e9c90334f08c75bbbb7f684becd4f6a02b2f96b119ff4b8ee9b14fbff17cd431

Analysis

max time kernel
61s
max time network
286s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

failedmpg-38202c.xml
Size

71KB
MD5

4f3e5b939d4a875edec1a39a577da67c
SHA1

d594785656951c39b92bad869c82f025b8d47fb2
SHA256

e9c90334f08c75bbbb7f684becd4f6a02b2f96b119ff4b8ee9b14fbff17cd431
SHA512

c8158cf28d0ef221c2be4acfdb43a0cb91719b05a4ab0045c63015e96ffba9fd995c4909ad21c392dd4e1aed8ccd2e0c9ba4ada75becb83262e8ee07c31ce8c5
SSDEEP

1536:ztszjKgFB6Fazb2FzFpjRutR8MD3CP+KH:zizegFBEa343jUtRBDy3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000affa9fd1711d441a16efe0b8e1f6f2f1096f4ef453f4b5add238ef49d47d3e6d000000000e800000000200002000000075dd7ba5529a26ffe4aed4478bf7abd510927639fd37926bc552dd25ab87abc990000000895ad6613ee772e591405d0cd93edca185a4b6e0c0f781875becaaf5ebb6b3144c4a79a40ec2ea6b771d84413cbfcf50a1bb635160363aa07cc9f5ec17b3ddfb5e41168752f72e77f70eaf86230cf7be8bb69b64fc3dba420198660b4f647c70fd8d8624ba67407f35195c8478f457c1c2d8b0ba744f3221bd23d7792e18ba7729c408565603fc68a07965c82e6334e940000000c9e4fd0ab3837c72152c70f57d3429fdf103f6e912993a97b0045151452733260a17a669ca7b9707b01392704101571f686de7a7fb3a4fdb8880130a238b5d4a	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30f41bd77c67da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01DE5551-D370-11EE-ACCC-D20227E6D795} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000c9a0fe844682f2ab54adfb67cd38cfc209fa4d3e7584e07e04d23273c67370b2000000000e80000000020000200000005dd1df4a4cc5264d5f38970bb519c746b601f0971c9b85a8252c0625cabfc4f6200000000787e4a9ecd0082a7886d0d149a6c66ee867840b90cf4d243a2b1a995353cad3400000000573bebded0e24ff8e118cbf420a563465b79a884203ac3b91656008cda7ebcf1dfeeef8650c5af96cb1c75a6ff4190bce59ff139272ee2e403085e3499c7739	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1940	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
920	chrome.exe
920	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1940	vlc.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe
Token: SeShutdownPrivilege	920	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
2492	IEXPLORE.EXE
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
1940	vlc.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe
920	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
1940	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 2940	1784	MSOXMLED.EXE	28
PID 1784 wrote to memory of 2940	1784	MSOXMLED.EXE	28
PID 1784 wrote to memory of 2940	1784	MSOXMLED.EXE	28
PID 1784 wrote to memory of 2940	1784	MSOXMLED.EXE	28
PID 2940 wrote to memory of 2492	2940	iexplore.exe	29
PID 2940 wrote to memory of 2492	2940	iexplore.exe	29
PID 2940 wrote to memory of 2492	2940	iexplore.exe	29
PID 2940 wrote to memory of 2492	2940	iexplore.exe	29
PID 2492 wrote to memory of 2664	2492	IEXPLORE.EXE	30
PID 2492 wrote to memory of 2664	2492	IEXPLORE.EXE	30
PID 2492 wrote to memory of 2664	2492	IEXPLORE.EXE	30
PID 2492 wrote to memory of 2664	2492	IEXPLORE.EXE	30
PID 920 wrote to memory of 872	920	chrome.exe	36
PID 920 wrote to memory of 872	920	chrome.exe	36
PID 920 wrote to memory of 872	920	chrome.exe	36
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2900	920	chrome.exe	38
PID 920 wrote to memory of 2432	920	chrome.exe	39
PID 920 wrote to memory of 2432	920	chrome.exe	39
PID 920 wrote to memory of 2432	920	chrome.exe	39
PID 920 wrote to memory of 1688	920	chrome.exe	40
PID 920 wrote to memory of 1688	920	chrome.exe	40
PID 920 wrote to memory of 1688	920	chrome.exe	40
PID 920 wrote to memory of 1688	920	chrome.exe	40
PID 920 wrote to memory of 1688	920	chrome.exe	40
PID 920 wrote to memory of 1688	920	chrome.exe	40
PID 920 wrote to memory of 1688	920	chrome.exe	40

