Analysis Overview
SHA256
dcf6bfa9392179f23ce11d1fe78325845bf0d1a921b720ef3cd7878020623e42
Threat Level: Likely malicious
The file steam_pfp_1.jfif was found to be: Likely malicious.
Malicious Activity Summary
Disables Task Manager via registry modification
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Modifies registry key
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies registry class
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 11:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 11:32
Reported
2024-06-20 11:40
Platform
win10v2004-20240508-en
Max time kernel
195s
Max time network
312s
Command Line
Signatures
Disables Task Manager via registry modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\salinewin\salinewin.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633568206313216" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\salinewin\salinewin.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\salinewin\salinewin.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\steam_pfp_1.jpg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb9660ab58,0x7ffb9660ab68,0x7ffb9660ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2068 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1656 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4336 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4108 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2484 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1572 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\readme.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 --field-trial-handle=1928,i,7977918833124618466,15617934955592585788,131072 /prefetch:2
C:\Users\Admin\Downloads\salinewin\salinewin.exe
"C:\Users\Admin\Downloads\salinewin\salinewin.exe"
C:\Users\Admin\Downloads\salinewin\salinewin.exe
"C:\Users\Admin\Downloads\salinewin\salinewin.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
C:\Windows\SysWOW64\reg.exe
REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x33c
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
C:\Windows\SysWOW64\reg.exe
REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\eb548e9c0bc84f75ace741c35cb74d95 /t 3956 /p 3924
C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\dffa2cab486a43f3a543ebfea2c183e8 /t 4640 /p 2996
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c3.gcp.gvt2.com | udp |
| JP | 34.84.111.50:443 | e2c3.gcp.gvt2.com | tcp |
| JP | 34.84.111.50:443 | e2c3.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.111.84.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| FR | 172.217.18.195:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 195.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | waa-pa.clients6.google.com | udp |
| GB | 216.58.212.234:443 | waa-pa.clients6.google.com | tcp |
| GB | 216.58.212.234:443 | waa-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
Files
\??\pipe\crashpad_2120_FOKHLXPFAJOIXXMI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f9f1a0d197f9e5e7a9a66490c247ba1d |
| SHA1 | 49bd93ed187ac665c2710620cb9ab863683f9bf7 |
| SHA256 | ab44368c931a2cce8b1c8ea088fa97745d95c6207a5cd97dd1ed3f375744b1ff |
| SHA512 | 3e6fd1cf1f354de57176ef713867624c71ae6e78faa336dfc6104b684691b3f25c0a849d7341ee26c9a86fdefca036865185a742a264a01b82c7d9a08a08c027 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2e6ccbed4257c918442c71adc36f5373 |
| SHA1 | 859a65149ec0202952c0bce236df6e1f19043051 |
| SHA256 | 14052c3bcdf82034c210d212bb5db620b8c90e73833ee9e139237a9e3a196a2e |
| SHA512 | 7aa3df330bc8b2d766e6ff099c2887ea1cf9c7680840347d274650871e05aefb0112d40c0662b6057df2181e8c4f3004fefe15d36c718f9b1184e8ce4fc47bcf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b62092e4062206dc48572c90957eab91 |
| SHA1 | 32c5cde84cc40f4a57ee05f00f3456db88da735a |
| SHA256 | 44b9493829c015bfc3a01c0d88eb7f52a2c7cc1f0e7f279fc32e92830088dc30 |
| SHA512 | 517b20c3538a61a1f6428032cd2b8b30f9399ac039b3cbc5d81b1c66eb2629ad1a2d22ad6b03a96ee680ea9a7e975dd9da64c63c240131e39a961a3ac87fd712 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | f408553ccafbe21d6cf9f2f05dfd14fc |
| SHA1 | 9b7d62ed8454a78370bf07e07afe89cdb9967d73 |
| SHA256 | 6f1bc3b6eb9ac8f24b779cfedf86ac24371379832225b3bbacb6229e7888d370 |
| SHA512 | ae5559a41f4b2d6141ad77df5274944149a242e007a696bca5241ed7e52f7b37039f39b2f0c4bb18d7bffe8320692271362b8a9ee905e723a701afa8145935a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5acf5dfe7167a1202da9fec72b1b48a5 |
| SHA1 | 84b45292f424500243a951baaca4b1b2c7e77f8c |
| SHA256 | 53a41c14098c49c7d0261921d0a9eb82679186e88ccdf72ac14765f86d08f8ca |
| SHA512 | 338115f75652ff29a636dd0f5adf52bd5f2fa7b97843275489bff74fbdebc488f63273cc2ef19b19e23ec52abde2311d625e0c119dec6305f0dd9d79656a7860 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d6860a3ffd9bcde8386c6f1127767234 |
| SHA1 | f9ed15b0f97385f94d4341915b4b1645fcff54af |
| SHA256 | 7bba4a11040d5f77bda66a5851a747d4e0133f52833aa9086958a9bc34c30a47 |
| SHA512 | c9ee9cca3c9022ca33ddcaa59550012faa59854f964b51335768c76c33437bea47d1fc71cb5470bbb8be7d450d0c65b1a62232ad8fab62ce63e6b824165c9274 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\68c8a8de-a770-476c-857c-6b3f02579d29.tmp
| MD5 | dad7449afd30895ac5b9bd8871b42773 |
| SHA1 | 2bd9be081faad89837d423cb636812065562c7aa |
| SHA256 | feff2af52195710244385f6b0a93915950bd0e073f56d9d48c7b5298277e0c73 |
| SHA512 | f504d26263154d001d6b4a903883726d7fddf584c6615ea7f6b0422f9b2b61c25322c289e138b4ce93ebff70255294b29d86a82c60f8b39c80cbe6d0b5f3b66b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8184d965-2308-4642-9ec9-1e38b1d1e55a.tmp
| MD5 | b36af20fb5632ef85c389ce4ace2a9a8 |
| SHA1 | 9d7846ca633207a3edc7d2e436a8967ffaad5790 |
| SHA256 | f1eed13f1625266fc45295a749357c7ea4dff27e2974e48e54a60749a9ae771a |
| SHA512 | d2a63bb86545c76685970d74855443c1d7ca51739565855a8e051e4be7b0c04652daba297a1d0e85896b075a145c9983a9b6af4d27be0cf823e7510829d6a71b |
C:\Users\Admin\Downloads\salinewin.zip
| MD5 | 19a966f0b86c67659b15364e89f3748b |
| SHA1 | 94075399f5f8c6f73258024bf442c0bf8600d52b |
| SHA256 | b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d |
| SHA512 | 60a926114d21e43c867187c6890dd1b4809c855a8011fcc921e6c20b6d1fb274c2e417747f1eef0d64919bc4f3a9b6a7725c87240c20b70e87a5ff6eba563427 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9171302511abe10bfff803e24a0fdb4c |
| SHA1 | 101748e9d3c5fdb5b2ea50e61801f187014683e7 |
| SHA256 | b6ba800f87e43d55b1f7811dfaed4a914467470bea9f79d1be5820865820d7c3 |
| SHA512 | 53d104e5deb12d0bc2e8aa6c747fccdd9045ad6e057345f38c68eb675d51c35eadf17441816f423a300a119885b08f439436b5b035fa006239db2aacfb00dbd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 339e7df572d9101b8e83887a5216f245 |
| SHA1 | 24cc7320a17f475455cfd03f1c4ee84be93a11fa |
| SHA256 | 2f849e10be0510e9cd85db86c92de6ac90faa406d7f0b89c21e08ac33f2375ed |
| SHA512 | 25c18dc64f872de2c18aeb5cf8cc8edb2a0752d514e955e3c191bbf500fa7c2542a8050e72a18309f6df2ec505ac576125c6d13a2686182e42f25e05ff7e9707 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df8f32a1b8438cc33fe2c5fec52a6416 |
| SHA1 | f031adfb9414b2028299a0f5c0f8aa70b5462cbd |
| SHA256 | bff79ceb6425cc096da1c4f36d36fa72cd132509a735e4a7d4341d24aaf89cf7 |
| SHA512 | b3cef29b3bd60a50b76a80e1989756532da4168e6e059e20bb135a44ad9cfe6f710a5a95a68adb813c3a136ba230bbd59c36b969b6651ac1c8a08d32e520649f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 56d7096717a1f9a6d2ec8577cb308190 |
| SHA1 | 85b6fc0128e5c879eeedfc2c953349802a3e36a6 |
| SHA256 | f0d8a52acbe2b94aea14637e75b8383d725a2051d152a0043bc3b01e1ec2d0ee |
| SHA512 | 10308a302741063d61b83227a0a575b0825aaa9195310fe4d70b08034c09deacb026d287628ee6fba69514fdacb5220f629ccd239ae9e86fd753bb04911239ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ddc4c7d936dbc0dd9b596cac32eec590 |
| SHA1 | a98751a7b78bb5ae507ddec6840a897a63ef4655 |
| SHA256 | c610ed6101ec67189d7dbc317495f0e1c37db88c61cc691ca3c5649d81baa0a3 |
| SHA512 | c0139ea4982e28ef37c4a99b6754b49bf785f5adad0e8b9963c1dae8dc01e750c10924a840b1ca6fbfcf22cac070e7d1309c5a9d60f51027679609fd38628120 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591728.TMP
| MD5 | dcca6332c77346a4849bb8a700343ed8 |
| SHA1 | f71908ae86d3eb4b1216826ff7fd2dbdd67f7474 |
| SHA256 | 5ac18bca8bc61aece1ea21d7f3b788d8ce41239a7ae7045cac78c8ca6a2edc95 |
| SHA512 | 66b36201b8670e119d30000e99c3beaae3ff2ecafd20068ee5bb1a479cfa21a9368699b4f5c8c1e936f724776fc90123ee9207001959f7e7dd15dd53cc8abf1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b79e55b6bb39eb68846e8ab82918860d |
| SHA1 | facc863b6d2b2d7d6be1f142f930e9e26522e106 |
| SHA256 | 691568bb48037be5d86b5990751109c0155a181be2852b5963611775ab7884a6 |
| SHA512 | 58f6f33b93ca55d11861786042b51122516d2ecd348ced4bb2dad84a21afb864dae470cbfb0fb5e2366dde4956ae04f5cee8464c1dbe20b8ab830eb809bc7fa4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d4157acc9178bccb2c2425d2f1b6350 |
| SHA1 | 74af1040c2c2eb79ea69cbb14f389f54f9a7a595 |
| SHA256 | d444eddc57c0fe3af76a0ebe82beab3c55807531c8f710ccce14fa0990b08b44 |
| SHA512 | b5510d799b647c548b398537fab777db7eaf1aac4392119336d4f649935051cc979bd4c15db446515e41b8ae1d5cca533567e2bb0938fcc29c5badd786b59020 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e3f4f16e6c4492f675d9a6045e2b6459 |
| SHA1 | 72e8665fd84756a953dac7dbb57012d23b51ffbf |
| SHA256 | 81c3716bce79d7d4a30357324f8a760a00f2ca035bc43d5c5356865070e6c7bc |
| SHA512 | ad9be722799ca3b783f046880df2ea9b259e643c85aaed2ca6589e7cb6d0e6d358bba69a84a02766f67b4b8926796b4a19d7c4066e52d937150399cf9578058b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8b144f644f660db28fa02a99335bcac2 |
| SHA1 | 2a3aea3dd1a4c10393e1f61225069380ea84b7c9 |
| SHA256 | 2162cc326711a5494671bcb0b91eb4bc908df993068489f6dd56375881a61bfd |
| SHA512 | fbdc422a2dfacd21d1de1ebcc5c1f5187c8903d891fead0955d96b27c83baa83b0ca6fbd57eaad0a45fd051b9d124c8ebaae44071d072006a6a371541a9dc76b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 97e74fb22ea544a264e7808e077c4316 |
| SHA1 | 5efb707771de18f661d0bf6f475c4c5156db1b45 |
| SHA256 | 1ce0766d65b0e8b60d99a056feecf2e056d56aac70ac62f21d887fbb53e2c8fd |
| SHA512 | 6b69f71935de5e3d24e61c77bb3b09261eb72853b37d64425454b2f736d128b52d837f373e1a8d107384f0858371cbac7b3ffc1f3cdf8a72949217f5d9ce1a12 |