec512a2e9126db82facf737569734dad49486d9a29bd6f5ccff6d54fd
SHA512 2d128fd17e10fc877ca9a3d6de1cf2f5acb688d7a271db797fe3a98a357155b0e0fad4af3f3c9fc69eefe491c89a0bc72a55626aa78dd4bf72482a6697de9417

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d3177aeaf07ad564a0c5c19695d2a2c6
SHA1 05f2799afc54323a23f58080b745100dd335e38f
SHA256 77ea0a3b23321cf7f270993948de586818b52635bdd3c2383e29a6336287e1a6
SHA512 2bf272d13607fcb0a1e9f89682f70031f2c902e096e768336143c37ff8601e2100d6095040703d239984b4184e13ef8c65f545ba680ec493982d7f695cb41b42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7757b8ddffc52a9c_0

MD5 ec089d3516b9011b07247d80b317db59
SHA1 df4312ee297aad118b756a71c8852cfa81a3b775
SHA256 46642c496b72a7b92b83014322f10170ea6ebc9afbc10415ddf318230aef7d72
SHA512 8660900b47864a0000f58858d2022b2b547918824e0a50cbb24a49a3029e0400eb4e1b5ec4a97f4176c464ac482981287146c168322ad5e856ef41a59d837940

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3075f4de7879edc3_0

MD5 2680c8c821bc71c3e3a322bc71b69b7a
SHA1 0b84ea536518453cad78de8a3e4fd7b62ecf4132
SHA256 40c3350542d3a53836ea566aa2110134963c27c45725558e87a7315a80bea4db
SHA512 c4c032c8568644ba3b8d96681966f4468242b2bf094122e7761de01fd71ee551341378ea4bf28aef94f7199893f42201adf20a98768a18e8fedaeceeb04daaa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c3a6142923fd5246b44dc14f5f4297d4
SHA1 f96533d6e90d196cb77617b512515ec5a840cde5
SHA256 7dd5b2978d3e1e34353739f0324f7aff91d1eb76184dd67c709327788adb678c
SHA512 75810535778e69ab48789626f3a3d412dbd637ee1f677f9ed46c384bcb085a083a9cf377b056f923b2971bdcb883d41526ac288e114b67264adfa55087eb010d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 520cf9dc96d8d1405ba84fed6a4beefe
SHA1 ebe574442471d588f1309b3bad02f50d58828ce1
SHA256 80299532a7dc3f6a55d77fc7b701bec2cc22670e0f29c7a0e3467049766f5770
SHA512 5c9d93654e3f4e20130e80f5378a12b48c67cec41bb63a7d36ded1699ef7f87bcbcd205ab93292e2b2f4384ea728f7c8b52f2b163330d5c3bd4a72c30e8629f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 84feaed83605cbf0948fd1152a265dc2
SHA1 f570b4f4aa7635e8658a8a47884545debbc8ffdf
SHA256 3106f92b146d6c92a42d76dd6bb11c82787491a15158ea968be8abff114406d0
SHA512 186f92222e0874da31490c79d3a389f4c05497b32ace002375929438fbe8ea6ac942f801eb5c35a7eda07a938f37d3e887bd14a9f410f1f67ed02d967b3e47e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5bff5b.TMP

MD5 c09c7a8e507281f0c64e592c9ffddc40
SHA1 fda33a7adfc497f9c28bb72305b07ab10d36479b
SHA256 dfbc5e38936e2453084b3cf7d755707f0df640dd296060784d159b558dfb4e7f
SHA512 264d50410d58911aea3bc6cf7e1d762ce89e5700b606c0eaeabb9f9215c590405d9702e30a661877a0e44951894cf212726ac543d15825de4298373353993243

