677988d69d9b82d2933600fc2090095b552e74cc1c894165382033fa8e79a878

Analysis

max time kernel
1795s
max time network
1221s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2023 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8mb.video-HfX-rFD3NWEH.mp4
Size

4.7MB
MD5

1947b26d20df9e9921a1db8963ef35d7
SHA1

ce6a694afdde5763f00180500a76a9e9790adcdd
SHA256

677988d69d9b82d2933600fc2090095b552e74cc1c894165382033fa8e79a878
SHA512

34ed8c07cd862787f7c051a75078321da1ce8177ec6f6063216febca133b32cef681e2eaaa531b009dbefe3f35d75e03527150188ce5b1dbf73233d08d26446d
SSDEEP

98304:ctsS9umozlvUAqgQj7Vf2s9C4FOgFyKUy1IZdeJP1B5pjT3WQkzl:cRuvlcAqdVeF4IgMK2ZyDT33yzl

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\F:	unregmp2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133265073509261617"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1424	chrome.exe
1424	chrome.exe
2832	chrome.exe
2832	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2052	unregmp2.exe
Token: SeCreatePagefilePrivilege	2052	unregmp2.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe
Token: SeShutdownPrivilege	1424	chrome.exe
Token: SeCreatePagefilePrivilege	1424	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe
1424	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3764	1660	wmplayer.exe	84
PID 1660 wrote to memory of 3764	1660	wmplayer.exe	84
PID 1660 wrote to memory of 3764	1660	wmplayer.exe	84
PID 1660 wrote to memory of 788	1660	wmplayer.exe	85
PID 1660 wrote to memory of 788	1660	wmplayer.exe	85
PID 1660 wrote to memory of 788	1660	wmplayer.exe	85
PID 788 wrote to memory of 2052	788	unregmp2.exe	87
PID 788 wrote to memory of 2052	788	unregmp2.exe	87
PID 1424 wrote to memory of 3728	1424	chrome.exe	93
PID 1424 wrote to memory of 3728	1424	chrome.exe	93
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 2136	1424	chrome.exe	94
PID 1424 wrote to memory of 4996	1424	chrome.exe	95
PID 1424 wrote to memory of 4996	1424	chrome.exe	95
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96
PID 1424 wrote to memory of 1056	1424	chrome.exe	96

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\8mb.video-HfX-rFD3NWEH.mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\8mb.video-HfX-rFD3NWEH.mp4"
  2⤵
  PID:3764
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:788
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe3ac99758,0x7ffe3ac99768,0x7ffe3ac99778
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5024 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5104 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3520 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3328 --field-trial-handle=1832,i,15065799490200306124,3301496710706279554,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4348

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
96KB

MD5
2639291d875ba670fc8de04562d06173

SHA1
4f98b16e777a0acaf7dfcd51ff9b8fcd555632d6

SHA256
ac405bc669127a8143f60e44d5c94eb2eb1baf5b55b7417e0474892f4d70cc3b

SHA512
5dbd57fbbb7fa0b98a7d0f0929ea93370d7bab142f5e95defc69c0d039d4db4c6f59f6d4bbcd3fd99c215ac23640144fcf05e2a46be6f0945a89173791ff64b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
65KB

MD5
e01e340264a384a45b798bce286db929

SHA1
256c593e60ad33db20496437b0f24c845f617cd9

SHA256
a7979bf4a93594e255708fb09f0ee3d700f6d4690f92288e09da9f04cd27cfa8

SHA512
bda158cb2be176983b761520b94c9cad6ed23edc716542bcefbb4cf71ff39c67f7f48fda4c4208a394cbd077f156ee364a3f960a3f1deb34fb8cceecbc7d4c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
49KB

MD5
c12075d6afcfce79df001ecba960cc0a

SHA1
f11913a40353bc451298b24b47642c65d591c2b8

SHA256
3d738adbbd4904e038babeab34d1481963921df6d8e7fe721e84649f1518cf05

SHA512
b4732bb0b6c5edb0f9d42e1f3d3facb8752c81bb70c3c7982ab14d7380b2bac31c367b77a11163592a511ac13ef894009846760a0a1246eaeb9df11c6408132c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000af