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\failedmpg-38202c.xml"
1⤵
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2664

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\WaitSearch.aiff"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6cc9758,0x7fef6cc9768,0x7fef6cc9778
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:2
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2344 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2376 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2856 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:2
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2608 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4044 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1980 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2956 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2152 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2412 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3988 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1072 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4008 --field-trial-handle=1300,i,11828083577308171350,16128408132544439336,131072 /prefetch:8
  2⤵
  PID:2692

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1228

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1fc
1⤵
PID:3040

C:\Program Files\Microsoft Games\solitaire\solitaire.exe
"C:\Program Files\Microsoft Games\solitaire\solitaire.exe"
1⤵
PID:2108

C:\Windows\ehome\ehshell.exe
"C:\Windows\ehome\ehshell.exe"
1⤵
PID:1564
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 1252
  2⤵
  PID:2304

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GrantRemove.wma"
1⤵
PID:1260

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1460

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7f7283a00e84b815bad8b4d903b17a0

SHA1
4183473f34e3b0812f477db789c2f8fe85de03e3

SHA256
a9abbfd80c649800c2533e49bf0d3ddfc455e700b9e87d57cbc17ff67d4e6d11

SHA512
99124294b168304a6dbbf0cd37d3fff0bea1f3ef38c85531f02331369ee72f58eed3e45a1b887f621a192ea7575a02522d617984b692f8212eb04adaf1002c6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d881b9cd6675518952037d66d34aa687

SHA1
43e2722829b174e13580588f0fe9120d62636678

SHA256
6653f241c5125723ae2b788d9ababeb7ff6c32d8c87fe1bf0c64dfb025961f4c

SHA512
381fdc337b283aa14a21963a4a05011baa7f837e3babe6cdabb9b9a6c374445f06623b12d37cd70ec72dd03eabe096bb115d57101a4a64a014d5f61030f8a9d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
376cd1fd3f407cea10202768fb3d28de

SHA1
a7d04d0f5a14e7113c60450fad23c22dbfdaf2b8

SHA256
35850e214ab11a018bd95a335e68c474ab0e51e87940778de0d9b1d6d4d652db

SHA512
50e68071301f65544c66629e0c07de2b1ea11e1026953af84a99dae9943c7c2d8cca9ea483a56fb8033fa6b9509844c1e4ca06b7b26a42d82b1a8c7b46ec96b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec63d094077ed06c57c3672828e2d2f6

SHA1
84178a851f2104ed9cd893b7b151c856f49d9525

SHA256
4bac01e68681a4f62f0c4907ed2c658b0f6962c1475813fc0a5f1dfe4ec55654

SHA512
4410c0c276c4b75e4c80eba14edc649377d2bee0fc801ad1f5ce8d424da26775cf0dcfdc573deccec130881876069d4413d01b9a0f165ab6f9fda5827b3e523a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e97379cc4451706b958379aba0482942

SHA1
c17be417d5027cd4360ca517aef48311f0b40257

SHA256
76745bfa56273b3d13783d87b8a9593c53e0ab7a52f19c6b9bf1dbf84bd8661f

SHA512
27187be991b4b33405a2f8b491842d9da70e02f0458f46301fa2a6baae09cc3324eb780682e45dc44a9301a89b5fd9b37c75d80c889e72440743e501646cb029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ecd8ebd0d441c0b49b641fbcd5444d17

