9ff85afbedb0ca4eda40caa9f2ba2b1eb6f4333a2ee5db5e367510e1aa21dc94

Resubmissions

03/05/2024, 07:37

240503-jfxr7saa8w 8

23/04/2024, 05:52

240423-gkzfgsdh7s 6

Analysis

max time kernel
1495s
max time network
1496s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
03/05/2024, 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VID_20240423_075043.mp4
Size

1.2MB
MD5

47956933f351f921101e5886f423c0ec
SHA1

ce4e1f3f77b05dd462f305223dd7b99b221d1668
SHA256

9ff85afbedb0ca4eda40caa9f2ba2b1eb6f4333a2ee5db5e367510e1aa21dc94
SHA512

824ecbcfb74f4cb8da6751ed41b27a903f017519de0bd0ce68d0a8ade2fcf3000303f57dc8438d9d04fb3007ccd36399a885c1ac5401e47501a5efac629467da
SSDEEP

12288:2MH7meR/+LLn2mzr72A/eucx+LyIcTRcTol7B8NbZzPcJ2+dRDUlGnFHARpzO6l:Brlknh7NeXYjiB8NdLcJ1PhIpiE

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	unregmp2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\DontAsk = "2"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,22000,282"	unregmp2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\IsInstalled = "0"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Stubpath = "%SystemRoot%\\system32\\unregmp2.exe /ShowWMP"	unregmp2.exe

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	unregmp2.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Media Player\wmplayer.exe	unregmp2.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591954754841613"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\NeverDefault	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{A45AEC2B-549E-405F-AF3E-C6B03C4FDFBF}	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{17FC1A80-140E-4290-A64F-4A29A951A867}\ = "Open Media Sharing Handler"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\NeverDefault	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\image\ShellEx\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{A45AEC2B-549E-405F-AF3E-C6B03C4FDFBF}\ = "Toggle DMR Authorization Handler"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1230210488-3096403634-4129516247-1000\{D9F5635C-922C-4C94-AD08-5188B2AA3311}	wmplayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{17FC1A80-140E-4290-A64F-4A29A951A867}	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command	unregmp2.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
3116	chrome.exe
3116	chrome.exe
4836	chrome.exe
4836	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2148	unregmp2.exe
Token: SeCreatePagefilePrivilege	2148	unregmp2.exe
Token: SeShutdownPrivilege	356	wmplayer.exe
Token: SeCreatePagefilePrivilege	356	wmplayer.exe
Token: 33	5008	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5008	AUDIODG.EXE
Token: SeShutdownPrivilege	356	wmplayer.exe
Token: SeCreatePagefilePrivilege	356	wmplayer.exe
Token: SeShutdownPrivilege	356	wmplayer.exe
Token: SeCreatePagefilePrivilege	356	wmplayer.exe
Token: SeShutdownPrivilege	356	wmplayer.exe
Token: SeCreatePagefilePrivilege	356	wmplayer.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
356	wmplayer.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1680	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 4744	1472	wmplayer.exe	77
PID 1472 wrote to memory of 4744	1472	wmplayer.exe	77
PID 1472 wrote to memory of 4744	1472	wmplayer.exe	77
PID 1472 wrote to memory of 4952	1472	wmplayer.exe	78
PID 1472 wrote to memory of 4952	1472	wmplayer.exe	78
PID 1472 wrote to memory of 4952	1472	wmplayer.exe	78
PID 4952 wrote to memory of 2148	4952	unregmp2.exe	79
PID 4952 wrote to memory of 2148	4952	unregmp2.exe	79
PID 4744 wrote to memory of 2988	4744	setup_wm.exe	80
PID 4744 wrote to memory of 2988	4744	setup_wm.exe	80
PID 4744 wrote to memory of 2988	4744	setup_wm.exe	80
PID 2988 wrote to memory of 4484	2988	unregmp2.exe	81
PID 2988 wrote to memory of 4484	2988	unregmp2.exe	81
PID 4744 wrote to memory of 356	4744	setup_wm.exe	83
PID 4744 wrote to memory of 356	4744	setup_wm.exe	83
PID 4744 wrote to memory of 356	4744	setup_wm.exe	83
PID 2312 wrote to memory of 4872	2312	chrome.exe	91
PID 2312 wrote to memory of 4872	2312	chrome.exe	91
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 2324	2312	chrome.exe	92
PID 2312 wrote to memory of 1364	2312	chrome.exe	93
PID 2312 wrote to memory of 1364	2312	chrome.exe	93
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94
PID 2312 wrote to memory of 3456	2312	chrome.exe	94

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\VID_20240423_075043.mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\VID_20240423_075043.mp4"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4744
- - C:\Windows\SysWOW64\unregmp2.exe
    C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Windows\system32\unregmp2.exe
      "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
      4⤵
      Modifies Installed Components in the registry
      Drops desktop.ini file(s)
      Drops file in Program Files directory
      Modifies registry class
      PID:4484
- - C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\VID_20240423_075043.mp4"
    3⤵
    - Drops desktop.ini file(s)
    - Enumerates connected drives
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:356
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4952
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:2148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:4584

