hxxps://youtube[.]com

Resubmissions

25/05/2024, 12:09

240525-pbs64saa42 6

23/05/2024, 14:41

23/05/2024, 13:11

23/05/2024, 13:11

23/05/2024, 13:03

Analysis

max time kernel
225s
max time network
247s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 14:13

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://youtube.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe

Drops file in Windows directory 58 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0012	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ContainerID	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Address	mmc.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E	mmc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000B	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0011	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0010	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities	mmc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0066	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000D	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ContainerID	mmc.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003	mmc.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\RemovalPolicy	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	mmc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\	mmc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\InstallFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	mmc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}	mmc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}	mmc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}	mmc.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver	mmc.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	mmc.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000A	mmc.exe
Delete value	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGUID	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM	mmc.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation	mmc.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}	mmc.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006	mmc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133599106863594833"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{4C5A5DD0-AAD8-4302-8AB5-78E8104C66D7}	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4804	chrome.exe
4804	chrome.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3524	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: 33	2276	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2276	AUDIODG.EXE
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe
Token: SeShutdownPrivilege	4972	chrome.exe
Token: SeCreatePagefilePrivilege	4972	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe
1468	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3524	mmc.exe
3524	mmc.exe
3524	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 4560	4972	chrome.exe	81
PID 4972 wrote to memory of 4560	4972	chrome.exe	81
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1856	4972	chrome.exe	82
PID 4972 wrote to memory of 1164	4972	chrome.exe	83
PID 4972 wrote to memory of 1164	4972	chrome.exe	83
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84
PID 4972 wrote to memory of 3260	4972	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb263eab58,0x7ffb263eab68,0x7ffb263eab78
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:2
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4228 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4108 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3208 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 --field-trial-handle=1892,i,12684574364916052694,3926217244807370631,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4496

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2276

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1468

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1108

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
220KB

MD5
f1e4c11365eb7ce78b6b7852ea2c4323

SHA1
0270ab14599e2854835a6d65236bc9dfa10c7ede

SHA256
83a39a40b09c8e84cf903991673bc95bcb54ee190358f2db72afde5ed36fa858

SHA512
b3ec28ab96600f311272300f3ae9f79f44fd7ff43c1b561b86ca0faf4805951c7122aae3166463c2e3f79e07987eab99840e13aae7756fda5f87f62f3b3d9939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
20KB

MD5
f218c31d967d7d050e360b26b39df4c3

SHA1
3a03e2ae75080ef0755bf1a1131640e3ed773d1d

SHA256
791410a89899725c497f590cb9138f238713dcf1b318340c18cf0682d52b63aa

SHA512
f97d6fa798fbfa27b3578777d938c327a0b1ea1379c4e0d50d640e4682fdd88dc210d30432320140d5ebdfb6ef721f0b844801a81305c877cba1d3e05d0097c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
46KB

MD5
ac83857f0497a4a0e7669329827cf228

SHA1
18ea483c966969e43a654fcadea9719a8aca370c

SHA256
43337a1354f376890cdb73f3dbaf95a8027761c574c30cdecb321096be485d3e

SHA512
6a35c50764d31d4bac07ddbec2329238cd04f2c58c00629e523ae7fc2a7d6be5d1226f8fb6c3c1043b215c38c47951a66fa8a9d4f4d6ddce7664bd1d011db2aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
794KB

MD5
94467638ef8d7e781e4a65449cfd0cdf

SHA1
07b315043c92ca7de37c2de6e791513869a17fb5

SHA256
ff7abe86cde71bb1d9534fe637e35b9922b84c1c9ee5ed2a447b5086bfea9b9c

SHA512
c8ea932dd4f58d981afbb465b0d64edf3ed79381e2bd14e1bb76b5d2284e1c72c17d5f13088d5adb062bb5367f33a045f0068b4eb15b35841233275575daabe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
32KB

MD5
d0a3a0b05ca22265fd1e33d6c10ad4b3

SHA1
0a1f6da418dd0bb9c0f71dc8fd28024514514b9b

SHA256
b1c6d8f6e9657c187eea4b3c1feaf712935f25e025224ed39640cc6e9d2a3669

SHA512
1d72999174aaf189db6104d383365e0ef9b6c734da3896ebe01af3f330a68e1a375347cca8a6f7b11c588610df3753282dc4661bb8e7d172d7c9fcdd699c4db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
32KB

MD5
803e5c41b9fcf6f3a121e4d273de89d5

SHA1
b763ee2f37610ad8f5c04e3e6609cd0335093576

SHA256
992584bedcc075da716dfb9f12ec53ec2693e0036dc90dd2829ddb04556425a7

SHA512
c7c36fc779446620fb8140f3cb60caa8bb3c6464e0311d5e590461c797678f4810b8b438cd7d38023a299bf04b4a31612dfe2a7df9e5c03c3b285998bec835d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
672B

MD5
9ff32075c7a1962297d14e5e7b7ed491

SHA1
87f5471ebde152541837d336799b64de68dc97b9

SHA256
14f0d5b95e17fc921a6ad1802b4b767b6fe612487bb5032914d20f337f959c67

SHA512
3216ce810caef3fd6fa2f4729779ca812215f1cb7aebbf0e8ac314f7f8ae10eae662765633c6e93650cecd46a8f09c570a539d060468fe2be3ab51204ea09215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
8f0d97485fb7ff7dee278f224694ff88

SHA1
9fa76cd47a28291e6d1ae5f236fc2cce732a8b72

SHA256
f3ba340a6efffac8fa78aae87c9d94d4e8197198d9c2685883fd0afe933b7086

SHA512
2426a10ff4905905dc2adde7dcfd6658fb151c55fc5972862fa34e99d5d9317a90ab363a225593e3d35fbc483688e9c63de0188789a9ea697206df49771ee968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e49b43e25e2c05c80823111429722a67

SHA1
956c1a4372a5c959780cac438126e06d06da3c56

SHA256
b216a17cfa1655d813ef5bf929492d2f780b5ec7b31f80a8c5f39b60bbb173e7

SHA512
8e324640b86ccd0b5bf039300ba23e9a2ea88215fe9ab941ecf4329f5a2cbba88920eaef16949fd7088193d6f07b139ef76acb339be09d6ef4abda06db24e09b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0c9afbd272ce1085db1d7d08817a03f6