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b4

Filesize
383KB

MD5
e47e0a7de85642a202c7837fd3e6c432

SHA1
dd50f6e4c3fa45fcb868f4d79e0920981e2053ae

SHA256
225043ac6d9533a09b08967b0474f236fb47d571c62320e8aebbd7bccc7e9fb1

SHA512
b2e7aa9b55dcf682ecc0c7a71e74e63a9f8e0a180357fb1273ff01049858475f55ca7fdc39a96f02bb119f620490a545153d7b06572c7f6ad6dd9adce1fd304d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c629c13cf6dd05cb28083e990356f6dc

SHA1
7651c6229704599dd29e61961322d9a01b663d5c

SHA256
04b97a925d20827bf5501dbbaba0fc153bdc5837e606130cd9a327967a8d08cb

SHA512
f26008cd8db21933631051ab86eb18fe68f1f0619c856b7eae7564404c13b158461056caf60df523401d9e63e171156a8b3ab7a6f45248589c7a72719ffe4bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
bea2125c0f5b29f2816cb26ee8556fbb

SHA1
4668db3dbd9e71b15a35c16a52e034b7157c1861

SHA256
a980ab840e04baa8f9a0778050de1252ef44a474bebdd8c89bed2528c06037df

SHA512
054876efa2557e506344499ca05758398978e8494b100ea42661970e8e88846ecdd522c6987396f93038f2b1688eab8b7cfb98801e36467552cc63c92e3dbc9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
22cc1d7603ee43c29bce3affdf747699

SHA1
50a8f7b41429d6a5b471dc86fe12a4a65217eff7

SHA256
442f99a2dd320d690672de8d38ae6c868a6dd996a0b9720d7ae3f15185d0ed66

SHA512
d89283413632d67cfaef6c925ceb28ea2e1bcec012ea49940be84dc5a9bc44c1a316be8325dbd93955dd1c810a071e07903f613776edb09765fa47971b833e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b6d797585d7690044305f7cdedf71e6f

SHA1
7ec6b993878ed43eddddd97846e565a19eafc83a

SHA256
c61ae6244c228e07a3d27e145d189fe8a592be7a70d78521613944a29a80ee5c

SHA512
8ecdae64458ff49cc750d94ca7c780e3d7623a706ecfef88bdd3b41e77a608eb262434a62e2d5608582ee79909dbad87fca372044624e16be1afaacc4b204aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
0daecb60c3aeaff61fd7cd2d63c4883a

SHA1
ba9ede1b22bf2cbcac6eb941629a58929d7c62cf

SHA256
6a0f71a3563a6923f22b7963134315e92960ee3f4be424a669ab110c681f1b37

SHA512
caa0870232e243ef533f02ad05c9c4533393ee3c270a1d1b3276f15494c039790c6ed95a2413f27cc7ec4be4feb206c0da089b1f027a0576ac415219435d8ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe58b06f.TMP

Filesize
347B

MD5
f5a4121f8d402048a6038b69fbb45f70

SHA1
ac1f39f80889fe1592cf208bfab765d685d04a5e

SHA256
00f552321fa95525c8192a279ec82ad90e9e5d729ff97cde03c1bf512f7f8526

SHA512
bb37ca4ec6e18a3d1946d28e79108f27f0fdf3112093e443c8b6861c4efcafeb79e3c45aeac2bffecf5ef1a4d88d334c1789d3046affdad9147f150384885cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3803b2d158ba70f5e0498d7ed1feed4f

SHA1
4d166f0b704c6c799fd67e8a1790c3f68d396ffc

SHA256
b734f0e5c22ea6510584d037cada6b28e5605a5ada559877ca89c63486e864f9

SHA512
c20dc6369c5c36644995d18b7d81e9443419a7d7936f8aa2bc6062f1d0a18eec9d180fd778f2a35f910c354a2afe51becc3fa3ada8757d78331a97e771e46d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3f0da2feb3a0f5245990ce834f38cd68

SHA1
cedeba4d6835ee2b7f9ac7422779f4125fced42f

SHA256
f6e26fa78d52d8829bc4b6f74ceca7701c4312ea3f96fc06bd24b4b272f5833b

SHA512
600c9a7bee8d6f54f6bf3e78ffaefadda43bd0898ba0957a53c8ef6ed21bac641ab7dd352e945a329823c52cec4b38572d30d4932c22c340164ba9d8c88da600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
18aba832aee98648ad97000f9e9b89f0