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5008

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffad495ab58,0x7ffad495ab68,0x7ffad495ab78
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1500 --field-trial-handle=1924,i,12234450377284101273,8812698556687442199,131072 /prefetch:2
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1924,i,12234450377284101273,8812698556687442199,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1924,i,12234450377284101273,8812698556687442199,131072 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1924,i,12234450377284101273,8812698556687442199,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1924,i,12234450377284101273,8812698556687442199,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4252 --field-trial-handle=1924,i,12234450377284101273,8812698556687442199,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3804 --field-trial-handle=1924,i,12234450377284101273,8812698556687442199,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1924,i,12234450377284101273,8812698556687442199,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1924,i,12234450377284101273,8812698556687442199,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1924,i,12234450377284101273,8812698556687442199,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1924,i,12234450377284101273,8812698556687442199,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1416
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff72e70ae48,0x7ff72e70ae58,0x7ff72e70ae68
    3⤵
    PID:2484

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffad495ab58,0x7ffad495ab68,0x7ffad495ab78
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:2
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1584 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:8
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4160 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2136 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4956 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4856 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5148 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5320 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1484 --field-trial-handle=1804,i,17453575333602310547,4786983078801714303,131072 /prefetch:1
  2⤵
  PID:3996

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:592

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004CC
1⤵
PID:4984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
52c4377d4eb6fb1aeeecd52d2d265568

SHA1
2613313111a37f17c078df0fcdfa03db3223f52f

SHA256
48b74550ab9e6bd4625807d3d1ea7201e07472d5662c567ccaad7a163826393f

SHA512
25cc30906cb0da1f877d6c58ef5ed0e23345dae5a2373448759b3e02245ccfa42c85cd78e15830fd68e3e4ee6f36da4f303d7065e47b5a656de59c08f797da07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
2782beb3be3de55651db598f68c7ecf2

SHA1
d2449825ed5a86d9d2fa9785e6f29f24b149327b

SHA256
8d9ff5c83bc870d733b24b8a0d7db94516d080bbd5747eae1a5f6ae6f15bce4a

SHA512
e9b51f91e27f36d954cf23351bab014a715485461ff40e9cd0bfbee8282d247ebe9ea966d036c85a08e71ff87b93f9d21d3add81f2d0b9422dbee37ed08b6010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
c2843572023933c0eafba4b5dcdf7dba

SHA1
1d524bbaf66f554517ebbecdb3d168534ebe9021

SHA256
973efe09267904ef00f4912cea104a82de2b5168b180ef2369c9420594cf8cc7

SHA512
66f0fb71e753c380e8270ca661a21bcc2b2ed1089672312d913f38ed0f5016072ebd0b80f311cc2379767e566850ab4ea79b243ea7f310c7969c222a75868af2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
3ad154d5eb3c952d89461304b736c14b

SHA1
e7b9ed66246ec766670e6c0d7a8db36daaef44ed

SHA256
c82490a8c00821bcf7e8b4c69dcc98e3e45708a323798e0a164dada2d47786f8

SHA512
1469d37f3dbfb491e93f7cb63eb0869afca8a501c36cbbc50f0c8b6631788738bea523db8410f94b18bf5993adc20d21a565ef63277467a0e2afecbacf3edd2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
ffcf3396764083423437c9bb0479d381

SHA1
fca21ddb5daa18e3ccf5e4305dbfc22c616ec7d1

SHA256
a06be6d6c9b045d17cb92b9197273e4b61308b3b308c1dcecee617e9ecec645b

SHA512
6527ff531183aff6602d31f8aebd8978934b1c53772f768cc41623108552597e6fcc38299637cdbc0612e2b5aee88686cc5d508a65d973e8411b81ab091f54e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
58KB

MD5
bc8ec6d0e3f746a78c43cf4f98312a02

SHA1
22a3fdaf7f8e3176fbcd24c760214736e78ac8dd

SHA256
bfd346deaeb1162c3c5d895c452e104f3824cc8e4d737ca78a4800d0f1c74b21

SHA512
5598235c508347c310348c3fabed174c39f639e4ba3513f4419332aa5d4fa4e925945eeb0f4b56bed923b84504d3aed5d5f5d70e27406a194fdbdb3f5c10cfc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000106

Filesize
16KB

MD5
f7760ab0d394252c74457fb03e60b443

SHA1
eded4ce53d7014e27d102c4cff1288e90885f4b5

SHA256
dc78f5df6729ec450bc7a794fe46cbb1a0b05dd6c0678aed2d7bac4efcfff0c7

SHA512
9c8843f3e3bc2f032fa73ab505bd7d230014e898d52056c51e4d28154d3f2a461dfdc0f84fda1c916c1f8598455fc1c668a02522b3ef660614a506c29a351a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6ee26b73e0c0d0d9_0

Filesize
264B

MD5
81389a7491bc024793606ca2fbc9d56c

SHA1
64911d90b48520e3801fd8feff6d47aa73ae9bb3

SHA256
f793dd5c0443f9e62bdf8a6b52efd1f4025e1a22675d6cf928a9bbfbc38ea855

SHA512
4abece8085a8c23b7849bb18a206988b120bbf435bab286169a4108e7af3023120283ffca0691f006e4bc5d7271701dfc01a9b14a09c0152c924ddf5f9d19ec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
09688aad9063afdf3f8b836bd530be0b