SHA1
4c69f8cb5676651cca3ab598ba102a9104e23e05

SHA256
136a70cb818c178f0b6105c03d3ea419ba896520f58d961b2a0bdfc4447a7740

SHA512
de18da5a5505ccd24f39144f66ce8cb2a842b64a8d45bf58a2f094a118171b41320e97b0e011699662d5f886d780cc8e30e703a42bb7a9f3b8ea32eee10db86a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a101bc206b3186e90900caca1ddb763d

SHA1
76a72cc305e972db0ab27c676790e53fa215195e

SHA256
dab46f3d568a37d6bbea374f445eace74a5da8b7dc04706548b00d24493c8d8c

SHA512
1b75c05fe6e03f8b2a0b96cebd53d78129a292d95dabd56b958d83fe6420a4bac1b4f7f10f6ceac32bd040aed764e2c2fea244226fa19a5e15183822052a1afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
48f593055e8dbfde05dfd53793fe804b

SHA1
c5b605394ac1e701a89c1b564d0111cc53bb3f39

SHA256
15727cdd4a87c8e89680da95fc9f67d954f449af261d045be3efd20f26bcb2ff

SHA512
9a5fd67a1a0751c2b09a0a4b4e73383931914a11a004087759097250474827aa878bd4bae8827a567b83eedd99f5caf4a9e1100344a2e48e8e5a4ee765c79f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
b66c5f37e58e3c9c48ab4aeca93500de

SHA1
2354ec42b7838e7e1580fa21a30232c2caa8ce60

SHA256
f850784dfd3ca4351a354487c384d3e4c5e40aae5400afebaf3106d18c7e13fa

SHA512
c2c0dcd89f3609e346e71fb4ee6d89596506b740c2420bafc18f86e158abd7ad212134716001a06fd8753afa810142cfcb720a8036dd370c1a848ae289696038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a897d1f79f94511a132d1aa4c13c27dd

SHA1
ac6642e6ea04012cb205655817bef59375d2dc7d

SHA256
6575b1ab3f3e5daea8d6962d20b747245ba9701ad3b64df81a8c9b27953e62e2

SHA512
3ab1d399b4718655b3d06544e5bfa289713252b18801859b41805f87174c5e1c0a2759c2306e412d33ff27ba1973123f6725200c88f62b3abb959cae6d268508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b1a37d807c52937a6138144bce23ef12

SHA1
e66a14c708e805a538132aec9474eb5cf732b30b

SHA256
80e9cf510c6634adc00d11986ca624bc4e4649333cc7f0ad9a3dfc7644eeff04

SHA512
9871ee6bd1f56f46ca805b527ac252d9f1a9abadb67c45e06989498d2d8815402777134f26c1e99bcf2718f572f7966ecd01908d95d61d11bb7560e2c72dfa23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1bf9f2642ee1ec6d1083cad9365d75f7

SHA1
3e552b38922437cc2b40230af550c7408e160f5d

SHA256
c0df102d63a8f0b4a472810a7c0e33b56964a249e7b444c5c5ac315df74d8abc

SHA512
b5f15c3a10f3f6e8402f8738a22efd4f200bc63becb62ac48d30671c74dc2886f4165914c7b89b6dffa54da51d924977f9199f1eaac6a7940ae5f391167f7182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41179d31-4b7c-4b47-9375-7946053b7d08\index-dir\the-real-index

Filesize
624B

MD5
3e0d49639929d891151c4c9cbbccd920

SHA1
f0b89463e765271fec9c20dadc7b84ca1a01dfdc

SHA256
0d8fe9d2cd2b50a0d782f71a92e401b14d15ebf488268827adbd2b033446ef7b

SHA512
24b589f8e9ae00f8d59011b8e58766d121372dd10c8b5e2439f1d26e5baf002a68a404b1d5b1791942e01732b09234f6a9fe952d75d5fdf95303ec7b6462fd2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\41179d31-4b7c-4b47-9375-7946053b7d08\index-dir\the-real-index~RFe5950f5.TMP

Filesize
48B

MD5
4c3a7baa6d0cf2289c746700415c352f

SHA1
42784503dd61dea459897ab69e193c9812d44e49

SHA256
f64d617b51fb9c02374d1e93256498196095efb7fcc8cc6fc0a8c0a11a88ace4

SHA512
554501489909e56e80347b4e0b89bb5d5cae1c463b79847d6d17b4be82a6ec1e806e8dd015c089fe89b0e074dc8b0d70408aa747f7d64655efbc87c60d86b413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d6d1dccd-77bd-47aa-a86f-60bc2bd2648d\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e12a4375-30fd-482f-a951-9339ac59884c\index-dir\the-real-index

Filesize
2KB

MD5
7323eaafb83656149e2f0ad476811e7a

SHA1
e2ef60210b2e71d17a3ae24e6ae81ae78233d776

SHA256
17648550f670960e60e5dbcfc2c292aeaabf68420e97056ede935d6962ba2cc7

SHA512
7276849c023c5f5dfc8008c193755f038f5522d55e77e6c33c998cfe3e2c67f838e8b4cdefd36ba94971d71654295b4a19881c759969d42320a3a1faa7d47a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e12a4375-30fd-482f-a951-9339ac59884c\index-dir\the-real-index~RFe57c7e4.TMP

Filesize
48B

MD5
c38be04e2b84ebfba0c1224e2acc1781

SHA1
a4c89175065d4c88b26c355c5e600cd20383368e

SHA256
0ad250b75db451dfb4c3a2653b685872119450e9f6848114b67401423ebe7330

SHA512
8373b6883ed1b9b3185e1d2a9bada0f0608a280ebc67395d12303fe59cce10d0dcb7ed79097db4919450bc0c1a09c374e93d7d496d662c89596f663d2202b190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
f10ad7478aa8a30f98739d8fdba50486

SHA1
e3418fa2fd7f35e31533648ad8710ddf78cd40ef

SHA256
71f0aee2fabb3ecae7bef5f64cfc913f929d702d4b14b0607077344b6b960c6b

SHA512
b3b137ae0470e15543e78b341c9efbf68ac7cbe448add4ae28ec8dcce772d7f10d2a42690f6f47ccfbc6f9a75ff6374e3feee29012589ff08d74da6a04832825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
8ed32147db7bfe84427f0c81b8bd7b1d

SHA1
acd0b22eb17fdaeb107d2e0373d5a31fb33c09dc

SHA256
71f9c92343b84b554e70ebbb24062c05d1afe6e54d0f3d5fb1f0a65ffdb2917f

SHA512
cea6867c179c12e68e26095ca0110014cc19ec8a5fa041c98db7ad9bf964b9aa377b008384d17ce7db798ade4927d206c2ce36802ddbd9af6b01cdad07b19c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
94e8dfe888241378cb3161ced0787c55