SHA1
86486620a473f7ab812c37b16c7057d38ece7b5a

SHA256
6c909713b05a0260845d5dca0a801ed2d812cc18164a088994537fdb476515e9

SHA512
f952351bd693732263761344350853f1d0b265553556ce028d345d43abcb277a2d7473825e51ac0befb50813d459627218e83a600a42e54f14397c1a100d706f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1af6e686ba66337860e64726660673a5

SHA1
9c3199a467fcb4cf9511b5be772ec0c4101b775e

SHA256
a95d282e1da119dad1dbecef0a4dcaa6ddce8e5798a5b2d8cf9b20ef23e6084a

SHA512
616911217af1a521b0e4cf60b643eb2286c9daf13aab521cd0f2b93611eb9f1bfcb728fccda614e4a76c94f513af63d46a811e4e7daf1d45e9385ac39e08240a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d06eca0292c377754e499e93c53ef5c7

SHA1
624070f6179fc6d6d0db08cf22e02b2e3c323ab3

SHA256
0d166262eeb54152eebc24b5ff5c0b81098f43fe34fe1444486685acccc27ecc

SHA512
e593429cab9d661fb5c83a1d5fcda4bbca9d577a5f5b6f025495416fa49f826f76469d942916de0d55df5502bb6382a5db6d93b82d4b2def487946cab0576934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3a3157311727be1c7f64e7d2172dac30

SHA1
147840a99a16e83b01dc81fc3434c06d9055b2d0

SHA256
498e7595dc1cf8f4010a06546813718a1e13e12b93043d3ce0ecfd4fc557f7d1

SHA512
51c55520f0d6505f985c83687da6a07d4df534f2de6fa08f4bdae7fc54b9da0b781d52fc77a433115fda233effc8ff56b635b3eaa4461f234d089a23dc7918de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a76f8563242b93e66ea2b8941085aa88

SHA1
9c96f23603dc4170c7bcff0171f1b76482dcdc49

SHA256
2cdeda491d1944edbb912608cc36fb03ab57d81893bd3b2b487390774d53a7a8

SHA512
74fcb8fbb696df53a59a92520cb5631a34935276c682688547235fc58eaf5ce32c168cdf4b0ffb79d7ce25e02d3ed9e20f50cdbd254dd7fbb02177629301e155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bf46fca35abeb08632fc5980ea2f47d8

SHA1
bc9ea6d002448fcbb48886a4fec36c186e78746f

SHA256
aa31d4ff0ff2eb20a89025b8ba1d8fe4a35d82662b67e91d158b20b5669aadd7

SHA512
ed7798ac34c81edb0782e61f94c6eda5060eda5c8f165f137bb851651e94fa11e3abb807b6a3f0daddb0bb63cf37f0dd3fad83b2cba3c4e1267a6a94b3e86459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1c1b5e9950f0b4a7b8e1f9d4d31789db

SHA1
48186bb757b88cfd78df5e4535c01ae61892e504

SHA256
20bab89cfe2be9947eef3b9110e3c261d3831d8f4454258a1e4ca4b1d13313a5

SHA512
dd0d9d275090d6772dd771408f092ef6a4fc182a80c9883e879476cc148ca9f5698026e7f7703a868fb3846e311a85db8af2f0c6011869c247167653dea42bcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fb703fc2bba254b2d00f071ab5827f82

SHA1
a4cf403e0a201f9153480441d0516dc9de0563c0

SHA256
44d2721004977f00b5f5b01182ae64b173d125b02cc63259d60b14e17f39df53

SHA512
fdf62b51d3be4ea14a788fac2052b6cce0696701315b9d573bb43029b93c5ee32999e1ff9e34de2288a8702db29b6583839460c56eb9f8eb31f1b8b449666d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7b5213c4bfb43b5a4f130c5b05a0bd83

SHA1
bf7b92a52d4a3ccca953f9fd87457dd5c0ecdae9

SHA256
69a3b9d82ed92e8a3e8cae3770b75c754a40289a441e143bc5954c71fc6d4c36

SHA512
d01193bc023851c072e13270a43bb6616549335b6eb0b897873e7541a60681e80760c0bad2c2a23a128bb508e3cd22a8b3cb3062b99b50e1cec0f2e50b0c38ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a0857eb0130ff3dba5bed99afbddb3cb