SHA1
9ce36a77b6560631a87db243cbbc4e13df579adc

SHA256
1f91bb52f1de3f58d1293516bb48e4aaad19fd4ed5f207cdce28e83516174b4b

SHA512
bbbd9d791bae74dfd87efb37a4e596209edcb7bd45e620cd914c6e14275769e4ade1f24943f5f8b112e5e23b49fcc57b44241da95e246d9c3ffcce6275376338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8ce02ee2f115b3ae08ac82a9dfc5ab9f

SHA1
315aeffdc47a9edc98cdb1663d672031c59d6c0f

SHA256
7501fe5c8f6a04a0ec39998db4f82abeb38ce407061d859fe3ccb6e219b18eda

SHA512
0576e61207ce89e610805d747e795cdfc79617f63647ba4f4859cae957b7f015f094ee8fffe36828ac20324c7c5d4644c594e9a3fa4a4a665c1018561ee94233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3a62731f921e389187e0549a462dff81

SHA1
7b26351938136f49dde7a592b708dd59473cde33

SHA256
7f7e3c17e84f61bdb575e4b34211cea4f3d67f244cce528a95f4ce4b18570001

SHA512
be6b16bc77d163c8ab3e0941149df7bb7e3cffeb3772dcc86613e82069a9df0a068a1aabb3530870fae2cea4f03da392cef8c344cc92c862175187f156b24094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
1320da4e33cad9d8f3514d60411b199c

SHA1
2e82f128dc7947f2a6b8b546d1321fb6960276c2

SHA256
4b8aa0409374ba9878abc782b2cd5a6b45fd8a495c7e7ada5ae1ee37020f1a76

SHA512
a773a6460b9d01ff4e017087103d5b16f85d01cfe66da8da3896ce0f944fecc187d5bf25468f258d346daa84a01740de1990a4cf33cdfc584cfb9662af810e9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
ff8a38ed75e5f71f419319fe37cba8e1

SHA1
6026c3e15ddbfe11e0ad10f307e3893c1be2445e

SHA256
25ecbc91462277c9c2b706be0b4b21bc42eb0bbe33a26598c7c58bd70fa4af6e

SHA512
99631329894116fca779075e471d42dd4224e66f02b12582408b13c372ed8e5ca155c4d3f58a8e0613318183c05fae710cb1b38db571d081be4ab0db634fa87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
ce1d41c7cf0b4c5e8de3482c00cf6228

SHA1
15817d1f7b8a2ec37c0e77998fa84b7eb9ee4bed

SHA256
f7da2c0de3b218f38fadf4ba0d69f51baccb60e6b893d1099780573f71534e62

SHA512
9a769f83b0f78d1140839be00340ebbf142f37f17073ef3aa831241a43dc232f93fa41a211868354b1b67598702441084b8936314bcdf6bb5176e06ea6db4f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7d81b787e8fbb1ce8263ea028ba400eb

SHA1
5549fe4c845c90b81d3b7b0f4dcce18adf03ccc0

SHA256
b2e3143022e317549f169fb9c19578576ad02d0a48630235a7c149af41080943

SHA512
36491a55c6115c62e74fc4705384caa36736ae0f143062e38baca938ba4bed96268c6d8defff8f965be66d3bdbb4ad3e8977628256c17f0fcaac415f58918214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2863165a942f7f483c22a1f2946009c0

SHA1
7f7af1e559e23bfd6759db740ee20b359cba8149

SHA256
2713ebd934aa6a166e2d20b11e014fcc9ff21c2e0b94b37a1d00bf04ee3afbf5

SHA512
1b28b283c27b5a1f9ba6afbf676e638a9e9b2e28374186cdb5c92976008057825d43ec2ac197d844852c25c722caa792db1bb6d2e5e2f2208f70f8bec7136b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
1252a6496b890ffbdc9475a6a6be52bf

SHA1
6ad3c6f32dbf7bd7e5bfb8562b17da795dec0040

SHA256
f51f55dd25e9cd7226e4f667ab26534d2cf2c0c1dc3ec3f10a7ae6b5cd8280ea

SHA512
768f2c15609f057436548959eddc9f34ce85e5431406238194ef32ad281f49844df14da24265e3f420040865ec7dad5817e545cd24edf0835d6c2f27f4262ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
543d736a1a08ab870246d16f9725e7c8

SHA1
3a0eafcc490505486e6fe204bb0486d5bef9a79e

SHA256
733337b89cd98fb03dab4a358e2ac8181232934f4f51c2a2891b954f862e7448

SHA512
ffa4929ada7a2a3115403f233b28fa96c69fc50ea9f589f98dffcea314c72d89981690b60770953dbfe17e67cfb98e1b703186455d326be378e858b7527e9d3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
94cb0f5a8223e9d2227bf20cc7618438

SHA1
b7b41704754f0ec9577fd8d47bec1e26f103877e

SHA256
966660c1b32ea9aa8926b4c05dbbc494c379efe801ee5725738ea455b9b234b1

SHA512
a42d08dead58920be292f003214ba131e3ec8bfa01a21a32e65dca4f151eb3e83a8d93bca1da5155cf1c1f00756fe6966a8980d2badf4488dfe1b27700f9b6eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
4783e5da9fad3ad3f42ce9a1094afe59

SHA1
22a363e13545ad6d388903aa80426c204f594831

SHA256
dcf1aac38973ee97d738aea7d2f6e772045e582e2f376693fe4a99c0796b48a8

SHA512
b880f2f9821d35609ebdf8da74e97052a8ba8b435022de2bba4221b0f7b7957c208f9ff206a70ed9cafa0589803b2eb7f04f23e9e38c7e31642eda70ca278ce4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
b4547de519ec9a7cc53035a7effbe8b3

SHA1
fe6bacb0983e2b4ee91d3a9989ab1dd2b0e52b33

SHA256
0ee8a53ef538472a62a04043e45a8f698bad745ec5fcdd589bdaf14ed6fc0407

SHA512
e05d72be740261c5bcb39a098f4370271f773ca537236d7f11f8dbedbfb39188b135f446d00875814b37bcff3fdfd32984fa5f590001fb0723abd87f804a47b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
5571529cea3bb78ad40863457d911dd8

SHA1
422ffd32e3a67c269af4104baa92cf296ef02b01

SHA256
9af31dd856dee7befa387076fbf317aabfe2ae10e47168383b31e50c42ad1b66

SHA512
7a33c9b5ab68b0eb8f948b76ef3e5129a6b660d812314904fc23ea600f86f3bdcce6307b07a7cb3d7509a9a05cd13f372fec90a1a6a04123da0022b5481bc27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
bacf9cadf76aeaa56d0f018ecde308e7

SHA1
888bdad1ffab95c2604ce7dd64b53a443345c7d3

SHA256
595d3044fc3497398af5b7a580693e2c731c8b1f323fa56b37c521d3c1e8ae9f

SHA512
00a04ee5dbab9d8d0979701cb7be605c4f3d0e23e6818573500bd6d1684397f7d68f353990f1d9fd5b5c7096a5e335b5ab884d476e1f82811e1e6fc3500acfb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
69e9191a7c590c12941269a62a7152db

SHA1
439e9831b84e7d2b49434dd164bbc74195c61500

SHA256
9e30509319b7c06d0888aad866aaa8ed748c910ad633f917d9c1082d762ba125

SHA512
be31303026ae38e8067763a7f071e26c10dfae6c2cea24c364ef198901acaa4fbe5edec47ff50a2b839681ac95cb011a8e68cba2bffa32ff75198dbf01d92af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ced706f5b0a9fc71f480f4c6c31210be

SHA1
1a21305e30fb9e18074100fced440d1fb313febe

SHA256
f540508a208a2c65c60e5b414536bcd39591897a1e65b8b6e5b89dc444656717

SHA512
a770d71a315c512deb1e8f7cb5d547b636c1f10c8c8e56a19d009084624170164bd434b52315aa1a3738697b563f6c5dc5a9f5d094989a54305f23a5abdd8af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d95da0879f1542b94a2e5bd1dad1cdcf

SHA1
3016ff92f396b1d2a07eaa8516b33a88f92ba3bf

SHA256
c6582b3fd2c356f3f1c23428c636adc3fdee652795c6ef36e3337240e25c49ea

SHA512
374ff49db681b170b7322677f58494fba8557bf0aa517a81cefa019b0b3a43e0f03b9a454059559a611f2da7efd437c5d34f837423a3a9addc85e80f07c8a1c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a046e7737ad0f1f0a5f534c181507ced

SHA1
6a9611305033a36b0dc84d06fa4ab57a97f9900f

SHA256
0a7aa88856837c72986093b596aaea0807949226de903edcbfcbb4d46dd64e2c

SHA512
a5c1ba6e9fe160968f3e36bba4507d6a484477ec6f8e59a2f4fee8ef23baeec1a6aceb94e3bc695ba6e6c4f98c81b4bf2db817d5491c32ac3b6dc0eaac4d653a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
62132b380a1f2ca3916d71bfa07e8c7a

SHA1
5230ce1cd2975ebd2071cb8fd115356f4d10f95a

SHA256
fc874d314d0c518afecf24a98f8945153c03401994c08fd1f6a5aea61c22b4ad

SHA512
cb7fccdeaf4a1a9040353af867f20d0cafe58d6959d6fe8f496d31e01c1ca14a808f3d64bedeeab4d4347c13d7802f28fba14c4b769baace07ccd7941e2c569d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
5db9d0a5ce0543006967258d31504428

SHA1
6e72b7cb90e286b885960decb21845e83ed0c516

SHA256
539b62a6eaa8887f2203529379db2dcf5582bd26bad40b8920ff798b5cfb0062

SHA512
6e956e0692370a2efcd4bf1ba092581d19c647be7934638c5ee2bb43db9d29a9be7e7e941b7662860813822ddfbd2f029fc566184976741cbd03c38eba53d00e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5d70fdbda4a8a476d53a5630ee9cefeb

SHA1
371429e8e02b60a45f8a2baa1e3536138bd95ed2

SHA256
721af4bd3828197522bb287a3106166c32aed346525e78bbe128c3474d524625

SHA512
81056fcfa757ca9099552ea92ab379f1efbc9a502261fffcb809ffd2d8d73dcbbee1c57cbe59007538e8fd676f5d2e4bca3a3979ad0038c32496b3c87c6424e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
331B