SHA1
fab410c7730b62b5dd13f17459beff520fb8887d

SHA256
5621f18627f36841adba6908831d3dc5057c6ca47e97a51cc694cfedc97e82d2

SHA512
3804bc15b8f7da33c1925a68af7cb61abb8f77b8154f36b4e814a0e3da5b68ab4382928c7dcb531ba284aa4d8a99a6c9742ec11c4841720b58f08138c12ba9a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
fa77de37b0f2340d0e5b54e4cbeb6505

SHA1
dec9f18d5227ec50d7d451fc9add0e9c55eeea0e

SHA256
c99a7bd2e29d9881786400949c02af8a355a59775e6316049b4a10001be703e2

SHA512
b614aba1c48dc5508f5162e5744439dbc9d5d4ac93a7dc82fc367fe7ab8da31920599ddaa2a5ca340460b92d176672046ad07af1890d23fc344e1496eb762ce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
c8dedb273afb5982638e081de43c7a37

SHA1
3463a6dd536a0f79419d83c55f4b8725e196f30e

SHA256
86cadf0e8928c6bf2cfeec0244accfa33e47309aa7f77e45df9f50651a4a29f6

SHA512
b2d65c637dae3ea33314672834e29b1b4db5b7652567013118a01e31f3b41e582d3470fd0a36370801f0c02debd96c7a1927f36d596f3365ecb52d30ae6a26df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
a658aebdf79cbaaf1430566fb9a40455

SHA1
bc4c3c7906a609a7a4185ad553e344defcb0c5d4

SHA256
36d508782289fb6d194bf3b22c6a444ef9026496634925c90765997f55428783

SHA512
ba7d52abe3dad1405c337e6ec428a58e4913f9558398696085cd9b64fe1d4301fe8888a7b41ce88cb6ce9d24d6b0e5db84ce3531434fa423ac2628aed92f250a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe576fd1.TMP

Filesize
119B

MD5
1a8cce2b2edf91b46dae4d07f07bcdfa

SHA1
5e6b0d9d47d3834caa9ec8e950ffd8f7e8215d54

SHA256
5afeec6750d5615a99d8bbf146e9606e790af463e49406a96ae4d65c5f862238

SHA512
c05812b179355b7241393d8c864aa8ee28166798a956ec3b5f86940e97869c5966de3e71b719bf619f2a8e34595cc5d875ae12abe55d0fc7fb5e1a6aab7b3873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
90f0c956eb336cf787de3b02eb69450e

SHA1
bbd8be33bfe68f1b734405e76078de580b1887fd

SHA256
df5e419ee8c26d8f6d38f462eb2776a450ac8aed3c53d5825bf3f498bca5ff7c

SHA512
551ffee45cf411ef8df415ad417506e15205743540e1a88e5af36b5b4c95e7c2be610edbe15088174b1e0dd15127a8cab1e898de134efdd2798b24683ad7aa2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
04af4891381b5920d32dfcbd38d04528

SHA1
b72b8249e55a996ba76eaaac908cc5b14d6483c5

SHA256
f5ecfaa290fa24421d7d093e65d43a12f7419a2b38d2c09916cb122bb395d45f

SHA512
a37143a46a5551496ab8eb29a584abfd3b5c6db8289360b85135da7381632fb0980c3c0ba0822851b6ee00fde8be171ca6bc044802cbabe20c2e3f1b80193e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57becc.TMP

Filesize
48B

MD5
0911489c7b789ce3310a72bd0e1adeea

SHA1
7f4a79b722a8dc5b5e4fbeb9b6265eaf2cf5f91b

SHA256
3a01cb0990f3085a05730a75ba1a3007fb1104b9a9f5e2b52eb6c0529995fde0

SHA512
8d41e2bff9b077489c39eeddc486297762257ef0f1a1e8bb78d6f0915945ace004570caee1260f3de582c0e57297f5e9a8ae61cb1079a3202e79305b917088fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png

Filesize
673B

MD5
88dfa96f9642297ff88909ca4e0f7330

SHA1
ed8655bf13e6cc49395da4c760168c4148454b7c

SHA256
5e5eb084cf1a650b2e122f53d36f85b67ce6e39069e399a46a25dbd34f7be286

SHA512
cc2deedfeacf9f26e48cbb26e222a219905888b95634c7d91d6393b84248305ce8940816bdb3bff0f5384b9dad90f4e3905b229e06ce4b1023a1439293b240dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4972_1255680923\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4972_1255680923\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4972_712857878\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
3d8e8eac4c18bd5ee727a63927c78478

SHA1
5e254a99cf6f37e5b18ee8bb6cf009a2df69d29b

SHA256
35791d4564b5799dd604fed62f5207238bca67eefe4989b063d34706396ff4dc

SHA512
1684d5b6ae71ba75ab7acd4113db4e8d11b834a9ce95680eca1b5096a279de24610607e301bcb78ad86ac5615e50061459294160bf4492d9364585c91553d1d1

Download Submit
C:\Windows\INF\PerceptionSimulationSixDof.PNF

Filesize
10KB

MD5
b1098f9ca6412ace5d9b6bcca5e5e3ec

SHA1
f3383b68929d323f7fd1924e2f10f4993068facf

SHA256
0d39822906f00f876beec95a498ae548ed811cc93d1e05d6988de95ae37ac330

SHA512
5bccdf675edec553d3f31f402d033583914864b5611d41d6dbc319bdcff03e3cfa1f5e596b2c9a69f52e905b34e2e9a793467dc9069cbcec1970d8035ee40d3b

Download Submit
C:\Windows\INF\c_apo.PNF

Filesize
6KB

MD5
6890db63d64427f38fa8306da932a22d

SHA1
36c602d31581f827e7489c9dbcbc325259d07d3e

SHA256
9dcd6f678102423fa91c1ebacdaf705f29580a8dddcd1ad227ea027029ec1da6

SHA512
fea51b7ffdcbb9cec1fbbe8170500c41131edb3d75d75284584f17ea4a6b73bb0251b93f8cbee31e62359a367f3bf0c8881f492faaff4e34d7e637257ebc5b27

Download Submit
C:\Windows\INF\c_barcodescanner.PNF

Filesize
3KB

MD5
b75d10f42f5d09c211356e013c146774

SHA1
f90bef91f378e0ab636ea8d418a62f5423d34fe5

SHA256
dde3015e08d0b974a472352bad980b8f07fc4187ccbe1199f7f98a0660ccf111

SHA512
77e71e990b0966bae0f05a9833b20e8e35d31d33cf1b41860ab945114fa21e5c4da8197eadf7f78aed45ea2603f6e3f4a0f00457c37ea168a854c31979ff9827