SHA1
75760164655f0e440880cfb868a10a01b67b6c90

SHA256
f46d8cdf1812d342e3b49ee242fdba78935d597ccdf86989d165e28696cf62b7

SHA512
99913f343bc9df93bcd6d789c4ddb2378e7f49778836e844bee55de79a98c39a9793331a22c2e6b6f171fd3289c77586a4e32b9d9bbcefd68a0029f6d11d2256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
105KB

MD5
70d0465662bce6e5fb92ba14c3210212

SHA1
0484e74d1da4aa8266a3623fce50180a283be6b5

SHA256
71225d03df0d009e0d3221ac9dad5e5815c96f3feb4236ec23505d2c263aea03

SHA512
0b53e6a9bc4a7ff3f5ff28d41d945f4f0b5bec7e31400cd31321e27e1a8250b559637d8b2356a7f030cc4edd3bf4b0cfea78c3aa9899fa8eac622837737e105b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
155KB

MD5
5f177d162be4c139cc7b8cf63e79f165

SHA1
85ea59f672c9e4216599b0f2409ee6f116a8f79f

SHA256
c8724c11154ebed856d9dfdfcb0051b934d2d136c5b284869aaadd697a6f25ce

SHA512
db37cb91829d680dbb2ffc5b2d77f75fa57f9144708925813594c181ab12a414c4711e0bd5e1f6d8374df9face1df77f91e2f0ba40d8b8044ce05f7ba059eec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
686KB

MD5
48e4dff99cffb82007dfd8f992f5e348

SHA1
90dc67fb63253525690c114fe92507a5643e5991

SHA256
c5f674f04d7c32f06e788322bad300754165011eb8e6b1664f284d7902360c00

SHA512
e46b3d6dc36f8b9d43ce9cf9afeafd40be21934426610d917ade7df7cc0230859a2bd967bfc17e73f93fb58910808ae26d290c68d12f08d5f31444be8b6a2e18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c26ae7d4c017c5c252fda0608c97f508

SHA1
c79ffacf2e3daf82a35fd4c5951d888fa2cec38d

SHA256
d0cf2a37bd8436b95cd3113316a4d201b4b2c3b2f8dbf131c0d58a6de5f761f9

SHA512
901f09de8b7c0461da8ec1e5de12045140d4be742b9601ba202edbbe28fc2d2c321afe532a9effb42bb7c45fb55bd2d1bc5ebe3aa2e4f5641fc840fecec55596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
479794bc0152bddc8369e25717a6f2d6

SHA1
7159617e55e973fb196f617d0156097cc751781d

SHA256
e627d2a8b330281da904f7c31d5a1ca94218b1c88298905dc455639756614bef

SHA512
efdb37b15f593e4997bf9bc00cba8cc640e7ad4962d33773a2ec9e2dc80be0587854e59b2c32e40bd785fb35167461c3856785fe9344e332411bc886dad3cc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
e201bc5370fd4eea8481cadcf49c6012

SHA1
dee4df1fa1179c8dcbd0b9de429171fad00cae3b

SHA256
3d7d6fd95ddcbfd3087d153f18e8082a325834afa42cf9442ca1d23aa0bab114

SHA512
ac67566621dab53f0d128a0894f959f192ac3b87adc121d08ee478b02a5671d8ba2cf4e8840b6b59b0fd3fc00ca208f885c665ccbb14f101b934ed7e173d11ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f413b1f738c266018ddc8987ff52ff0e

SHA1
d0079926dbc51255d26f58c6c385de0bd37a2a5a

SHA256
79bf2cd1bde1062e6126c2ba65d1d46d596f3b69255b978187f53289f970f03f

SHA512
e738212d15f3b543780870b0677e5526c04cdfe0eab9f7b24a9a935d4f89d7d47cff3e23a1246b892a3769b252a9d4b038ba8030d32a3094ee83ee8b9c249f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fde9e5e8dbe430ba847db81d8d37b7a0

SHA1
6c86111de1c3a825d778ce026e9a09b3f184baf9

SHA256
52eef4c63e9ba9b76d8c7237ea5ce3f7ecbfc234d269fafb723b01240f7771af

SHA512
a81e28d256c2528de6d2715828706175ca2af6bd7be479fba9c02a3f386de9df339d6124e0bcf9b1eb3fe22a75d4a769dd2748241672b34229748676c7a38fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
ea1e508ba9148284fe199b384748b9f8

SHA1
b58fbe965f02a7f66d484f41b1e7562b5834c32d

SHA256
c28f57b8d5be5d8496d83d12223bf79d3fb27eeae3f4db00ac9f62eb18f59c64

SHA512
227884179cf3dc0f9b9e232a55bd6739a401d496c3095a935bd2fefe7a913ce7debeba51719e85a96e56e2b8adad185d3002e6307346b2501154378a0cbf02f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
9ef8177aa584fd4fe178d8ba99a85dba

SHA1
8d953b7e1489e63c1f6c4a48696c8624bfa902ad

SHA256
79008e15bff09c068d92718fa4712da5b4cd9ddf02fda1beff405a0bda95721e

SHA512
e61c34ff63ec5eedb7c71f57e27898f022786a140261db55afabbb560ee6d4bbd577564fe8d61d56e04eb4c8b66dc2a7a62bd577cd7750032c90aef432a63dd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f013a32fe2db7e285a359093bc12437e

SHA1
4dc43b405359352cc414042dc00915cd8e3670b4

SHA256
2895695f6c90f6d896075855cdca1eaa6006a7ecf156beb8aaf5080c8b7608ad

SHA512
9de62d5cb92d44de980cfb5e5715623989c191e7ac1cbbfe32e85936609f19a805034e0477edac61d280178f387b308b6658bce1c2af2580b61ece10111f7644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2b993759c43ac4ac1148ee276a3f0746

SHA1
7784b24557a24ca2fbd652b8ecbeeddab9ae10fc

SHA256
65943c6f882316707956aad2c8606bd9801ad626ad6be43f1db2dc5083686f29

SHA512
96f217eae9240a31790a4a0bb072399962af809489485078a28e8c8b584a4c26ad348d1d95affeba603a39a3802b8001124c7e451f48ee9c03680250f61e94b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8d2ae8ee686a300fdf94d140431252a5

SHA1
2ef8152be6c09c336599d72d7401731eca9972b8

SHA256
15fdc45174563799acf88cc79175f9119cbe41b5f1b455814f93227428eb9062

SHA512
ccd592d20a7b8892987e8e450e6e6f4c62045652f5bbae72ee49b86ba3f3e3c3beb374924ffdfd20be659fb05704269c1a0315c9113b8b1d2b1dd56d2de92238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c9b102bb75f5dd11a8ede004efc15fd9

SHA1
84c6b25197d62f2cd7b84b3e3bf28ece1d567fcd

SHA256
c9fdf8608b90c29b9969ac90b967f4f57a02e285ebc800822754f72f11ae0a18

SHA512
46a8feabfce699efea69a989a208cf526cf7039e29bcd073ef780374a173c4d920caff6e73f5d61a3683bd91f969fdd0b24f0a53fbc07581d250a79fe6f9d2d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f2a2c9f86342e2705b5a18505ab6bf72

SHA1
03b85c821b9030991e4456b15bf47fdeedef71f4

SHA256
813fecae7489736bd246cf6a996ef7af0aba2f6b48e91259e1c36f5c051dbc34

SHA512
e75f3020107078b4f64e1903f8384dead8bf1b273f83102a3ec9ac2767632dbc9d7baafe2abaaba53f59443b4b985830f3443c59d032271f363976c174830b6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e257ef31bb91f16e2c65915d2d4275d3

SHA1
61e9aa5f9dcab5aab899d38763a7bc260b5d696b

SHA256
ced37fc99a29a80bd3e6febf4638a10598f7a104f71952ff4ca954f4fe4084f2

SHA512
db35c884d44678f179f13b827121c74bcb7790afdfad024e9ca61d74f6475d85214c653724002ff9a513802cf0a8a8ae86a024b498911a7c3748bb17515b52ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9cf7021d877ecefb04abc5498d6eba97

SHA1
caf5e4360e02c3eb07c679866da51c887f99179f

SHA256
b961e4382887cb0182d2bf35448414b8c00d327eab640b1216ba2577117db9ea

SHA512
62bcdd90b2f65aac7e829bd8874e0c4c3ca1b3707d42316bc5c39532b1d1967678e96bc653517d29a6aa753f065faf8ae383bd4459f38f0fca2310d7cc5f163b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9193d0d7065af556d47d9e5350b984fa

SHA1
ec0d3ea0249f61ac5aa51e968fbd88a075efca16

SHA256
3d75f933349ba1610848e6a90fbccfd4e597236f80c9ae074818de981e411112

SHA512
589e599e7cc386f6a041135960816383090ed8bd0f01e1651cfe2ad33c1929846f79584c45cb8ea4ed7a6862caaab21b5987b88b6287abe808bc24836e1cc410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
7463adf0561ccfa87aa807bfb97d7de2

SHA1
68d1f8ff7281f435e4f7b11546feb8eba6183381

SHA256
983d07e31e6ea760b96988f05e5468eebfc5caec3abd6c8416a0e3f6e9baaf3e

SHA512
7c5291c3466da512bf1bad68bfd2dde241885a5bda7a9313f5e0fb40626faf63392ffb1b02a5bb6c7f88b6a62655ac1988ae389d20ebf0027039a9b834bfd37b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
65cc3d6f7d8ef8191371c1e66a60ac7a

SHA1
806fa0cf0ffe3611f0934a3ab5f51033359552ea

SHA256
54814a01f27ee57c82a0ff8ccfc7347772a0783509a1fcdaefae78bbb7cb40e3

SHA512
a87e665e618269794b90b111d0d2b9347ba39fad60ee4345ec0486df1653e649efc10ce45ffaa3474420a0554ad84b799cd120978bdb6868aec2516e7e1e36ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
c13767119407d8d409882e030c7d4b87

SHA1
cac0a2e19fba66765abf2f2a92636b8aaf235256

SHA256
464bb2c6b541622fbc1d34300cfcd797776da0d4ebc75caabd4c03bf8a4f58fb

SHA512
db12600bbd502ce8b4a53402f936a1dba3397653f751931dd46899be73fba7be1044539d64e0052b286e9a461972d49985c2ab7c7696e3c28a4a54ff41c4709c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2c7dc410571ce0174aacadc43038b6e5

SHA1
85ee116fe08a36484291a267eff0b18e3f246138

SHA256
1068f5d91f91229fd8849bac78985ce7b96d2a5eb2325a61352bf2a191024f5d

SHA512
6efd7be1eac2ba6f840a114f61ef6156c1831616d3d6e7f693a9bf005757fbc55971f607176511340fdbabc07ebc7f7ff9093dcfd7a443493756bd38cbb6cd5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ba330187-47e6-4667-bfe1-d04cdd5bd68d.tmp

Filesize
257KB

MD5
bbfb8f2f216ebc102b9db8e5b1efa2fd

SHA1
7a22cf752b7dd1b62b073ceb011c04f6c863165f

SHA256
2ec9670fbe5bb93345c15ad0f55f7cd00920c6081f048af20876fba0ccee5d2c

SHA512
c6820c4cf027d269b85dddefae9d1484c5dafc4ef6a7c05bb89a2759649fa1142dffb7928ddab3d45996ade870c96b0a4837132809f37391320cb0488feb7b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}.gamestats

Filesize
2KB

MD5
a338c1bb5704e723487ef4f8d5d592f5

SHA1
9b6e89c7fdf4ed588a98b673dcc3073f85eaea5d

SHA256
c096f55238f36481b0e846e37004e813ea0b34ddbc7a94f0155fd64ed4dd5672

SHA512
ab62aac5a5fb6f599616d0998cb8011ca18c0631e42451958af89bcaa8db2b6e179651cb14c94f3f6868b0c8632a4048f8c9e6ba7ea6a31abb168e1362188952

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8B71.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8BA3.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF1AA51C3955B6D0DB.TMP

Filesize
16KB

MD5
2b807187d15dba99a8e473362852fb63

SHA1
581ed6864aedaf11a5911570829f25e3631ab578

SHA256
99c7a1c1673503b1e622da6c3ffbc7e51bd7de4a5dd52e18adcdefb3c4c12705

SHA512
4e699f2887af1ca56f6c6a5ca4fa8b6dce5771f4a140ac38c1e4a44f0b770edfde6503810c0504afc613e9d35c8060e7edff72675931cbafd7d45cb3edd3313e

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
701B

MD5
de06ef04f8a2c23941e0bff7c30805e8

SHA1
06cd6aae773729e36644d02aada552d0c9f9626a

SHA256
3abbaf7a582bf475cf25cb0de6bbc95dc64e5f40557ae99105292bf967f6e413

SHA512
ff1cc816ff01eaeda6c422dd15711eabff43d027db60e2a10f1e1d2851a37487b2ba2c56f7afb9171e32f454b61c4911564296d8ec2a859ffe9a3afe742c515a

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
93KB

MD5
478a4a09f4f74e97335cd4d5e9da7ab5

SHA1
3c4f1dc52a293f079095d0b0370428ec8e8f9315

SHA256
884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974

SHA512
e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

Download Submit
memory/1460-1319-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1564-1205-0x00000000022F0000-0x0000000002370000-memory.dmp

Filesize
512KB

Download
memory/1564-1212-0x00000000022F0000-0x0000000002370000-memory.dmp

Filesize
512KB

Download
memory/1564-1211-0x000007FEF58F0000-0x000007FEF628D000-memory.dmp

Filesize
9.6MB

Download
memory/1564-1208-0x00000000022F0000-0x0000000002370000-memory.dmp

Filesize
512KB

Download
memory/1564-1207-0x00000000022F0000-0x0000000002370000-memory.dmp

Filesize
512KB

Download
memory/1564-1204-0x000007FEF58F0000-0x000007FEF628D000-memory.dmp

Filesize
9.6MB

Download
memory/1564-1203-0x00000000022F0000-0x0000000002370000-memory.dmp

Filesize
512KB

Download
memory/1564-1202-0x000007FEF58F0000-0x000007FEF628D000-memory.dmp

Filesize
9.6MB

Download
memory/1940-473-0x000007FEF4A80000-0x000007FEF4AA4000-memory.dmp

Filesize
144KB

Download
memory/1940-468-0x000007FEF4B80000-0x000007FEF4BE7000-memory.dmp

Filesize
412KB

Download
memory/1940-497-0x000007FEF3FB0000-0x000007FEF404F000-memory.dmp

Filesize
636KB

Download
memory/1940-493-0x000007FEF40B0000-0x000007FEF4111000-memory.dmp

Filesize
388KB

Download
memory/1940-492-0x000007FEF4120000-0x000007FEF4131000-memory.dmp

Filesize
68KB

Download
memory/1940-491-0x000007FEF4140000-0x000007FEF4165000-memory.dmp

Filesize
148KB

Download
memory/1940-490-0x000007FEF4170000-0x000007FEF41A5000-memory.dmp

Filesize
212KB

Download
memory/1940-489-0x000007FEF41B0000-0x000007FEF42C2000-memory.dmp

Filesize
1.1MB

Download
memory/1940-498-0x000007FEF3F90000-0x000007FEF3FA1000-memory.dmp

Filesize
68KB

Download
memory/1940-499-0x000007FEF3E80000-0x000007FEF3F82000-memory.dmp

Filesize
1.0MB

Download
memory/1940-501-0x000007FEF3E40000-0x000007FEF3E51000-memory.dmp

Filesize
68KB

Download
memory/1940-500-0x000007FEF3E60000-0x000007FEF3E71000-memory.dmp

Filesize
68KB

Download
memory/1940-502-0x000007FEF3E20000-0x000007FEF3E31000-memory.dmp

Filesize
68KB

Download
memory/1940-503-0x000007FEF3E00000-0x000007FEF3E12000-memory.dmp

Filesize
72KB

Download
memory/1940-504-0x000007FEF3DE0000-0x000007FEF3DF8000-memory.dmp

Filesize
96KB

Download
memory/1940-505-0x000007FEF3DC0000-0x000007FEF3DD6000-memory.dmp

Filesize
88KB

Download
memory/1940-507-0x000007FEF3D70000-0x000007FEF3D82000-memory.dmp

Filesize
72KB

Download
memory/1940-506-0x000007FEF3D90000-0x000007FEF3DB9000-memory.dmp

Filesize
164KB

Download
memory/1940-508-0x000007FEF3D50000-0x000007FEF3D61000-memory.dmp

Filesize
68KB

Download
memory/1940-509-0x000007FEF3D30000-0x000007FEF3D41000-memory.dmp

Filesize
68KB

Download
memory/1940-496-0x000007FEF4050000-0x000007FEF4063000-memory.dmp

Filesize
76KB

Download
memory/1940-495-0x000007FEF4070000-0x000007FEF4082000-memory.dmp

Filesize
72KB

Download
memory/1940-488-0x000007FEF42D0000-0x000007FEF4501000-memory.dmp

Filesize
2.2MB

Download
memory/1940-487-0x000007FEF4510000-0x000007FEF4522000-memory.dmp

Filesize
72KB

Download
memory/1940-486-0x000007FEF4530000-0x000007FEF45C7000-memory.dmp

Filesize
604KB

Download
memory/1940-485-0x000007FEF45D0000-0x000007FEF45E1000-memory.dmp

Filesize
68KB

Download
memory/1940-484-0x000007FEF45F0000-0x000007FEF464C000-memory.dmp

Filesize
368KB

Download
memory/1940-483-0x000007FEF4650000-0x000007FEF4802000-memory.dmp

Filesize
1.7MB

Download
memory/1940-482-0x000007FEF4810000-0x000007FEF483C000-memory.dmp

Filesize
176KB

Download
memory/1940-481-0x000007FEF4840000-0x000007FEF497B000-memory.dmp

Filesize
1.2MB

Download
memory/1940-480-0x000007FEF4980000-0x000007FEF4992000-memory.dmp

Filesize
72KB

Download
memory/1940-479-0x000007FEF49A0000-0x000007FEF49B3000-memory.dmp

Filesize
76KB

Download
memory/1940-478-0x000007FEF49C0000-0x000007FEF49E1000-memory.dmp

Filesize
132KB

Download
memory/1940-475-0x000007FEF4A30000-0x000007FEF4A53000-memory.dmp

Filesize
140KB

Download
memory/1940-476-0x000007FEF4A10000-0x000007FEF4A21000-memory.dmp

Filesize
68KB

Download