MD5
b7838a44e6483052ad4b16ef91a67b54

SHA1
95d1f00490c538dfa83e0845bf644e1c567e399f

SHA256
766bb3ba2b95732b8e5e6ab8be41a1a0f8da05d86ec38fb09b735b50afd10e71

SHA512
aff86ae5dd787eb42c87d65ac94636eb17895ef3efaad0de03002d18638e6642eaf1db8b5f4411edd99c78d7915f5839f715334ee39d667bf91980b0dcfbbe26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
61e5c531bd5eec88e8ab3b7f31092834

SHA1
656409d8d0d0b815e0781bb50c0d15426a463b53

SHA256
a025dc4990771fde649bbd13b17c90ea7bd70a9ab23f99c0804e1fba19f7db46

SHA512
f93e0183ae1c6ecb8a9609e9f1734a68da107841d8a6cea7f5b38fceda1cacddccd629d4a949c21dbe1bdd883ca5318622741b8118585acabd9b728f3265e09a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
25e070d32478ae95dcc8709f2f2243be

SHA1
c5a01e8f144d55fa113e8bc6ac43f41918a14f98

SHA256
82186522258a7e097aa09c4dcd872f73822920ec73b9bb294902ce3caf4cb0db

SHA512
8f17ef79616f0ec565e401db1116d1e3566a1d14da15e28d58d020754dea03cbdacdb82d6c1a2f7cafa10de57f5c33ea4e40c0e0c46562278f78817b2b4070c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5a2bceda739ac9a5b2bf8b030ed0283

SHA1
58a373b8316dff9982325bb9cb80bcc3649a6ae7

SHA256
4a2b35f895a3f9169fe90a70623e8bbc35f3a33b5aeaf3a5b7cb9329fa3518e6

SHA512
8a04476b06c733546fc81ea4d7f81dd843d6bb9b88b5635f39313edb4c0fb2a50098d637e1aa20765a922f280f90846cb54cc7aafd8bf0ac2b4f368fa55162d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
22898ac88473f8196ec8d1422ccb004c

SHA1
b52b663ed37afc4532a5f6856097f0486f00b29b

SHA256
79d3b964b742a6852f6f7b5e6aca73d36b31772fc952d596ecbafb420725b8b0

SHA512
51a26230b223cab6909d82d5b8cfb2e3734a7e7970c3f25fbf2838ba3f2a44a14ddd8d59b79a539ad9020a9c40d851d549cdf7e0739a41c37c67d4495837308e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
851809b83159a2bd19ad90f3a4c3960d

SHA1
adbb9cc712553d520d9e9c04ab8d7deb7818223d

SHA256
5087e3f85770ae0b2d089a0193fc3e8c228c610b2e797dd65ec9ccae698c9df7

SHA512
14dab084bdd0f86af1fbfa9e4e6d1cc837112e112a3219e23c4dba9c521cf875ba872ae8c7167e41e7cb8168803e4c2af40733a4dc03a7a2bb4af92e9f17dc18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e5472f4e9f3af1685e400835588e8d3e

SHA1
e06e1a2c1f5943165aee49ac0de2c7d92cf407ed

SHA256
5406f07ccfe1fd8dca923686641248f9eca340ebb4a5529fdcd6b56e4dfaeb1a

SHA512
4918aa06328be4e4dfb8eb2b139f836101d90b81cc3cc586d6eb15ad8d5d398cbc32a3930b4e8683f88b2d07f9bf5d7780a97d94632ec6808b80c6be9ab845c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
4253b10103222c3b33b40684648aff49

SHA1
0247c802894c1ffefe511a5db0c173409f13feac

SHA256
b970554581457593e1f142c4b750ba13f4db49fc23cbbe1a8d9da4c4be3f67a0

SHA512
6054d456758fcaff278da27fc265a012f8230ac631ab66fa3ab5c61b4e2ee06de47ea0e0968a72b1a054384d21c13616124a358c1b9b190929388aca0dae4966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
1e0aaa130703f2066b0f54fc2e4bce08

SHA1
0bc4913bb102fe18f8c2a851b54b685837545b74

SHA256
294e738d2aecd1989b8a3fb6a3f2c39325b9cc0cb0239d4778c215c7c1b9ff53

SHA512
f20b5b7c8c8c72b4eccc4d24b425d09885d9e6a73fef66a701ce4d425bfb8bc144d517ef415dd9ab827dd61e532b2b87a80a872e8ed94b25e643dbf9b6ea5054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
213B

MD5
046cc08d163fc4578cd1b77a5d0965ac

SHA1
92f503e605c30974baf385f1619f1269b81dec57

SHA256
693a60684aa9ff4f01cb6027e9c938f4701c0c898afc224a0776cb1e18e87166

SHA512
e8b1df36a237bcbbad897146ca247edf75466b2a4030fec620c46932b5c31137f2931cd2758534e4308aed3fb9cc40edf2d7646a38530bcc5e6d7069c19a3b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
135cc18240c56b11f3d04319b03dd71f