Download Submit
C:\Windows\INF\c_camera.PNF

Filesize
8KB

MD5
5d2fb86f3bfe6f8a75ccbbe7b6061b70

SHA1
bc9b12f72f93207be2f23f693326aa5e4f15bfe3

SHA256
ed38547230f4b4560c6aa7c28e70997a94a94fc896c54b4ad871b1d8e2e556db

SHA512
7816e81f94df302c62246272e69b75dcd2f79e15ceaf377c1b4dc27085a0fa9480ff152bff485e2a0f11e87039b76380f3ee13b0f9cf1efd8c7267ce44584f23

Download Submit
C:\Windows\INF\c_cashdrawer.PNF

Filesize
3KB

MD5
e3e4bda403c48e44c929704a6ffcbcfd

SHA1
a50d679ed03b62c42101a78f3dd80fbf42ef0f6d

SHA256
72117307604c101dd90690e3ca955d9c9b6e532ba1ead1c21e2ed324df8c73cf

SHA512
5ebb004688a6bbad38d09c32f162add1b9740067141d84ed98bb9aa383fb1d3cd1dd1536a01a27ea419617162f174f36a823872d4b7343949cf4604c7a0f3ee2

Download Submit
C:\Windows\INF\c_computeaccelerator.PNF

Filesize
4KB

MD5
973e595cba93661a5edf66401697be71

SHA1
59c48b655fd2314094fd5c09fcf9e46a94821c3a

SHA256
a434961a3fc17e971a029c8c0d8f19777871c83b77b9137ed7daa10ea8a72b32

SHA512
e08707a732832e7713721c7fb4487d7c1f75eb6a340c62c7904ada3afbf72e2597ba2b23b5bc9dd2744cb93816271964322f69081c590a4f4cc48fb519749a45

Download Submit
C:\Windows\INF\c_diskdrive.PNF

Filesize
6KB

MD5
23fccd8badaf2efac5446d2d2ffb1607

SHA1
c58eb98650120f6c1af7d295a80e09b4322fbd80

SHA256
ec1e016173cc30e5e0230c3389223eae30b9b29030f2ed770e4420a3071caf73

SHA512
dab16eb1c4cb7fb9040a341fcb1147bc5a356c5ee8bdd7725a652f3d0f777d15044f3652435d9eef119ee1958ff6e52abf44933d66d97a711f24e14784572186

Download Submit
C:\Windows\INF\c_display.PNF

Filesize
8KB

MD5
ffb92c6b20fc4aff05e047bbddd49008

SHA1
5bb061c52e68b57dbb3e678ad23898ce9f42ad55

SHA256
3e31e8aa93976575f9762905fe4319759c437d6c6c83040af3d106e71e265dbe

SHA512
78d506fea92b8345f6328cc3a8ed471054fb239b1f419cf512a1988d96b363acad0e24ff496fca8d43264ce44e408035e050c9d031d6c5518db908f967588b61

Download Submit
C:\Windows\INF\c_extension.PNF

Filesize
4KB

MD5
27d34bd884f705ac09e31702bdc6d849

SHA1
b646aa41779f75da390fc57b6cc8e00923615274

SHA256
fb5b8135d9c19421bba195c08635a8666a63958b0a846a8afd064da1e4905d2a

SHA512
de27e181309d677554f6322e939cc81f96fed9be175c72628b9a70a8d3f8efe2246a920cdaf3e3052b6344d111243d11206c0aae53831a4d1707a6a5b60b0e6f

Download Submit
C:\Windows\INF\c_firmware.PNF

Filesize
7KB

MD5
07cf62bd948dae859a2262b4372e57be

SHA1
5706f3c3789ceecf4090567fe0b8fc692aba0052

SHA256
51a3b71480853a6d178141f9d920af2a779dd0fbee70d645ae24b933cf74f1f1

SHA512
e464d5ccfeae26282496ba7971d5f2cca9a04428aa375b9e51b77c801269516c9fb64642548a00cc257d20747459945eb0b6a05e4abad89ab52c96421f5a1adc

Download Submit
C:\Windows\INF\c_fsactivitymonitor.PNF

Filesize
4KB

MD5
82c2579f4f42b49d499e7fed9bb0d6fb

SHA1
a3d1c35396fd1466282edf33ca0acebc0d52fc5f

SHA256
1ac7f85dae2d31e7dddc06d7dd9187cf3dcdc1219a78c318173130d673a698cc

SHA512
13aeec2ba141c4e286e076e0aeadd4b229288609b9ecfb91369fb0fccc3db18c5a20e41c15768b0f26324c8ed47a807b1ffb2f4a42d7d2290a320f644bd661c7

Download Submit
C:\Windows\INF\c_fsantivirus.PNF

Filesize
4KB

MD5
a0a8d285e2736eb8f36059880acf384f

SHA1
0921cacf9534368867d4e0cba7bd54b448bd38a0

SHA256
0655f8f6500ef42e12fb7eaa8509b57eb7b9a3b1d071d2c2f88be442c49e480c

SHA512
00ae9cec96765f35b88b9f4b482b3ac2d872745bbb76b739571b4c91d79749900fddb1f9e11ca6fdcf31043458316a7406237a5be82d8a0bf036ce6b44ee2628

Download Submit
C:\Windows\INF\c_fscfsmetadataserver.PNF

Filesize
4KB

MD5
83754299f63eebbe7e0076394db47535

SHA1
64558d50e0943932321bab6a7b94af921054d81b

SHA256
c540dba676eb26e302410ffb875b7afdc9c3be79fb6331a7177b04bba40ed04d

SHA512
b12fd18b20143d9fb4cd62ba64280a1ab04fea59dc722544e496402a88180dbb807cd29f0ea034f8e229bb0a5fe7a15c2d3d3015d1f4da5b212f1e1e37cfd026

Download Submit
C:\Windows\INF\c_fscompression.PNF

Filesize
4KB

MD5
fd4e88e4e52cbc1e2b8acacbf6674838

SHA1
4e4c289eda139c297836c1d4a37caccfce398233

SHA256
2dd7c1c850b6a736b6cf145d2081f2f8c36fe4b3e9d8c4011ba68cefb89c6b19

SHA512
0f1eb541fa25e30fb2e6bf76091ee709f7c01b3a85bfc592e67f42c9249a305ed002cd033f469d5f8a745953019c32751fc3e5c58b360d71e56287726fdba5f0

Download Submit
C:\Windows\INF\c_fscontentscreener.PNF

Filesize
4KB

MD5
ae30cd132bafbddc34e2c241fa89cf78

SHA1
e4a77358961d2f98cde0b1f3ed08e34c41763a1b

SHA256
1a3f5c7dd11a67e640948cf3f5eb6ca1baaa94bbb458b29f06bf99ccd96aacac

SHA512
9fa0fffb70b02577335f9c1428dce46811ebb2feb3fca9291cb3746595a4690d9e1a70ffbd943d54726425f2d30e5337c5f88ced773c1366491eb9e61567ad04

Download Submit
C:\Windows\INF\c_fscontinuousbackup.PNF

Filesize
4KB

MD5
73f1ab62a0daa4956271ed263c3c42e9

SHA1
6abee2308a99725338e465108798a0ac2343e1af

SHA256
e81c5552b61d18e16f29aee7779d34bdc16f6f3c2b7cd0363c2626a6a0327702

SHA512
a418f385920673acabfdb5df893488537f0cd4d51c27003a171dcf045c60d07845548803f3a2f3b804777850231102344a15e95f72b9834750ce9bf6d05058e6

Download Submit
C:\Windows\INF\c_fscopyprotection.PNF

Filesize
4KB

MD5
efb626c14105d2095cef5efc9980491d

SHA1
d21c921f7f23cde3ed4fd5c3816b3d3980c5c779

SHA256
02ad18c41975f876d48f78569547bc69eabe7c85b2d3480a763b4bbae17f13c3

SHA512
09e999440a51713f87de149383023143d09a21a62d8c94bfac549f4566bf997551412fdb3181afa6c232f5305695783d7346af89ffbca52918e464914c11f2b7

Download Submit
C:\Windows\INF\c_fsencryption.PNF

Filesize
4KB

MD5
d2df781aa1e6c8068cb65ceb3c6afb0d

SHA1
61d8eca05eec42a4ad4f678d916ee8a7dad5191e

SHA256
ba6ec341cc8bced677cc489cedefa67d77238b83980879879475b06338e162a0

SHA512
3038cbe4bda42c5ffa7e6797251687a3f0ced0be3362821f651e5cfea6a2076755477b876f2af53a026188e0b16d1913c204f06dc5f66f7227609fed380d293e

Download Submit
C:\Windows\INF\c_fshsm.PNF

Filesize
4KB

MD5
dc5a29bdb42406a1b08879ed2fb5ac81

SHA1
f000e4620f4d2e518d1aa6748b131d2a180ec92c

SHA256
55472205cd7d26f6e9ad6b886099469b2c9f6d6238f9ad54c4277b68a300bc61

SHA512
a5c8a0a4f9f845297b7fcedb963d826de3e891f28ddd38d14bacabbbad86b92522210603e6b03e880a545f6e3a97f6dd0d6f20678f35ba0d429a515e0fde71f4

Download Submit
C:\Windows\INF\c_fsinfrastructure.PNF

Filesize
4KB

MD5
c3d8a25bda928415e541adaa51330159

SHA1
d7b1322abd6250599c8317af262bf63773f84455

SHA256
ad82d69bcbf39adae85b31767e4bdd58847877d05519ed7b732b67c45dcdcb67

SHA512
770d2a48ca1f24842b453d5d59ef6858323900c648cb8c0c12bdf066646c3d5599161815b8a009a00e39833a07f8613405e051500f2d25aa5964c5b124f9c0d1

Download Submit
C:\Windows\INF\c_fsopenfilebackup.PNF

Filesize
4KB

MD5
39f4c07c8b70cb1d6723c718add8bf31

SHA1
a39d39eddb1038f030a340111921c21e04ce1b74

SHA256
0b89cbbf8ed9d17b1d6378517f89b7f18aa8ca7514e3bbe34955f36a57074ec6

SHA512
922a98fca352f89022e575bd17f64a8ef703ba05794cb48d471720ea27db5e4dd989e906fb0a17fbeac0e70b5d366a2f44741342e2fa652238932f1b298c90ed

Download Submit
C:\Windows\INF\c_fsphysicalquotamgmt.PNF

Filesize
4KB

MD5
c5072de5586c47cc129b0a61c35047a7

SHA1
eba37e1630ae9a220e0138b488476f87e55fb0e8

SHA256
e0d14ec7e418c1ce9d91d48c0f2ecc4948ee378a458d50ef8eeb6866b13afece

SHA512
d87a569bbecb63aa34f86889e07a836c264e8c23cb4259e9aa387716627626c3a18515de78e868cfc97d8677cb9f4b9afd9343fe4a4890fc167ac7be0394c4b8

Download Submit
C:\Windows\INF\c_fsquotamgmt.PNF

Filesize
4KB

MD5
5373f7e54cf0858eebfe397c9c2b79eb

SHA1
b9c20fc9eb61ed478342458b3e6fc94a8785482b

SHA256
47df92c184cfb6e1e1834b0e3345b1d034ee0214fb2292c3961d33c3b9585e56

SHA512
8450bb9d720a4d0a2f189bad41ad7f7e5ca179617612849fb73da945fc7b6b423d890cb9ab6fb8173443b48625f99494eb13ff1a17c40e483aa3625231d80f08

Download Submit
C:\Windows\INF\c_fsreplication.PNF

Filesize
4KB

MD5
09070b88bc8eaf40dec73f537c9fb95d

SHA1
9b6ce494c1dd96f2a0932ee919edad8255845b5c

SHA256
bce33f209ddaeb947d36364d0ed3860294bd67a02614dff5a24b4c681b95b668

SHA512
3263e065cc33f401dfaa536e9f4e00bb36d77193502e4a0799f34915cc52b76f976b53645b1c2abb6387cb0db7b41db10221efce1dc866fb5e26d89ecfe68e2f

Download Submit
C:\Windows\INF\c_fssecurityenhancer.PNF

Filesize
4KB

MD5
d965cce1c331cb0c8467f89f4dc36b6f

SHA1
452a2a68b6559d83b2628e8f8b3fcf65134b0b3f

SHA256
263b36732cc213f7565151566cada41f6c910c6752b4c58e9465446bfb1306fb

SHA512
0689c7930936e93d46bd70e8a6a3ed006949ab1443bf157279407970c627f9f63ec4df3b8c5511b7149638e3fdd831d68705f7b72c2b2a9f3eb388fe6750d835

Download Submit
C:\Windows\INF\c_fssystem.PNF

Filesize
4KB

MD5
1c5fde2e9c6c472df334b8d17cc33c26

SHA1
6a9d23a4f146bf61d23f9325050613aa3e240a4d

SHA256
86ba4b5561a239852040785ff8b84155fe4bed0e9b68beda9de7a26217536672

SHA512
132fe0381a7c8974174dc8863f8534daaf616a8c64af3bb3ca0974a1384bae8f86742a7c7f739dee202718cfcd9237865bc6f053f992e19d706ad8d3c7d217d0

Download Submit
C:\Windows\INF\c_fssystemrecovery.PNF

Filesize
4KB

MD5
1c20b551c8177c64891f1c20f38141ca

SHA1
5698b6c521d66a0c19ef1400bd05797f2d0dbdeb

SHA256
9e7a415f05f5ef98ed2afc3cb9b3af80970bdb80b00abaed19c89c6d4a2f3df9

SHA512
401c6e105ca2571202a1f2c4e7cd6e9b0e86db8122d45fde55ef3f84ef515938f516854fe5f665fd4934b4e39a61fd7700d65da6d95f3f1f54d0dade235ec3f5

Download Submit
C:\Windows\INF\c_fsundelete.PNF

Filesize
4KB

MD5
d82ea91af06742506b30af098c9c634e

SHA1
f45af2e38df5cf698b193e1f23108812c55f44e7

SHA256
f4436c1cc4808ca34ec3d13f3f4bd0c1f6e779d5e3b699e256e468df58c04dce

SHA512
f13ce9a676608f8050b4229a2b51b6c7904ede0f329b8bb8ed825cc00b4157c58efc6dc9d13f8509acef61e620410d9b6528813acc40e3735763fd3bb2ca82fc

Download Submit
C:\Windows\INF\c_fsvirtualization.PNF

Filesize
4KB

MD5
9af57ec5fe47634e8ab575ebfcd6af8f

SHA1
e595b374098d8f7e1ed02f90a09ee7fb2e18c191

SHA256
ea8972ea699b617c820d945698ab662c788ea6bcc21b8a7cfd420035db8c3be0

SHA512
e0c20de1ead1d86af875938d6fef908749e8563a43efea632b466d58d582b8a12901aa7fdfbaadd8fdd7821701ab23081b6a9e8d94d2c4032fc864450f79c23d

Download Submit
C:\Windows\INF\c_holographic.PNF

Filesize
6KB

MD5
0faf1c2f11818169b4c079ef6aea497b

SHA1
db2847e45e85c3f5b61e4e6b97cba8294de4bb55

SHA256
74e0d0cb1169c249b838d5490f138c54d3a3d8164e371f830f5996a27ee5c6ca

SHA512
166885b8aa4bd4fa7603a5315216ca40ab45bae8bef26b095b8963d490461ee370a78bc33aa2da33f5acc66bff3d8f127684ca5efb0b5502394b58f13bf3ee40

Download Submit
C:\Windows\INF\c_linedisplay.PNF

Filesize
3KB

MD5
ef4bab04d4980b73cf46d7996908e544

SHA1
646804d5dd89c953e390da69f3236da2169cab8b

SHA256
deed5afbaec62963370537299c5cf86ebee4d734cabaf18c1f1478d512006355

SHA512
e1d421ca7c7629d3edc740a35926fb6d4e33a72cec5ebec68109f78a03956dfc0836b4c5b439a636522e0c207842333a89ff3f6961371d06b447629eb47056cb

Download Submit
C:\Windows\INF\c_magneticstripereader.PNF

Filesize
3KB

MD5
b19015e21e1bc2886b0b674d2f450bd1

SHA1
540de50a0d3b98b6abbc084178ba05e4704321be

SHA256
a1bc54e853d96acf8279a0a7f98de870e6d217d281b1119aad865816659b1eff

SHA512
cfe69151364ff1227b2eae37420ae70f34760150ca78b2e5dad9a83cd0538f6e1ce2798b4f31ee6fd9b9e17e020d738c7ec3805796e8d40bad1cbaa3914350b6

Download Submit
C:\Windows\INF\c_mcx.PNF

Filesize
4KB

MD5
1b909c8deb042ba17243934d48b3ee41

SHA1
928e854f9097ac311fc5ce458fd6909d812f7d96

SHA256
20781e9cd4f11ab6dcc3cfd6df92e0c70f55ff043165f1681bea6e48e45eda03

SHA512
088c1db3e9b55fbb46cdfa4ff18040deb5c1a1347b7f6366b8bbcbf6a1d42ec74aa9e167fb021210ddd613a55c8fc223d99ce2f39974dab1eb301d4f3d1ede9f

Download Submit
C:\Windows\INF\c_media.PNF

Filesize
12KB

MD5
166a135cf2a9f3093e40135bdd8308d4

SHA1
9ff98b5e2304d0be92b705996cc9dc76dd3294c8

SHA256
8887a040ae2e30c5789e64f868599db7d5f7b65058151dfa8b71809ce8e59d79

SHA512
b84a6dc4de83ecaba80f5223b6defd2892c5f96d658f4aab47887488cfc1c38baada4073e19cf6af59dc2b15bf509808a713ede37de6c7e85b9ae5259a2b920c

Download Submit
C:\Windows\INF\c_monitor.PNF

Filesize
6KB

MD5
bf2c2b850c3a378c197342d68246b0de

SHA1
d4a0ab2bfcdd567bc0f9c008884d132eaf8e2344

SHA256
403860ce4c254504fdd6e25c90a90843473ef919fb955008f6df69a2dda76fe9

SHA512
80e9f07ce6acc7b48c421ad295c070f6a176b1abedba672ebf81e085696a9fcf3e1aa27b1e41c32c3e8aab8fb35fac8135ccebb2b5c302e33849bd5d7d046e27

Download Submit
C:\Windows\INF\c_netdriver.PNF

Filesize
4KB

MD5
bdc9e821117629f32cd814be18926874

SHA1
28be72c2f5cea9bc57b4173194461c93c323be71

SHA256
764d8fda42d537a9431094b62405966e46672da5cacf8c3e66854f3df2170e00

SHA512
5b597e24f704816ce117ffee8916cec9afaaa309dcdfa4d28091f5569d3aac0bd3543f13329199fe7c3a7cfeab91254b569b9eb8c01acc8adbfee2b71d51d137

Download Submit
C:\Windows\INF\c_processor.PNF

Filesize
5KB

MD5
11bb057bcd18cf973b9f0061f8b7c10d

SHA1
5df9cc09ac07f6b37015bb426220ef49cad7053d

SHA256
6f5a596e6d0f52903a53440b6afc43b9b3f51df6f0aef94d72a25e9e7e2d122c

SHA512
4c15bba16759b2f970a9434bbcfa6b8157ca7d9933fc652b50177c5feadb2e0afb4e6c27bde44f093ff53141de87936266bae0e2f0b5f687c95fcaa1b1b2b955

Download Submit
C:\Windows\INF\c_proximity.PNF

Filesize
5KB

MD5
bb3b1f98d61c937c1fe70980795b16fd

SHA1
2c46df534205cce9c92c7c9fe4cdd43f4ecf86db

SHA256
51160000285af4f649bcdc4ccd215f68b1756d9c1d6890411ccbf25d2ea0b85c

SHA512
61cf2e8b7d583b55865b10c5b122578621fc009947083429104d83a1a380feace2f0a3cc2cda1a0c95650db3c217c5239feec0c910cdbd6adc58ceb6ad18b173

Download Submit
C:\Windows\INF\c_receiptprinter.PNF

Filesize
3KB

MD5
86d0257491b064fd46b663a37ec563fc

SHA1
3695627a176254cf957037eca21a7cd9d49cc3a3

SHA256
6c8847b1157f67217ec2e4473cee5c5bfc6e96ded47b9301cb1e5e12e6b0a632

SHA512
888c00bda5261189b8571a919ff6a9f6bc57495084c456f9c0ea1819824ca5dc1e995a3d291e6bbb1baa53da2ff2acb75dd4623bd59a4e74e6ab9e8e5b75d342

Download Submit
C:\Windows\INF\c_scmdisk.PNF

Filesize
6KB

MD5
53073e7c5ab3dab41979b36b2f152a30

SHA1
b92c4ebf330047d3f4ed32449f5b7a5b7654b0bc

SHA256
eed2a3f126d3a6885122f76f22fac940724d0167ac39d346b044a095102c1df9

SHA512
e3ae02899061771309535a21794d5703e9a09b99d00a2543c6ff64c15f027633af2c36623d505f705ed3450434d31b74deaaa7237b3f9167ee2f3de8c362f14a

Download Submit
C:\Windows\INF\c_scmvolume.PNF

Filesize
4KB

MD5
e71d9867663f9fdbc6ce61fc584cc6cf

SHA1
02230be61f520f83f270507188bc10223aac5f6b

SHA256
0000bdd7fd6e58bc6299b4fbcd7c7513167002fb9b9d61ddb675a576ea5a8115

SHA512
b7a25bc11693d06c9ccf5d24a6ef210fd31392a46bf7d6aa26daebbbdeeb12e09f4cab84d4385b14f0c402499478b6b4bb48edeffc5fe88ca4af66f190a8f6a7

Download Submit
C:\Windows\INF\c_smrdisk.PNF

Filesize
6KB

MD5
8beedfbe2aee7a2caede942bd26b38c7

SHA1
843750a4ebaee82d7ee69985d2b3fc14d5728970

SHA256
69042ded36473ea5fd93884277d683c4cdfacbcc8884fe31350bfc00679150b8

SHA512
1ab952d0fa872091727a0627ef0c9b2c69f179edf6c9e739a1f929f1ef2e426d99accc85999a47694d3f59d737b3c335286119ec462b1b88aeb9591a50a4cce9

Download Submit
C:\Windows\INF\c_smrvolume.PNF

Filesize
4KB

MD5
8f824d298f36a7a9dcfbbd66edc808d2

SHA1
70bf19be4dcbab6177aa2a764411c1c758033994

SHA256
141f3928c17fc836eef5f637e2c5265392f72c628e9f4246c4c60ee9a45cee87

SHA512
9a3ee65686a2fe4a4008e87182499ca6a1f533c836ea70217e175fcc8854dcbd29007d757aa08e5dc8bb657dc28532f09e25866504ed213860ab505d10646a57

Download Submit
C:\Windows\INF\c_sslaccel.PNF

Filesize
4KB

MD5
a5b60198ed9c83074babfa86f60c1e4b

SHA1
2f3e922d885fec14b965d9138ec90a1571125e8a

SHA256
024d245e7af8409c38f53bd91cf4ede6c11dad6a192a27351ce027db7fdcbb03

SHA512
47571c1995d026e90114bea355d67842e8e77ab003e906f7f5b247c1fe50743609165b944368f7b92759082c78f5b0ef020023c45bb712ede8e408979a7bbd00

Download Submit
C:\Windows\INF\c_swcomponent.PNF

Filesize
7KB

MD5
b097dc99f5d4e4924505d26aad418060

SHA1
56c03dcfd0de0e0248c9087d278736e1c047ee98

SHA256
f46763a9b7072706927e582e3cbae297627738a5031d03b60dfa860888aa6712

SHA512
436d54a5912128459972bcb5cefae0fa9e878f8c0b142df76a4fa7060f2f08f5bc4fcffdee437c355f52450c1354c7128be72d1e32a7bb012aec02b7394cdcfb

Download Submit
C:\Windows\INF\c_ucm.PNF

Filesize
4KB

MD5
190adfd66c0eb8d338af45ee19805ffb

SHA1
426efe460e094d66790e0c498d4ba5b63a32b99b

SHA256
4603f8d75b702eb4b1549b407ee0821c408952c9e6f67bddfeb3e0d119a0e2d5

SHA512
db548ae26193b8ff19926846fbf5a8030b3dd1180930a5c585fa7903320d93f264502e64fc523966e9252ac5d946d052ebc58f853ca069e3488a2a6abcd68403

Download Submit
C:\Windows\INF\c_volume.PNF

Filesize
4KB

MD5
0df5db1732418617460ef55562343fca

SHA1
5e0d1bfe6a530445516b391e07064640ecac4ad7

SHA256
61aa99b2afdb7c6b2d6bb3ba5fdb984d7d3ff0998da754a325d7b0c44cd2d139

SHA512
b8467e6389c0ab58bc04cc077d3fb79f1081abbd78728f15c203962ef69f6578ef42f2c281dc4add87e0a962174a187617c1e027537c102b5196ee772ab3517f

Download Submit
C:\Windows\INF\dc1-controller.PNF

Filesize
14KB

MD5
e7a58b5321b18b389f9d14e92914f83c

SHA1
a30de372f19497c990ec222afe214de11afc7c97

SHA256
3ad263dfd598b6ae3ca367f343cff023d59c0934ae4cad559d7a305b3bc59e19

SHA512
31cf30abe22672d99ae81ff41e44e452b9f38e55b8b27519349a0984cc448db62c7f6b0baedca28a636d6f2d3cd260697b5c9e4fcbf8c8dc31073dd1e47078e1