memory/1940-477-0x000007FEF49F0000-0x000007FEF4A02000-memory.dmp

Filesize
72KB

Download
memory/1940-474-0x000007FEF4A60000-0x000007FEF4A77000-memory.dmp

Filesize
92KB

Download
memory/1940-472-0x000007FEF6610000-0x000007FEF6638000-memory.dmp

Filesize
160KB

Download
memory/1940-471-0x000007FEF4AB0000-0x000007FEF4B06000-memory.dmp

Filesize
344KB

Download
memory/1940-470-0x000007FEF6640000-0x000007FEF6651000-memory.dmp

Filesize
68KB

Download
memory/1940-469-0x000007FEF4B10000-0x000007FEF4B7F000-memory.dmp

Filesize
444KB

Download
memory/1940-494-0x000007FEF4090000-0x000007FEF40A1000-memory.dmp

Filesize
68KB

Download
memory/1940-467-0x000007FEF6660000-0x000007FEF6690000-memory.dmp

Filesize
192KB

Download
memory/1940-466-0x000007FEF6690000-0x000007FEF66A8000-memory.dmp

Filesize
96KB

Download
memory/1940-465-0x000007FEF66B0000-0x000007FEF66C1000-memory.dmp

Filesize
68KB

Download
memory/1940-464-0x000007FEF66D0000-0x000007FEF66EB000-memory.dmp

Filesize
108KB

Download
memory/1940-463-0x000007FEF66F0000-0x000007FEF6701000-memory.dmp

Filesize
68KB

Download
memory/1940-462-0x000007FEF6B40000-0x000007FEF6B51000-memory.dmp

Filesize
68KB

Download
memory/1940-461-0x000007FEF6B60000-0x000007FEF6B71000-memory.dmp

Filesize
68KB

Download
memory/1940-460-0x000007FEF6B80000-0x000007FEF6B98000-memory.dmp

Filesize
96KB

Download
memory/1940-459-0x000007FEF6BA0000-0x000007FEF6BC1000-memory.dmp

Filesize
132KB

Download
memory/1940-446-0x000000013F900000-0x000000013F9F8000-memory.dmp

Filesize
992KB

Download
memory/1940-447-0x000007FEF79B0000-0x000007FEF79E4000-memory.dmp

Filesize
208KB

Download
memory/1940-448-0x000007FEF5FD0000-0x000007FEF6284000-memory.dmp

Filesize
2.7MB

Download
memory/1940-449-0x000007FEFB2D0000-0x000007FEFB2E8000-memory.dmp

Filesize
96KB

Download
memory/1940-450-0x000007FEF7990000-0x000007FEF79A7000-memory.dmp

Filesize
92KB

Download
memory/1940-451-0x000007FEF7870000-0x000007FEF7881000-memory.dmp

Filesize
68KB

Download
memory/1940-452-0x000007FEF7850000-0x000007FEF7867000-memory.dmp

Filesize
92KB

Download
memory/1940-453-0x000007FEF7020000-0x000007FEF7031000-memory.dmp

Filesize
68KB

Download
memory/1940-454-0x000007FEF6C30000-0x000007FEF6C4D000-memory.dmp

Filesize
116KB

Download
memory/1940-455-0x000007FEF6C10000-0x000007FEF6C21000-memory.dmp

Filesize
68KB

Download
memory/1940-456-0x000007FEF4DF0000-0x000007FEF5E9B000-memory.dmp

Filesize
16.7MB

Download
memory/1940-457-0x000007FEF4BF0000-0x000007FEF4DF0000-memory.dmp

Filesize
2.0MB

Download
memory/1940-458-0x000007FEF6BD0000-0x000007FEF6C0F000-memory.dmp

Filesize
252KB

Download
memory/2108-1174-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/2108-1171-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/2108-1201-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2108-1183-0x000007FEF5C60000-0x000007FEF5D91000-memory.dmp

Filesize
1.2MB

Download
memory/2108-1179-0x0000000001D40000-0x0000000001D4A000-memory.dmp

Filesize
40KB

Download
memory/2108-1178-0x0000000001D40000-0x0000000001D4A000-memory.dmp

Filesize
40KB

Download
memory/2108-1176-0x0000000001D40000-0x0000000001D4A000-memory.dmp

Filesize
40KB

Download
memory/2108-1177-0x0000000001D40000-0x0000000001D4A000-memory.dmp

Filesize
40KB

Download
memory/2108-1188-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2108-1169-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2108-1189-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/2108-1173-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/2108-1172-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/2108-1175-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/2108-1170-0x0000000000370000-0x000000000037A000-memory.dmp

Filesize
40KB

Download
memory/2304-1210-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2900-1320-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download