ddbbf34580df55639d25c93409532171c3d4230a7609d5909e1bff1f29979cb0

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2023, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df4brk2-5f3486a6-6e7e-42e1-a5b1-1b419ef75c9a.mp4
Size

165KB
MD5

f5eafcc303576a4344588304f9a0cabd
SHA1

dedec3c11406d0356d9c5ea487f39306b95e29d5
SHA256

ddbbf34580df55639d25c93409532171c3d4230a7609d5909e1bff1f29979cb0
SHA512

502d52cc58fd3d65f4f71e1f220be45a235710a3dc1dd6514c39dff348395e1cc63672b7030b540eb172d50cc5e0be8882080552b981daef2b2df00eaba6c459
SSDEEP

3072:2YOSb2U5+6v3Bzq0OCj91PMYi0BsRFBlgo1NaCPl/VhfvAgedFSrK:MSY6v3B2yR1UYzsRFbgouO/jKFQK

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\F:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133277891030390510"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-144354903-2550862337-1367551827-1000\{F2C71295-6669-4785-BBFE-F99971610930}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
5276	chrome.exe
5276	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4688	unregmp2.exe
Token: SeCreatePagefilePrivilege	4688	unregmp2.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: 33	4684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4684	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 4056	228	chrome.exe	89
PID 228 wrote to memory of 4056	228	chrome.exe	89
PID 2140 wrote to memory of 4064	2140	chrome.exe	90
PID 2140 wrote to memory of 4064	2140	chrome.exe	90
PID 1476 wrote to memory of 1820	1476	wmplayer.exe	91
PID 1476 wrote to memory of 1820	1476	wmplayer.exe	91
PID 1476 wrote to memory of 1820	1476	wmplayer.exe	91
PID 1476 wrote to memory of 2868	1476	wmplayer.exe	92
PID 1476 wrote to memory of 2868	1476	wmplayer.exe	92
PID 1476 wrote to memory of 2868	1476	wmplayer.exe	92
PID 2868 wrote to memory of 4688	2868	unregmp2.exe	93
PID 2868 wrote to memory of 4688	2868	unregmp2.exe	93
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 228 wrote to memory of 1276	228	chrome.exe	95
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94
PID 2140 wrote to memory of 4792	2140	chrome.exe	94

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\df4brk2-5f3486a6-6e7e-42e1-a5b1-1b419ef75c9a.mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\df4brk2-5f3486a6-6e7e-42e1-a5b1-1b419ef75c9a.mp4"
  2⤵
  PID:1820
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbf2b49758,0x7ffbf2b49768,0x7ffbf2b49778
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:2
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4616 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5072 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4748
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff6e0847688,0x7ff6e0847698,0x7ff6e08476a8
    3⤵
    PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4544 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4816 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5532 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 --field-trial-handle=1892,i,17741506613372548389,12385993084002529900,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffbf2b49758,0x7ffbf2b49768,0x7ffbf2b49778
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1360,i,16937548778782589633,14181588763665886519,131072 /prefetch:2
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1360,i,16937548778782589633,14181588763665886519,131072 /prefetch:8
  2⤵
  PID:2780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4800

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x318 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4684

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
1006bdf1057fd7138f2c403e2bf7d02e

SHA1
271318c7477bbd10ed8e96514cf9d8f667a11e3f

SHA256
17f0ab37464d5e060c0fd3d27582fd82d27257b99458a626207e1f1ae9c2e93f

SHA512
b64cde5b23ff34d33363816b2bcf5f478e4ef815694ad952761fa5ebec22068f7a15c0743212ffd6ade7602bd0bf3970beeace36a67217d1f2090618b6a6aca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1e220314fb5a8af2585f52fc037efe59

SHA1
b5ddd489c0130fe24fae8a8579c7b5b6e92e8470

SHA256
16b27b7f48d12b90031450da093f6abc875e23b89008b506e21c96751fbb265c

SHA512
56402b52d69f5cf5b30f178bdf7dd86987cd4c82531757da78605f17cd7f5cf3efaad167f1abaff67907cc3ac97170e048c34684da6dd99afe4feb9d09c9abe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ceb0b953b1ee7cd9a31ab82189325c9a