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4e672769dd96b6e0393fd903c6845afc
SHA1 e100ec217c4179407465aec8f8a8e8292af72950
SHA256 be78dd4d61f0dc468144c976629967d1c85aef775c693ebe0e9323ed6b3649e9
SHA512 59ba832df2698f8ac8556f04bddf3676bcec4ec68f497baeb415c2a5227bfc438e0e7ac7a36f3f5cb870dc00cedfb6e283e0124a9a8742c8e81cbe761c7b87b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 96ab2bae26cb2cd1deeecdfaa70a13d6
SHA1 a8030351f5e1c16aa89fc028f71f4910b54bc62f
SHA256 24d37703c65b1207c70a53abba4a03c5f8752ba6d072b7164a40aad8bd35327b
SHA512 c4cdbd58931b874c140d379e5316ed3efaccea3f24a4926983d7f2a47b99c2549f3d7c2b8086d0409b37b149d3d8cfae0ecb9c59cae60ba9e46553684aff7e2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 79b1573654cb8c443549a6251ecdf4d4
SHA1 f40f3dbf3827effb2488c9e9c76a40497841dc9a
SHA256 fbdaa141bff31882d9531f29b95de5be01466b4c99fd12232ff441e7d16cf6c5
SHA512 27c42e460d99d61f398f569e6f85b86983bc7098723e413e9374126ad14691a380d17fb6838e020fcd74c5762c036f0e2efdbb5b9d3afac4521501ad7de33729

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 535768cabc6d166848e55bff5a02a6f7
SHA1 30263efdedd5ba895353a4304b610970f914cfe3
SHA256 65b7e022401c87c6f95aaa7c659cef19deac5c56fc92ed33e7df070c78b2884b
SHA512 635a7714831844dd5dae3215e0948b23018c7dfa167a4804c3b973cba049ab56b0e6991486b10c1c9fbe59676a6cf8eef2adf57b1dae4883c08606c409ea9a77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 738956daecb4e4a092116571e6b15278
SHA1 07ca7df131f04ec1507354e06bf0ff2e02632ab3
SHA256 d247fad01dca444f38216cc0cbef597a0b5a9d12ddea588dc108c8c6ab2fcc47
SHA512 6bad6886bcfda2069d85e7824f943b9c2b31e3b8b440c740699e2ea8d09faa41cc74bf609bcff9f4233fdf2c32b00a8b3d94aad465ef744820bf65a7df719598

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

MD5 9d5f66fe81c136a3d70b7224576908c5
SHA1 efda963697faa24c489373d07d7eef0039e14721
SHA256 6e7990ee51d2b9a2785e9e9c26bff8cdf2aee56ec7c855740e6d7c8d0e4ff693
SHA512 dbd0bd0b462fe2b5877f868c22c132b59a3c7efb99e185b79a6d16071708cf78d419e34a87b1b56307a6a708de28d91bcc86a6e3799a3a7b4ba2b6e3cdfb5d92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 d901b5af5f864151bff85b2d514ac109
SHA1 7411be4dc348ac16d33dff482e06d030f816c950
SHA256 afc60d937b0628e14dbb3686f8e07f6b3cf68032d1c5072500acf64e0eeb24ec
SHA512 8acb4ace442d3ba60d3335c9eacd950bb3fea24ff570acdb80bbdd88b26e959290c249b9fb35ddc4e7a4750ac5fa7c6d567bbe92004728fe06c4f8816aeea1d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b68e9e115de2aee7922796fb56e6d7c2
SHA1 b523fb07c4919e980f09f78e5f02908dfeffe4bb
SHA256 2662329d553ac28d122d5adf7f24265af27efc1d18ac95351e360e01896742b2
SHA512 c71e4488372d3717ebc1b7d28e2a4f29631e043e75c3fa45a7df415cf32d58f100a9be8e41565fda9219e892e0dd5d0ff4d2361104dd1f2785b93a57cb593407

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 18c694f811f191c56420471007401247
SHA1 e156b7b032a97e3e95b9a28c20411823dafd1ca4
SHA256 d2f83fd626f57fb26656cf05ac4bb3c58805d8faf7c762b1a3ba78add3fbb68f
SHA512 cf5d49f4b403490557a297a1c86adde08fd98f1c903923b51a8837141647f5e24fe6b2f4969e1b80518e0abb8ae92bb754c05ed364843fd7d777e50d3f02c4f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 5a9e6f420f081e536b4bc282d0916b00
SHA1 fcbdef3906a6b1ad342d781e5f1969b9546a57b1
SHA256 6dbffcf48b04b4c14c5147fec146867a583719b4be9bb23c53212b30367c9ccd
SHA512 5190bee260a41f603734c20b7adf6910a6d4dde5151867f206588704eb3c33cd3f4c328006872ec567339f16d55e4def7edf507346ef079fd4bb1bcab77f4a6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b2fb8ecbd6e9215b7287211948ea0151
SHA1 f66c689b70991cd667832264c57b727a1dc914a6
SHA256 c67e8cffb72d920cb879f01cd4a4bb1dc2bd30ce5bfb667bc934d961d1612838
SHA512 04206ca89bf6bb72734c718a16d2f8f6c314ad92d3ddf9aa81e879326b4bf5684413aceb43d11189e378a962975a1b27c1ac7e66b84c5daad9f800938b1b9b80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b8f3afc8-e642-4ca4-94af-2877ffe50eab\index-dir\the-real-index~RFe5c7fa7.TMP

MD5 6005b9b685dd81bb76f99c432a026de3
SHA1 cc2240b29ece0f1a7f9b421b879dfa66d3b12bc9
SHA256 3e926ec0ccf597452def3ac4320ddb9287cded01eea4b56e29d81d3af40e109f
SHA512 7cdf28028e2f2f2eecc9e1c1732e64e451ac8ad95110ebe6c2ed431e7ae78cbc8db773388b653cf0ca1687a16483e23066d3f9153b460c33ec6ebb8874c85bda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b8f3afc8-e642-4ca4-94af-2877ffe50eab\index-dir\the-real-index

MD5 8d9f8ae765194ec40aa34c560a654711
SHA1 36fbf4c4a6affda033651143166548ba5d29f0a9
SHA256 6c0bb876f1aee41749e872d876792b5d9cc417eddc30efb2c9798ffe3418d0c1
SHA512 261d0b34b2c18332e4be7ff79072cc06522c134e1032bd86b7e1066be31cd531af9136774a9e74b7d3371036ea6d8a0b95a1268bbb2bf391404e78e89d5dc40b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3508_1910812948\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3508_1516881753\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3508_1516881753\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0d206d285a35631625e404532f01b737
SHA1 fd2e830a3b13403a639b3b910a631b263b481afc
SHA256 4810ebdb4313708537087803d305e64bb60a35334ae3315f848562ee75fcc8e5
SHA512 2c1f732e95d79259495c4203c77b0889bc9163ee36c2717e34578dcdb3e3d7d455818d43be470d694159af36f6dc1f4a8212f01fd89a4c6bca04c4bdcdbffffe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fd9ef328-f0da-453b-9e70-4f3ba6bc8c15\index-dir\the-real-index~RFe5ce055.TMP

MD5 212605db84fd7c7a5180e2c57fe6f08a
SHA1 9d6a638bc3165fcfcfdfd22bb495f53d13944b69
SHA256 b826e8a9a280d9d52fb7ec0978101480769318368b51ae6f8e981a38f200f986
SHA512 35f1db09d9361d4bc959d3fc806d7664ae7aa58f67058897f6dba88b1b3f359545fe77e2ecc58e8b1dc9b3883ee2d363626f5519ea5b7c84d7e1c549add8dbd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fd9ef328-f0da-453b-9e70-4f3ba6bc8c15\index-dir\the-real-index

MD5 6cce93343d5fb0c0e3cd0ac7ff10cd6d
SHA1 2793ab5249ff1844fe0ad4fdc1545474f87c0582
SHA256 87b6b061cac06ee46495525350e41f61982fddf3f58ca660aea1468bfb699bb0
SHA512 3abe40ff95ee05a4623802193d270d64a8296663af716fa4aec24a326c7e37781ea93ab71519061f36105113c82e6ca0b054b07442eecfa7841358ba2353f9bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 abffda7690320b551e9f16182abd7237
SHA1 1a28b337a03df5c1a6eb11c7150c7180e955eaf9
SHA256 cb0e0d9bdab77b53f1a5f6a017c69d2d64f57790c9c5542e5e724380f4107378
SHA512 a84bb3bd879b2994b686eca33c932139dc510209420c7a03858b80f4561955d38880a3c72f188fe9b864110bd2aeb957cb1c6f36d0d133b89eea13d1199f7ee9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae1b84079125f781e55d578895a70f85
SHA1 a83334ea1eeee33b9c38d07d6df4f6117289b6ed
SHA256 7924644cbd15fe06152b848757a39b715f32b4df12f5cdcdeb4b05e87b52c472
SHA512 2b5c6b442337ffed5c360e0133999e94c81b69eb3553b3c5a1f22bf22d98756e6123c9a60535bab3dec1dae6cb655cd9194b506b0f5c5ec16ff8d5ddc628d59d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 717b3228ca8650850570f838a44e8566
SHA1 0bb201f92426ac2490f4a0eca43754d51e7bf0b3
SHA256 01c88a59cf10761e7293cc55e08dc92c43171665b7705c60787d84ec157ab06b
SHA512 725098a3320da3c7f01bb060f6213ed86e05f0b7948598cd86ac256620b45174c0624eda8d5a00eb6b0c22fb56cca157dd76647432719836ef2aded30cd4fe25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8b3e03bb942ab62b9bd210ec1a4b7350
SHA1 a14ee23275cfdd7ee9a12d73c13c5c92846429ce
SHA256 7ae5db6e07d400e388357342bb161f69db1ad5bd94f9d1fa116f9d8a6be399b8
SHA512 9db139ab483517dcd0d7ff2ef9ac30db469ba8e6b7d87b00220544cf0f59f699fd877545be4a6991f9995c55ae41c2fecc8dcb79334966f2435270cb357777d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ab1ef5f87a932c505ff56adf2bfc6584
SHA1 c4fb090df28353d8245113386c845f1a076f19e2
SHA256 1ea138ffe57785f005e3f43304eabbc4e644dc94afb8d77f2191c3454a742ef5
SHA512 a63f42667541709a7c037b7a7fe8713af2b78b72cb4bdb73c6da6b0e2a15cc308aeaf41d459a598a1c650122fef21870f804799022f25ca298ea2c60bbd054f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

MD5 98abe2adf0aee54d67175dfc926dff99
SHA1 71bbba6b438593f93c8ddb2d91ce819c5588bf01
SHA256 686bcb9e5876d9d4b43cba51f30bfdd9f3a18ae8368cdc186545d9a202c70f98
SHA512 2335338d54083f5c40e62ff4b18e0ca96998a09d8aea95cb9747afb2e53ad010c998c3871eb0734f6dd54300de328faaa1c5089dfbe21425f41353688bcd4624

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064

MD5 9ae18ee8883bf2dc8b9988b18e2b40d4
SHA1 cb21ecc4aebc647580aa2571a01b270c5d2e1ec9
SHA256 e784ad477366aa141906318f7a1ea3b3d522939d2450b102abd9badaab7993e8
SHA512 b1e2bfa80ff3abe68366258d27eb9238dd17c29167402c1db1926f3182db4dd3fd473c2102942115b10725768bc9968c4d8ac378b31ad7104678440261f09f1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9e1ba858f6d80dc365f4b79c5fe92d46
SHA1 b88c95fe9ff23afa2a61914c554e0696bb42bd99
SHA256 38ba05d085267b2416143447219a3193fa09f4099b68fbe53c99bf745b1dae29
SHA512 406a23b627c275cb15078f391dc243dc7f74b82452b00a08d7ae39c15e99c38d54533d14c1ab729da6800b8e5a3758250b1d6440b190b30990c31baef348c365

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c26c5b773a2cf9977d61d97c87de661b
SHA1 fba4c7ecee0b23acef21b1ac11665c2d837aabf3
SHA256 fba9398a26649de5d388ef7250a005bcea83900a11e6983ca20572db41f71dd1
SHA512 26bcfa54bb07a19571e048279e027bb05b7f45a10adcf6c4fa4a1edd5300e514d23e6de8ff99db41d7d1904031a7127c46799ba8f0ea5f7a9de5c0f16aa571f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c5e1706830b595797a4497bbbd6b5308
SHA1 492992b6016789924a91ad2813bcf36673062748
SHA256 dc91e1658d6b316297e2ef6a5a37e0ffb5d048743c3a94428a8e106119caed26
SHA512 85a564a37d755b3be39bc56407d83fef6ea5752a0bbf7d859e05ad9b7567040d8601e46dd6d49e8f7b46d49e5787845da9842d502cbaf151fc582e92347c99f0