SHA1
239e2cfbe97d09ea353ff563b7d241577fd030b5

SHA256
5d57336f87e56f554a1faf62efb1b16069de920cae02a175ce2f2fbeeab03627

SHA512
95f46b9851f23cf346c47c3d37c308010ff164aabff38e6dfc3d363e732856e8bcb5478e381ef92aaa0c1ac985f176eec1ffdf0f29fa9c7050a1a88a0ece6af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13359195474552222

Filesize
2KB

MD5
657c4b95314e1965a216acfd32ce7a2f

SHA1
4fdd70efcd9e6b546f33c4821999e64720730e45

SHA256
997a3f6fa7d9c2c1f25a06978f387bd8c9c96215c12acf5efcb130db441e21cc

SHA512
ec0aac1df3c02b1a0385f9394adcb26db6b8c1c9b48fd324b7dd39559e8d47c8fec0e9805656b5695de1a35e11d7d791caf8a7b181dda5be84470c0bf8202ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
0d93d13d9e805a776153fc570f1951d2

SHA1
8c21d38ead69ae061e27cb9382aa25e36edf3fd2

SHA256
71c675bf5fcb3f69c6c5261e14632df494a824bd7faf3e448d385db8002ed64d

SHA512
09389cf7fa8030f247a53bb8fce2b83230a1b7c691cbe0e60f8c640589a2b612d28c611f56702bd79107ea311182bbdab10709484fd2bf6f5f61bca7fcc56ef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
53f3a104e7c8eb105487e2f0ffee0146

SHA1
5fc9d38b4554b80649cbb4fa07d02dc37d724881

SHA256
c982630bfdd055ea1a54863d494909854a026758fa78b88dd486cc25b44566c6

SHA512
1f93a7319d875ff8c2c44d398633ab4b3d0eff97704924675280e454730a5765f77604b72a82c2d13724fea3aa174ee6d3fde8c353d9311a66533be2cde7039b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
5209e59300df0632866b7a18f767a90b

SHA1
ff62ebe047dee2c54a4b2f220a4057fc11861651

SHA256
63edf3b7e462a22c34b537bf3f897380cea24c5a0ab0897fbbf8b824d24d2a27

SHA512
5d187d72e4583f8043d8a1c84ddebd159bfe5582d76b8a6e9329d93de99548f0de3e43683e3d577f92e99af56915b59a33a115334a9a12930dd3627c1df122c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
44KB

MD5
20c5cce6a1f1e628c5e4420d7f015530

SHA1
69ffae8777d68bea3fe2bc3f26766ef40cd14476

SHA256
e51f11fd2f002756689ab48f7091dfaf8ac67d887477ad13e4e567fa5b1edd21

SHA512
30e739acd770e610736f0e94582fe45a83da76d0559a7a380fe7640f6dc112a2ef1c4c8f7dc6b6181ad25eef19dbdde64921f3d755300f6f25de6bcb93509aa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
a566f78570675b76430988c95c210558

SHA1
9c5f254f9c037951d531c503d27e415041f639ad

SHA256
44f9c8167674e4c12cf283722b1989241aed3f21abacb67fc82606a4902196ef

SHA512
995edefcb22c990da40356ae144736450a244c666e0758e03840e4d359e830d3e70772797356b73b4c97e3fd9b160add4fd5380c44ccb22a6ab6baf295345047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
6832e4ff299b1719284096ccc01610ba

SHA1
7feeef8936b534c0e1810df63525e68fd222061f

SHA256
5a35bee2eebd00e8848064c17ad8ec6f46d6191263b50eba642971ebb86f4ec7

SHA512
9471852549571a6389323e7a5d89416f81cbde7fa9aa96123a4a3b15445ff346d2ebe1e5ed4004ec5a959da7d36053e573fcaed0f2398d2c7b806a5323952b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
e464969711b8551c8007df4865994ded

SHA1
98d7fb13e58e35a1cccd0b7753665752cb01b583

SHA256
a7aee7831dc2efa383a57029315c07dfc4605b82227a8856986c2dd75cc79733

SHA512
486db03121cb8c560b54cfc9668735a88879738c1f485fb0ac9a02445560e2d78f098d18172394e2c2863b77f400c274dfcd7b0e5e0a5a3d0a6dab3d0d6508a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
918B

MD5
b2d1487324ed1679f4d35fa44bf6590a

SHA1
b95d7e209d699cce9b38bd419347e1add658c37d

SHA256
adfd760b8540d52400204bec84ee836bfb7357dca71aaa5ee41f823cf2c658e7

SHA512
b3e8e0ead7b0247d214246556fa4629bf58a84f943294e758ded6f09cd7bee92afff2c049a10a11232ab763abf4da3816578a86764123dc87460a8bc5b9cb064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
ea17de7a18ab0d074aedd06fc8e0cd84

SHA1
5607657b29809f249605322c89f2052e6093712a

SHA256
41ace96c715e8cebfd6dea282858b3ea4a391aef34908b2f5fab19713e824a03

SHA512
7564cbfdc9de18a4c11c3b77cdbd50c2462de8dc459de42c1059549d58e4245e9fb523a87f72aaa285a93773e4ffe4ec5a7f1e1a398f66384736a5319aa4ecb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
1ad1ba2c19eb30c2df70d4b5a930eac0

SHA1
e61092d79c575d32300581a82312d4fe4c4c11b1

SHA256
a82d73a26e8c65b3ec1949b8ee9d824b3cbe5a0b51d4357107359a059178b0e9

SHA512
4213ae9c9de1be7310820802e487870950b9ffb0131f14a49008d27b750abf3bdc9b65a09e1b8e2267caa69b3d260d2e732c0cb3dd3e81b8e9b1c81ca805a273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f731d2b93e5384a33d2c0ff2877e6f28

SHA1
a98934cc49e938d7ef5895b8d657472fedd14d3d

SHA256
1a91b1ebf199c9a5c97a68932f508f10724cbe6420166e9375e8d025a9ad75f7

SHA512
b2b35a6f088bdb792bc281190d1cc731c0bba7ecda84354c5f5d2b7fe437163247f554534b2f9efdd10803485534bdb88859e52b9a1ca14196dcf6f18d6c5aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
19a1cbf431798d9aa08214fe079db5b4

SHA1
beea328a87e3bc8c9ec2ea6af95026f59048833f

SHA256
9f12ef04082135a42dbe8db2090f36a63924ae141708d25c10b5c9694685a956

SHA512
054878e87735c77b3aeb3d5620e04ed5dbc7ccf7e719b902f702251a06ddf472a8c533206fb1ca3f14881e0a83493c6968d2c4270e80688d27b3bc3283312e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
b6430dabdd89420c7ad855f69192987a

SHA1
0e7c00241708da22d58324f8469ccfcbac36ab99

SHA256
88609b8ef74c7df98cd133cdd8e97d26ac5162818c6047cfe5ca57808d16a82d

SHA512
23466438d7c7f54fe06f08fceee1a545432b65981fd269dc1e8bff006eb478ce737072c3ae714a23f5d7de6a14f9ddfd8aa60806b6a9de8e3c63a200065553ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
ac45ae649403c67d5c0d382a00fbbb74

SHA1
489476267e63466bc29881b444e956dbb94c1f15

SHA256
e03e180e932b25507394820eedb07c1fefe8d1fe7ca52e54b0c89139450cad96

SHA512
15f494b13bf46532d3df838bf43106705277d44744622bd54da7c89aa30ea144a96b7db337b0ae339f99dfeb2bf67ccc0e9502ffdcc12aeaa38ffdd4fa960bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
67c6a032c44e041e509a707ca7ed332b

SHA1
55d429f6c9c6500f6fe2a4a7032610672cd0b435

SHA256
7bdb812183377c224dd352ea0167cecdc219fba5359b10c61593d574a3c7331f

SHA512
898121ab668c0401b146459895a6114a7817be42dbe9d7a1bdf9c1b64e9d9c2769263e4687b58c204cf31b8dbee820f4d440e5167fd62d665b2e61142c2698db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
a4bb1fd25561c339c3f196a28f531152

SHA1
ffcd3f1114aeb77ab82cc6530ddf901390a594f0

SHA256
c03a4f1de121f99baa382b5119fd9233e4219db3d7b11e36f2e507c277cd0420

SHA512
7dff377e39661040f759c0e26881df1f7b4f0b9ef334e45f4a9802da8c9bc63df868b311c0e1fb0ecf8d9d57f69b31242618ff4bd7442cc6833e691dfb43a915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
50a3b095b7a7016a5707306c646603ff

SHA1
d4881e6d97547b2f3b7c166259bacf7980cf3d6e

SHA256
3bfc8e7803b00887ce62d319ca159fcc8e22f0c2bab3bc1cbe8b8338a9f6609c

SHA512
a6361f59e0d5327caff0160dd01efc6f7592b2bf1cfebda6f2f78de2acd22c5f2b2c26bd92165c9d1149c79aeb8e1dd96862c9d0a4eefc5d324f9b9bf412c490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe6cf8d1.TMP

Filesize
82KB

MD5
e0531a209ebd30dc31fa9f67c8e4b943

SHA1
ae6255c20a99f458be3fb0191dde62be375c7bf3

SHA256
049e0fb7bc7e99fb1f56d4dc1258f1ddb6ace78d2b1eee343667f66b068426e2

SHA512
d212e90ef67366e6e22034f389026062c5a6278159b9c8735fbb84d39d0902077fc44c91b13d8e74645c8df526b346caddc5694239c6be298d48e77ed68a63e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
3B

MD5
db720b90a30ed146e74f080ffeac6e53

SHA1
73fb69e391ad8cff0849ba14bd67790915a92ce7

SHA256
0a9548a6a77b407392da69492275d84951dd451e29c71f509e0003d2f5598be6

SHA512
5d4a3767d728c9f7e5fd67900cf084e26dd6194de58ae61a17d6c97c12d01dba6d4c2bc421e1aee0857b0f2e8963d4a2d54bf1d10ae9ee42a1c442a93366c194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
384KB

MD5
9b39c8547503a0fdecd29c6ee70cef52

SHA1
e7449059220cd65a69f5002bb6ef24aca23e9d8b

SHA256
4ee3ec0ebaa01d5d91d526b47b550218816424b6c854e4efcd9284a769ef271a

SHA512
c280f5c0fbf1bc423e1c5885f5a04d38393148487016f34c1ad8a051131ed763892ec6e3ef530e6bf037f9253a2833ea3910f6df3f4bc0d6b1d35c8fe4b117ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
d58a20a8255edca1b5cda95518dadb12

SHA1
eab3c7471c115ee9596dbc8ac4a5c1fd66304f6b

SHA256
f2955a6bcacc52777724d35a6fed586a4d6a2b5c26e490d1caeb0ef3eb72159d

SHA512
09b76174bfb0a75abb24fb59bbfe7e64a49f20a47b3c9812a371dde403b160a6555cf7ea14192fa7152803c426de5dc33fa1f61fbb8c5e4420d89692a7f8c060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
a29ef9dfd41914c8f91c30285a17774c

SHA1
a2eac264517aec6810b5f048cebc6885427e758c

SHA256
a42fd2ae2c7c439d9231a453dd4ef9820c05d25d6a294e6b9cb8af4d498cb3ec

SHA512
86fb3a40c8ceb3c225e862edb56980b2589bf2aa0f5f728e4861859905ed1e51654ac8d4b77d722d8a551dea26edaf1de289086ebcd112c3acbbc0984576e165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
e91ba7113b9ee73bf73cfbf795374b4f

SHA1
beef122500329c4babf0903b183e7ecc933a234a

SHA256
71d02f8625c90f7c9499fcbc6f2335fbacf9a5fdc58b475e0ffde696de5a9c98

SHA512
7c7644a911b218d20300a51c288182312bf57e48c78faf1791c0f710451bd907721d64f3f6d26a0cac77fa7ed088b0bc084d272f4416299122adbec9896586e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
342b0add92fc9b2c1791c193ae1d7450

SHA1
0f71abd31870e00537f5392a269dbf7bf68fb6d5

SHA256
e9793f408b931f69942787ec9d744bd138d91ace8563be244a3a95f308c79729

SHA512
4104a5b70b070abb6100973abfe0e317c11594cdd604b28a041a843f467179bd7cf188c8c56ad4e652bfd32c9050e52a7458c7b3eceddfd6d28ea8553f1d6ff6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
5e236a9d64bd5407ee134bf3e298188f

SHA1
0702e322ce8697936361324d00982c73623ca3d8

SHA256
9c69ad3eebc7ed81524b4647a46fc50d4a9b97c9ec7e7ba8724c3b8cde45e85f

SHA512
9df33dd03f4148669535321bc1682ef1e8134fd3b8f868611e2cfdfa1899918f23651a49730de1ba096b08cb4bf1a8f152441ffb7975ccc53ff6137484cc8025

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
64e4a14d81f579c33b6596b2249da323

SHA1
92db28f324400ffcb2e2cb192ef71991e03f6a68

SHA256
96f4357b7321359b52eb3d31153246fe8dd85544a983621ec00d05d84ca2282d

SHA512
dacaa2cdb56bf0f04aa337bdb7d50d904dec138f5c9e9cd017e835316f36dc799342c56e1048753da65391f03073692e539816eff8f0d4b379a04f8cfca1abf7

Download Submit
memory/356-75-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-110-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-109-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-108-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-107-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-106-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-105-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-104-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-103-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-102-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-101-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-97-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-99-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-100-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-98-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-96-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-95-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-94-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-93-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-91-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-92-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-90-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-89-0x0000000009020000-0x0000000009030000-memory.dmp

Filesize
64KB

Download
memory/356-86-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-88-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-87-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-85-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-84-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-83-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-82-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-78-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-80-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-81-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-79-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-77-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-73-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-74-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-72-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-71-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-70-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-69-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-68-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-67-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-66-0x000000000A400000-0x000000000A410000-memory.dmp

Filesize
64KB

Download
memory/356-65-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-64-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-61-0x0000000009020000-0x0000000009030000-memory.dmp

Filesize
64KB

Download
memory/356-49-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-51-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-55-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-58-0x0000000004D10000-0x0000000004D20000-memory.dmp

Filesize
64KB

Download
memory/356-59-0x0000000004D10000-0x0000000004D20000-memory.dmp

Filesize
64KB

Download
memory/356-56-0x0000000004D10000-0x0000000004D20000-memory.dmp

Filesize
64KB

Download
memory/356-57-0x0000000004D10000-0x0000000004D20000-memory.dmp

Filesize
64KB

Download
memory/356-53-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-54-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-52-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-50-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-48-0x0000000007620000-0x0000000007630000-memory.dmp

Filesize
64KB

Download
memory/356-47-0x0000000007520000-0x0000000007530000-memory.dmp

Filesize
64KB

Download
memory/356-45-0x0000000004D10000-0x0000000004D20000-memory.dmp

Filesize
64KB

Download
memory/356-46-0x0000000004D10000-0x0000000004D20000-memory.dmp

Filesize
64KB

Download
memory/356-43-0x0000000004D10000-0x0000000004D20000-memory.dmp

Filesize
64KB

Download
memory/356-44-0x0000000004D10000-0x0000000004D20000-memory.dmp

Filesize
64KB

Download