SHA1
1ac0a3f2eea888514787e82f27792fb835f4f8a4

SHA256
4e446436de2d141c458aac25eb1f01e339754802f307ce096e97e2413fd59f62

SHA512
2946f2f2ac4ae2c5efb25547459eaa87bb0039c59397bd2a24ca06fb58c0fd08f73829b30b22ec7e9c2b4eb6d915cf8aac2961f1c0b58e0e424d5d18f091cc9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e04ec921ffcee635d543757d3c471c27

SHA1
0b3e5989ed3ca40e3d983993cf611fca480273ed

SHA256
4133202037c0fcb200c6aac964255b386cf76abfddd32d6dbb628c9197ca72f2

SHA512
d845dacabb5afff0dbfe623fe53b93b9657cd68f465a2e3f3dfee88e69ca72ee93f58fe07fe7ffb17de81d4926f674e2d64d2593f9099c65551fda438e3ee2e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
4b3dd23715b5e44dbdbbf4ca23f09bc0

SHA1
650e194b8c44d7b436d04be1900712290d50054a

SHA256
877d0ccfda7d8dd23ebc02684d4040d44537bda830fb77c034291d59156c2081

SHA512
9caddaed0b029529ab07bc7ec405041de4f25e38a0fcca764953d6a7674579fa52da0b5892a19b5a98e5465cd8967cb7a8e07068fc7d8882e7ccd955d5e1214a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
a2c109adafe791cdbdeea7ed42bdab0a

SHA1
4e8da098ca40ec653c5cc772431a1c5f40da2285

SHA256
5066805b4d960e682b4136ec56ca7ae4f773e3471e2889a8510810276c8a32ef

SHA512
e8b3984dce7697799eddcf0c18924d24fc598a1c426c414fb5815e6328627fde4d608c69082deb3ea5f286f6c45dc78cfebc37077fdf2f20fd7193e268fe1ec7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3cce0da61792851005527f2e3b277ba5

SHA1
a99db877260d80145f5847328d3c4daa2ab14eb7

SHA256
870983ea93643b43433b0a5f64332ca9ab7228d283189d5839ae875740cde5cd

SHA512
dcda30c38304b8a80a982c8e0bf60f1785f4be413915a1263331eeddbfbd928f0c1d248f4add5be4fdd31be65ba4cb673067f4f76acca304555c387c2e5faf5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
19988ac04ec3adcd3d974e6af62b84bf

SHA1
811d86e34569e1b013799e4fd1aa3c27c68b25f7

SHA256
3dbc4941e807db99ca13d1973b57a08dd891de956dc8c31b113d8b4160926b48

SHA512
4020e2d1d06cfbac6f673062f08cd932ded0f106e6052235cc1495fc7ea8c92bb796c65d1e1ea154d17c045301c72ecfb49319ebd1f445921759f4bffc5a63a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0423b3ca75ace9a72b0a45d4ead33532

SHA1
239ef3c180489c29f3b96a5b71bb0333359d1a76

SHA256
e34e5c4db54476a6570134d20f29a8eaba14e4315fea9c2aa6b88ac9d4e24b46

SHA512
58c3eb683039989b71860b28f0bc6eb9dcc30ebbe8f3d52f2a14cc07d59423f6621f7c0b780e29ff044291916f6d05e13ed74ba0602c87cf6e6f5cf98fb1584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3146164ab462d8613f1dc0bf96115eda

SHA1
b4c22349246a46cf42c311a1bd9fe7745c7675da

SHA256
0f9abc7665af404b0965660974d1f4ad346048d4c5e1fb0f7fa9f8b591e57875

SHA512
a0259d543f52e68bcb47e611b0745caf2691ebffdb5f49c9b33f245526310f8f0e7250faa8fecebb3753ffc8459f8f5b069ae479fd0b773acd018f7070329edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5ea72e0d-93a7-4132-872e-99439932e297\c0d246419ef08e9e_0