SHA1
5e6baeafc6f1c56a1efc33610787a6590c296d71

SHA256
d3347276a7b55751ced50b577cb521d03ee54d8a84aebda63b4ea169d771c124

SHA512
734f23fe51ee81c60b79af4f1d014f23d55a7b3c93f13c9c7465c7489188dc268bb0689187e57191500126795af1bbe26db5d0eaaaf658be55c8bd377d8239eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2146b121aae1fc0b209f5f4d59c4fd63

SHA1
ae04bd6dd8ec6c270740aeb04a75392e3566d505

SHA256
f0da5f89a3d3b1680e73e3ed2ee66eef5fdf5852c57ce9e2a60abe6fa486942f

SHA512
a1e6f3b46d07eb4a1960e9cdefd6fe0b11de467e6e72d1d5f8988aec6f2e9ec180b99d71df51a83cd9c12365efcc38fb531a3f8a0109f5a13e967d9b24922034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be645e8fcc1bf07cbcd855ec0ba80479

SHA1
50831a74b60829213e5681254727dbc87afa66cf

SHA256
c886782ba467346b1e4e0ff737de5f909708c3fa441057d8a3e84a1da8958704

SHA512
53a2a12c359744b7b8d8a137298071b48a7809b9b34211eb334a660d6cdff0dbe3a178e9225dfd0d8f689aaedc206921e5ba3d434c2f30682c7b410f9d3483b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e03fe9eeddc8449ce4ce69072a174d77

SHA1
72378d5be18cd24d71b0ac91fb94b7c8fb37f634

SHA256
fb0bddd9a9bdb27185f4b4f3805afa7338186bd68a15991db41250003a9e5adc

SHA512
601008f107be95e4132937fc7f2aa430f817b238fce07e9cb040156fb86a57071c784fbbcd05c282e8a19153d6090b9e923b9d5ac62bb32745c53b8847cbcb3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c896406ff80dadef293f17dab6af489e

SHA1
f979e0ed943484e30c6b9acae6ea460034db9011

SHA256
da2078a7766639ba1a9053e0296c059c67a866816521ff2c2ddf75a3c21a3bff

SHA512
418244bace0b37e624b7faf3d373581cffd3cee41a79fce010544fce67d476820e5a1eaf2117c43524f15df2b8bc660605538d8a89637d93e2d57e0ba49d9006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f879644434b6244810cbb0454ce9fa8b

SHA1
0f77794811fee65e70f6d0ae99ef4a539b846ff5

SHA256
409baab93e8a92625aa1aba9581333f5ad6614d00d31f5f6bd1462cfa693c72d

SHA512
024cfaeba87c2cad4bf79054986833cc7eaf843e916bb98eb639f712a50892f436a63d4b7349493ba1002988e83dc92489ae21a646717987c4e0bc413233968d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a99fb0974d28cf4745cc52301e14d8ce

SHA1
a86672e7cc1aea00e4f06a879f2ceee1d27e9552

SHA256
4a8c8c3726263b4f8aa94ec2f1de326577fc9ef823f3dd419c8d83edcb1abe70

SHA512
dc8b1e33764974fe5ac996a8f82e661b5894bdb163399f24fd9e65b98f3f4ad027c672ab66c8d950a01748d4c138624e7a5beb57b030fe3d8fa271c119b5be95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6fe33a029eaa91096e2054bed8a0e786

SHA1
3207afb71139538a62390471a9bd180e03cc6139

SHA256
00111a406882485ca57b6b393fc55171627b2adcf98dbc9ad671a9a777e7f841

SHA512
a82b05779bab02d582fdd7cf9ed55f55721dd2316b0577f0d6b532e6d2d61983a28c303e776c41b9e5fc6b86eb8ce006d37e353722b7546d39ec5cdb9f6b6050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d660f9490b5c9b04a1e85a1f30e3e0a0

SHA1
f85a45d69df067710c2df7c404142075c1df0861

SHA256
78cf64f1b2984b598222c05c14e603f2f2527a1f2bb61ef1f3347db912311fa6

SHA512
b9692fc1fd02fcc1114001ffd7268858d2a8f9e4ac2e4485e2a5075cefe411cab43e543af1f691c7a17db3bb32e5e37100b560e57d5bc1c7b5d2cf2de8e52221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8152bdefadbcf3d6e9ffa7811173c80f

SHA1
35e397871ac58a8e2e2bf47ad178c1388241b893

SHA256
67591c92e9193b959cbe80d248f40e22b45efba9c5424df3e8842e2a248a64cb

SHA512
0848b85ec0c11dd721625495e5ef77455d44162ce9bdc66351661cccc6f90186778e5df955343f0f97c695fd8050add7ca789826ee0b7ca6ea30a3b8ab57cd94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
d5ed450e655704d38196b51c8f5002fa

SHA1
5f6740f269806a6ba6f478b90ea5c792d21a8f4c

SHA256
4cf6e4454705cae6de3bbfd49a8c5659f3ca47b2c50078111cab9d0d8d2efbeb

SHA512
4d2fb3d34aca0f6e1a2a6c316f05843274c95e179fb083233a58f8b644a841303039f7c6e34471632097d374186d1aa07773da9e6cbc31835d4be5448c6b9244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
472d5821c849f821d61dc07bbe2fd010

SHA1
2a7a0cb6ac4e10c74de25b948a66074c930274ef

SHA256
d139adcbe7069fa2f20b6b078a92ec89aaaca72f60d045dedff99b82743f2206

SHA512
c9f1b51dc465a73613a165cfaa8c66891723ed9189fc79a7054d25b7ab8b28350ce7a7eaa8f7f5c0bddc8d3492abcfec09542ec010b1b1a8be92570d0180ae66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
8417a9a08de5eb98fdbf3e7f19c46ef6

SHA1
7b87b9c903e1aecd5738d20e08a0c56aeeeeba3e

SHA256
f7958ce19bb3ea704836bee4f7d650a597293ef00bc150def02410d1715d29d1

SHA512
af4e4f4eec355bfff49d9161744d6ef218e6e54fa9c2390e5833cc5e3e2031f508de2d206fa5b2fd98384fefbc0f7f676e011bee3d330e2c3707192589bd9558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
82995b9178ba09c8f83f19a5aac1ea5a

SHA1
230eb8a268050e61f1f4c2167776a81ddc57686a

SHA256
de7dcf21dc65325d2d635b296bb475fdbacc205e9112232dbf5963df2e88e27b

SHA512
9970442eaa8358db580be70aa214a51e441de103b16ef6a0c0297dcfadb66ba7afd0151da7301b6c5c236386367ad09edcb0b40ad72e29eea07afdab9b953ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
4b8279202582dd769697dd9b764c0a64

SHA1
e89167fc34110c6f8ff1eaebbdb507e7220cd70f

SHA256
8b9ab92e18206ecc5d0e177f7c177be3bd7d6e9b2d532ffd1e06b3fb593ca0a7

SHA512
b6484c64978c0608e2e51694fa90a0da7f8187901a4daaddd8af210e122a07e0b0feb10f311f094dc86058e6d0c4d64bf30aa1d93f21aafc483e7a1715589695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5730c4.TMP

Filesize
96KB

MD5
a931e993de53a70cd0c4f1f5c37db3f3

SHA1
669fca4c21eadda244595e362bdf88e459bd3d92

SHA256
01f059cb58b30f3228ef87e690495adb9185ac445f053ffe09350e36a896aaf0

SHA512
942f691b21eedc39dd87c89b5e0dc6f806e9cbdfa3494920dd241fb21495b280f69c36477257d9f38be9a9ab67969cfe1dd11d42bee211217689b6a3cf78efc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
41e020ee798eceb4ac90cba2142a7a1b

SHA1
714ffdf4ddc441ae72c3fb2e4548a8219ad06fb8

SHA256
60968b6f285adc7f7347c43815c17a27a383807366f91212b81b17cac20131a8

SHA512
29d22703589df058c7f3509ce58f8e2f8fdf1fc2077e0622a796e4f9c17e563994e3cce83d74b5d58d79ae5b335a1e114c86ca7fe149bab10c3656c0acb0ae76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
d91734b147d2b5c63b86424555ff0ddf

SHA1
974af5ff99a1c482a896443c0a81db77e4d5d589

SHA256
f56d5190a73c8e73210174ba5ef7909e93e45e52728ebd4324eaf7f991dbb30d

SHA512
121d9bb99618036f442d796286371c89bff759a8685744f69f69171a81fec249b1c9a0d597d0d2754cc00aaa8231978587895559495f5639c92aed2df62f96e7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit