Analysis Overview
SHA256
8e1d4b97942d0b374e62c273aaba9fd17151a11f3d11397ed3104613e7fe0466
Threat Level: Likely malicious
The file twitch_pfp.jpg was found to be: Likely malicious.
Malicious Activity Summary
Disables Task Manager via registry modification
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Modifies registry key
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 11:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 11:41
Reported
2024-06-20 11:44
Platform
win10v2004-20240611-en
Max time kernel
125s
Max time network
151s
Command Line
Signatures
Disables Task Manager via registry modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\salinewin\salinewin.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633573349702228" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\salinewin\salinewin.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\salinewin\salinewin.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\twitch_pfp.jpg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7ce6ab58,0x7fff7ce6ab68,0x7fff7ce6ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3612 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4724 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x4ac
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4660 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=1824,i,15128419638580579934,6765508004356125810,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\salinewin\salinewin.exe
"C:\Users\Admin\Downloads\salinewin\salinewin.exe"
C:\Users\Admin\Downloads\salinewin\salinewin.exe
"C:\Users\Admin\Downloads\salinewin\salinewin.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
C:\Windows\SysWOW64\reg.exe
REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| NL | 23.62.61.89:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3416_VISDDJRTQMAKHKQX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c90a4ff91b369aeb3b043d23aa58160a |
| SHA1 | f1232ae5259f4558d5922be02d14f35acd699adf |
| SHA256 | cb14c65e17b36ff201a6044d7b57e750d0afc2a30b30a0c75d29140627cceacc |
| SHA512 | 51d376dd99e82a73ad729ea5ba2396cf028e2a9bd3629edb0609d8ce7ecfaa7a4cdf9eddc913429c496360dbe59ff16f3f58476df63866dac02a60b352da21cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7cbf483b154ceeeb577e35afead154b8 |
| SHA1 | 74fe43fc5877cdca0b1df9645567c03a0bec3287 |
| SHA256 | eda7208fd519d9bb6f4f7d524ade159393168e1beb39f1a0e1283aded5c3b03b |
| SHA512 | fd0869c49ef5835aecb8863e321177c0224955758011ab24c3e2e69f7f701cc94b586c843a32e4b8fa9050f63649bb26cf4367048db719e905f5a2bd9f0ff63a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ba57533c678770aab8de5f8b479fbc92 |
| SHA1 | b0bdf8760b75009d6d367f4bc5cf0d0f24b26bf1 |
| SHA256 | b882d6676cfd5f5c5afda66d2074082b8da5032ddd7ee3996c43d677a9145cc3 |
| SHA512 | 461817cb57560d4d3ca6bf79c4bb5f8f3f763e1e6d70681126d11ba7b02164294d3f22c282a6b93f53e397a323795ccd267cd591d0579d1cae8c4391f40db55d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | ef0c5b9fa7a5fb188f05227ee4d87a65 |
| SHA1 | 62186c3f9e44dfbf365b8546eaaf063497cb7fa2 |
| SHA256 | e730b9409743fd9256d61e71263ec7ba2c855579eba1430aeede401b50789da2 |
| SHA512 | 8a44477c43dd53417362affa8509231ca7f8fcf4d12c7ec1dbc70929009af275ca84287272b37bb0896e6502d42cfe049862ed00774a6a93b5a0ba7b094bd67d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a4d1e3bca33c93854975b3ceeabc6dde |
| SHA1 | cb4b29c2209a787c932f64073b5802d3890fc307 |
| SHA256 | 48fe2df0e4a43d204d5190572a3f7159bb010a73c10ac757e49800035386a443 |
| SHA512 | cc06ef2644e0712e37d0e304dba892379c151a427d8bcb14e7bde5e14613613f28f365b8a2df4e888feca6471345de69f8737c9b926f081c66c5456adb59f33f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4f98734b513b2992a442a3cc8fb40067 |
| SHA1 | aa0cc9af2eb2c467adda7604a85b950967c36748 |
| SHA256 | bd7ced43b07b240f51e0fdcf0945cef4227aee1c9aafb7d373ab464322490d6c |
| SHA512 | d87622e29941b21e3b513ef5f406f6617ee0adbf3899e7a4b93df1593a6259b87500e41453f4964c2427796d62a49670e97e3ee192ee43fa7a288c42f233d217 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 56e9b7ac23117e666ebf741b0bd835e6 |
| SHA1 | cb9c86fb3aaa2d55eeafce49ffcae904323a71b5 |
| SHA256 | fb222acd89a6a04d3a2e4d12dc89d789c2a02bb9437208f70af11606a605fd57 |
| SHA512 | e137245c558747d029b69e474cb2a813c628200e6911ea53c8a669c592c4801f395e32dfb0bc4ad9d923fafa8c0d9e05c50f77e58be231e94d3419a33b9d5aca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dff78fb72835d682152ad05ae9262134 |
| SHA1 | 3e26efac6ec63018ad6ebfa65b70a9751f60f7c4 |
| SHA256 | 3b42a2ba7fd5898493e588d26b0cb313a4ca947a3aab95e88487bd8bcbc6c727 |
| SHA512 | 5985a1ff5a3a3bf4a8f518e01ca4b252f21b4070c810f7d83c231c5fc0ad5f878017d693fb7bac226dd40985591cf5c0f99ffeb33a164be417b28c11085a7c56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e6755523639213eb546ed8bae3fb235d |
| SHA1 | d5a5731a884dfe31b270208a431e3e7d867a85da |
| SHA256 | d61695307e11da708decf21a63768a81696d863e74ed2a82938ad8b403393bf0 |
| SHA512 | c80678f6bd8479d0025a56a7f1557473950bb6ac69f9d9683bcfaf6029a19b636c1b9b25fc27205641c4c38964f2921ce232592e259319877ff8c45489d40a60 |
C:\Users\Admin\Downloads\salinewin.zip
| MD5 | 19a966f0b86c67659b15364e89f3748b |
| SHA1 | 94075399f5f8c6f73258024bf442c0bf8600d52b |
| SHA256 | b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d |
| SHA512 | 60a926114d21e43c867187c6890dd1b4809c855a8011fcc921e6c20b6d1fb274c2e417747f1eef0d64919bc4f3a9b6a7725c87240c20b70e87a5ff6eba563427 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0de10d2e6deaf923ec9a427f59858653 |
| SHA1 | cb19aa752f855ce326a241f141c7506450a68f43 |
| SHA256 | 895172a51d62b444de50460907c80f2ba524af8ebf3105566abb190c2b59f4fe |
| SHA512 | 946102b533fa2df95f8fe91b5c0fab9116a4a1f99d01e46968fa91b175e9701f44fe4500c21d0afeb13fcb1d8c140430ebf91a7e1d27ea47b9acf1c4213608c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b473717467825a4d52656a1ca1ac6fea |
| SHA1 | b00510b5055e0a4c3f098275d8cb949bf5cfc16d |
| SHA256 | e917e2d3070704795df05c03a660a72eb840f838c4596f7faa7e7b41182e2173 |
| SHA512 | a144b9a15313f6f80e29927ddf654f75d9ff878ea20c6fb7e63e34609abe379168a2faffb84a2f6bc0b4240f13f44300720efb88f598adf44ce64a65a7928489 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e878dec86a2ff0711c42d9727923d7bd |
| SHA1 | 031ebdfd189b89615e188c5f0308b1e4abed89f1 |
| SHA256 | e3c00d15d37dcbc9776c647e8551b1be766dd87a9ebf815f326a6f268b9e1eef |
| SHA512 | ee3967a037a1410a11998fd8f1769b714c875d47d285280255d378e74f65625d13ebf6f69d1ca1f40b7b94362f1e0c1df23ae491135d9adb040fbaed34063bcf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6bbb965992279b011a7d336f20f5d05b |
| SHA1 | a424254549b7323db2c7b61030ebd6682b70edc8 |
| SHA256 | f63257680148719c30538d5ecfc89d70e25f60eeecd4618d90d8d80112cb6434 |
| SHA512 | 03d7cbd111ad592191fc862dcfa9b7421c0ef352aaa6577ed9d0d0deedfe1fafbb6f2151125e041ee92eac7590aba7b76b2b1b11f2975fb0bc9ca0141c284a21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4b3b5a1e0a083d1196a9d346777af4bd |
| SHA1 | 22ae4f84d47fc3881cfe6de79d9561f33c6540b2 |
| SHA256 | 37fa2de07849d7be607391de3e69ce36c6935ed9ee8f079e23e40733a93e531a |
| SHA512 | 96c8228c89853b28fb08959ba96dacb91d52bacdbbbe7c1e771f04de3e69ddb77e9ab6c6ef0306a9c8eab01537425cdea9faf83924c9f452e54b7063dd099221 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 56a6010fa4b30140d46aba812c49d7e4 |
| SHA1 | 47182b14512935851fe440d6e7968fadf618b8d2 |
| SHA256 | c5cce9f0eb329a2b4bea73688463772486bbed136a73b097d8d73ee7a3d23e27 |
| SHA512 | b98842c37e2f67c07f3322be7a0d58b396fcb031e618870a98cb0cdf9e310ff0d519d68a941fd577eba57a31473b1e700507669bc6491e68834a5b27e3cc7efb |