Filesize
2KB

MD5
921e481959e87ba0d4bc9b368227840a

SHA1
d67f8dd4ae3dd71538c7f5c0cab9ead2682ca6c7

SHA256
ca245c9e6553380e3e6c8a308660d097ef841db2e9cbf515aed88219addd3e82

SHA512
208f94bd238324e29ac3127b8a6bc05f030f31c3ebc07143ecab770bf8b2c0f587bee25c436c2a8afafe629d500b6c5e0e76c0711bc0e7a48794fd63f85c19c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5ea72e0d-93a7-4132-872e-99439932e297\index-dir\the-real-index

Filesize
624B

MD5
463434985da411d03f051eb1f7d623fb

SHA1
67b37439d9951e65a58e8c852ee2f9f3338e90fc

SHA256
9226ead6f20df46adb8dda9de68597f7d130adf4793924ec888ed2031ea43d43

SHA512
1a4f6ac8a530f81bc4bff5488ab05ad79806441fc39fe511deafee281d616fb765b5cb8d4438850e073fc0c8bb6edeb3da7f8e5e750ff17e9d578d6730f3d80c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5ea72e0d-93a7-4132-872e-99439932e297\index-dir\the-real-index~RFe5799cf.TMP

Filesize
48B

MD5
15cfd42df67dca6d69744d3b524a3632

SHA1
8ee15bd0346d93fd87b281906e4d1aaf4dc5b79d

SHA256
a92d436e4e29c304ed4469dc93480013e15c4fba2835817c5aaeadd53a114430

SHA512
83852fd5e65c464d4ce0a9e87a13d3f286cb27f098ce760f8cb1291cf2959aae337043fb30b1f7ddaa707a464d3c4361fa3e66cafb9ec1725ef635ab50ebb500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
f3dd0ac238a5cbda99cc5f946f798562

SHA1
7b234e98620acd457fb7c00fde9323726482a7c8

SHA256
167a72cd1ace9b75f6f71e354ff06122e832fa20971fcd48881eaf4bc3dc29e8

SHA512
e6c20333ecae48c26e0e01f7aad88d04b37cf2fa71a9dbd90c23f7a33e3b579f5c90e78161d7e77f93346e94e9b73de8db63dca1eda0fa8466b8ff38fc05aa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
4e3366965d2c419360c0e5970ab997e3

SHA1
43421bafe874aef737259851dc3299e927589969

SHA256
a3e100fa1e909f90977cb05db3cd696d1539079ed93f34cd3bc3487fbe4963b3

SHA512
7b0a856049249b1a4800a11efca8d309ec893940c4a586ce97b23f667e803bdd920b79fa9ec70a4689b0c0cdea39a6b99f572a766931e436a8f8bc3bff93afbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe573a3a.TMP

Filesize
120B

MD5
a9657ac09a3939cd90a75f656ca9f5af

SHA1
58623bad73ac8690982bf8031791c34278650c83

SHA256
a95a84949de29baf458e27c7f08c7ccfef0386acbda89d5925309bcd3faf48a8

SHA512
31b6f589f50478376b12b658ca40156b4d1d21b459c9ef3cfe1423d6ece7b65f841b77b9b76c1330da48c98b72b067927d54314d6d48ce57565d22ba8d46924f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b6a91b8b71687d15c623f8961c34a985

SHA1
68b8b9dbbe1f994e7ff0bc04cf2373a3d3c169b1

SHA256
6b15a0ec1963e04a591d309d93247125b3c357cd5b4eec7487fdea5a70f70cc8

SHA512
2a518146e8a3587c00958ee099bbcda5859a6d740461ef20074bc9f12a45a4e2487c9434321709ab3e440ab2512f38dc31713bee6d077cee00fcd0f1a84ef10d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578bd5.TMP

Filesize
48B

MD5
816e2734637f9ce8424d4cadfeee11f4

SHA1
f21af7016ad4276ae0dbe9c57f99483bf6e44015

SHA256
89b9212f6aa0f58571d9075445360b38f82662aca8f92f4dd043077985b23dad

SHA512
f2333a3557552535c6f424b0c47187d9128f57902d2f2d16b246383547ca721d51dd330b3ec8fc25901896a4a47da31da9fbe25f2005c8f40e43dddbac5cfc9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2140_1147446202\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2140_1147446202\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2140_210053351\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
ecbb842b16dc17406c3926e2da7f607d

SHA1
a019a0cfed087d39957732da63b25a8bdb500eea

SHA256
67a09965cb64520ac67de62e6a9bf30833a9e15407d7bc3b7abbf0390223b2cc

SHA512
9a18196aa4c11222c815014cf374ec63ef8b549eff247f4d2f76ec43b64750c864d2e5e1ba0206950ca887faabdab93c697e3d73a3e7f868641bdcb8bef3c67b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
86d93aa65318ab51a2aba9a93f7cd0f2

SHA1
dc02bf14f70184c92afe805f919b3c4ae759963d

SHA256
8cbdd0280722730754f8d5b4971794834e60d819a5925e689bc1fc2998c1a40c

SHA512
3ac20a584e622924f88f8fbf32956b5aa0bcffb70324d25fab90d46d5c28c498b4256c1ed9efc60e0faacbd69684af8250bc64cc73c586f1d8dfdb9df1a498b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
904f7ffa9da00e374b001a8e77f24be0

SHA1
78ce8ddc2b2731d4e6f03bc6578bbdb1f5d93791

SHA256
b3412b18bc99e7d967f53fe1a3edab510dbdeea79a8cf9d7be0b1c851ac9e87f

SHA512
bb5f34f571855ff9c8f50f5c85e429e7f82f6e0046d8064d4aaeecef3952c1797fb79a28e4fa01ac0609c1e902b9c809e23883f62ed9cb9e7157d2f9365eac91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
86d93aa65318ab51a2aba9a93f7cd0f2

SHA1
dc02bf14f70184c92afe805f919b3c4ae759963d

SHA256
8cbdd0280722730754f8d5b4971794834e60d819a5925e689bc1fc2998c1a40c

SHA512
3ac20a584e622924f88f8fbf32956b5aa0bcffb70324d25fab90d46d5c28c498b4256c1ed9efc60e0faacbd69684af8250bc64cc73c586f1d8dfdb9df1a498b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
2fdf1f06d3162ee4754aef086b565c1a

SHA1
41c5ca7b9c798015d1f420c592aa817877a932d1

SHA256
72852f04bdbc80382af47d77d0883e92b397f6c75b24b323c39aae722e3a798c

SHA512
c5201512a04d060fea43e9e59798becbe28075d8756443ea89a3e767cd7dfc8e36d9f849d17347184f053f0eaceb6136162a55433fb6f0ff3a199a52f160dc89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe579049.TMP

Filesize
98KB

MD5
7a44eac95e334f2f8929ddab8af8ff05

SHA1
db3fb42f64c9b775777b7f8f150ddf39ae9048b2

SHA256
ab758fc8c2bd1daf3141f8e1ba62b02c3a230556b748a745a887ce173b8a0b68

SHA512
fa6a860acc7d8428f7d44d6732cc7f1cc6eae71eb785699a2c84578c8080f7aa680440177dea0993b89dcddcd320a7871c9e75996ad64861a790beb9a42ea49c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
dbfc662304aa4236ac6c685fdd3ee597

SHA1
bee96b9256c93a35398a8c6a341da9470c6101c2

SHA256
dfd76fd8ae4d04c006729be160e7c23fe8e003e7094a54abf3a5aaee1a5c5590

SHA512
6730c50e8217e93d819b24a76af50ed9afeb34c73f32bcf65cca1bac139219c4897f7a43faa7a88909b32777420f47beb2a1ab23fad5886ef4da35226305c42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
ccc6a97a146ad62b749dbfce2f73da8e

SHA1
811c222573e6cf8dbdd225199f470751e553cf44

SHA256
8699ebbdca0e275face345da10e64cdd7430a66d9c684c1451ff00f4dc85a68a

SHA512
44b8c91b14c97f948ea3fd7cdaac7c79030b9d363e0f6b766e5c8c2f1df8391253b2ecd881d715f72cf44979e83e5b362aa44fb14a5315cfbb1862230d312455

Download Submit