Download Submit
C:\Windows\INF\digitalmediadevice.PNF

Filesize
7KB

MD5
acde9a82509c0b95ad41f24e450849f0

SHA1
a493f1d1e3acb70c5cd4ed77952ee00f99fd3004

SHA256
fdf13a933ac8846c9767b85498450be9c9f494159c8dbb375705f86f68210e2a

SHA512
0ceca27b7b169e1629c862202101ef5909ad10917681f03557b12665ee16b18bc0f15532d03aaf9749d06bbdb39107af4716d0c2bc5a86e6c0e8560ba3f1fd2e

Download Submit
C:\Windows\INF\miradisp.PNF

Filesize
11KB

MD5
30296cff362d7d1767d9132992c45893

SHA1
9efc012d29656dac2f20322204c5351984390f08

SHA256
e22fcc919f38715117218057a2f6fc9331824cb8fc28d1cbb61ebad785940030

SHA512
8d0f5f2f5b7140a61a701c29c7da09b51f37227ebdc2e37f93273dd521bb162d2dff843b84442680d2d5e2541158cf92e6a0f4c34ce6251080d5f08965483f08

Download Submit
C:\Windows\INF\oposdrv.PNF

Filesize
8KB

MD5
f19ee3edc473e45adc0882ddd559674e

SHA1
2dec035d7ba83e1499c1624348b1ca66d8f15b67

SHA256
e5e93f5d95b54bcba28bbd2c0cd2c020da0acee87553ac49a54d9f262007bde8

SHA512
a79c30f0f06ae211075b1a2df1b93d76ad359c9392ec267043e083a23f4b705ac51a228ccac56cc9f86e1630f9775644c959845fa31bb130f822c2fbb64ba5c8

Download Submit
C:\Windows\INF\rawsilo.PNF

Filesize
8KB

MD5
7dda8349d792874973914b6402fb6d3c

SHA1
c28ecf26eb4b21dbeb6ffcad8535c0804c41b0e4

SHA256
9676f340750cac105df46f894750ef8b1fb634217811da49858c5c82846f7e28

SHA512
57e7548ebb734ec8a6b2935059052971965caff9972eb57cf543f08ed0ee4d69de14806445b3ce0dc45f884f5b7ae7decc2d49fde5d8ee8076ffcf429ae3c1e2

Download Submit
C:\Windows\INF\rdcameradriver.PNF

Filesize
13KB

MD5
1c5d8d8648b79b79d2ddda9d78fa637c

SHA1
5de477696fdaf88c626717f8a3a5c06c7135eb02

SHA256
ab0cb0aa7c4b85d6209fdfc916c5426cdf92fa8bc63c3fe15cda9485bc39f7a6

SHA512
e0a1d6d35578edc27783a22e40ae533477fdf0ff315d119d4fa460faba1653b23104976b1e0f685d0201f7cb9c06a304481337b567c3b2aa57ee72d31bf743e0

Download Submit
C:\Windows\INF\remoteposdrv.PNF

Filesize
8KB

MD5
686c8b18bb65f91dabb410f09d3caf0c

SHA1
9a1ada71ada41ea9506040fe2d01516e8307d4bf

SHA256
e2d51515ac8b813e3129f0f33737f63e15721dd18d2e5e3b384e839b0cb0441c

SHA512
5120c6a5940dd8932c0f7a8d920393825d37e5c0166feda7e35e09fc4f9e61b12866fb620c967a84e55125a4a29bee3b022df3f7621856f8231086031c4ce35d

Download Submit
C:\Windows\INF\ts_generic.PNF

Filesize
8KB

MD5
de2483e3376a715f2d2cacc1cd3151cb

SHA1
3916d240cb24a54742719b48ba3db602bfdb6e6b

SHA256
e568372ee86c95cd8bbef92b081ab9f43d6c5220f8c369e09ce979377e787ac5

SHA512
67e7c9e8dcc707da0e6a755fedbaaf873a32c7f507a4193cb7d77d298c26570ed9eb50a568dc1c3088d89f337df08f9e27c11a49820a559a491d9492e9505298

Download Submit
C:\Windows\INF\wsdprint.PNF

Filesize
7KB

MD5
1671a9ea5066b2b30ad0b59fbcd67992

SHA1
eb44dfe3216ded035bdc4b891a06763e2a0584ca

SHA256
2e4a7afab81f605c4b994bb71ddab299e7f1f7ce96140fb930110c3aa5d1167d

SHA512
610c718048e2243f6a46bb02f9921fdf0bff26306cd58114002ca7269b68db27ed37e5c7be45e62dd328dae24f634496d78a08263d708f27868536a98a4d4b38

Download Submit
C:\Windows\INF\xusb22.PNF

Filesize
9KB

MD5
b2baf47ca738211509ad392658fe2af2

SHA1
54c70611b0291ea91e7140b7e1fb2c7ef991ca02

SHA256
30dbf707c19c21b88ec753fd57aa902240e19f5aa096cd5c8dfbbb5f751b19b5

SHA512
a87b98ec5bef8a963444b9670ee6b83d44ee5d929ed5850914c2dc744fe7da9a90ba88f82298f561cce33f4d45aa7aeb510f918c3910fd841a659352e5551829

Download Submit
memory/1468-771-0x000002B203650000-0x000002B203651000-memory.dmp

Filesize
4KB

Download
memory/1468-761-0x000002B203650000-0x000002B203651000-memory.dmp

Filesize
4KB

Download
memory/1468-769-0x000002B203650000-0x000002B203651000-memory.dmp

Filesize
4KB

Download
memory/1468-770-0x000002B203650000-0x000002B203651000-memory.dmp

Filesize
4KB

Download
memory/1468-762-0x000002B203650000-0x000002B203651000-memory.dmp

Filesize
4KB

Download
memory/1468-760-0x000002B203650000-0x000002B203651000-memory.dmp

Filesize
4KB

Download
memory/1468-768-0x000002B203650000-0x000002B203651000-memory.dmp

Filesize
4KB

Download
memory/1468-767-0x000002B203650000-0x000002B203651000-memory.dmp

Filesize
4KB

Download
memory/1468-766-0x000002B203650000-0x000002B203651000-memory.dmp

Filesize
4KB

Download
memory/1468-772-0x000002B203650000-0x000002B203651000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads