5f03867193f2685b72dcadf88d1865d5890c60ee80b6b436c1ae2e7c297ed62e

Analysis

max time kernel
1800s
max time network
1692s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83a9787d4cb6f3b7632b4ddfebf74367.wav
Size

560B
MD5

83a9787d4cb6f3b7632b4ddfebf74367
SHA1

0f21d1f3fe04a9843413c3fb35cd7a01ffde632f
SHA256

fb8c18242813d8763cccf5f6077daf44b672d0088f5d3688cca29d621b4959cc
SHA512

c77fb51a78c3928a7567ebca53f1f38ad4c93a2b4f63a25056ff11527a390fbb595ee371c17f015ffb7458f154424e0eb733ff3e6c9514d35863c053b54e919a

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614817578457639"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
384	chrome.exe
384	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2136	unregmp2.exe
Token: SeCreatePagefilePrivilege	2136	unregmp2.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 2160	1004	wmplayer.exe	84
PID 1004 wrote to memory of 2160	1004	wmplayer.exe	84
PID 1004 wrote to memory of 2160	1004	wmplayer.exe	84
PID 1004 wrote to memory of 1008	1004	wmplayer.exe	85
PID 1004 wrote to memory of 1008	1004	wmplayer.exe	85
PID 1004 wrote to memory of 1008	1004	wmplayer.exe	85
PID 1008 wrote to memory of 2136	1008	unregmp2.exe	86
PID 1008 wrote to memory of 2136	1008	unregmp2.exe	86
PID 3432 wrote to memory of 2360	3432	chrome.exe	97
PID 3432 wrote to memory of 2360	3432	chrome.exe	97
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1656	3432	chrome.exe	98
PID 3432 wrote to memory of 1884	3432	chrome.exe	99
PID 3432 wrote to memory of 1884	3432	chrome.exe	99
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100
PID 3432 wrote to memory of 3616	3432	chrome.exe	100

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\83a9787d4cb6f3b7632b4ddfebf74367.wav"
1⤵
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\83a9787d4cb6f3b7632b4ddfebf74367.wav"
  2⤵
  PID:2160
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1008
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3558ab58,0x7ffa3558ab68,0x7ffa3558ab78
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:2
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4284 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4608 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2320 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3196 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4516 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5204 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5684 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5652 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2320 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4836 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6012 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5980 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3296 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6136 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2776 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1748 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 --field-trial-handle=1928,i,15814817621305614145,8920851561668255473,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:384

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4141c9dd-cf5c-4c2f-9541-5b94851189cb.tmp

Filesize
96KB

MD5
4a06ffad560c053de61fea2fd6ea4107

SHA1
e78823356cf598243f7d909ddd50ca79399cf5f4

SHA256
d3e9e38f97e00f910fbdeecb9896eb3ff3374fa92472c5535056bac419ab2b3b

SHA512
f329e0a5aae3f7b999bb99a4d7ff4902f089785d84695559459ac13916c8cf985ed37e2681fc752b8b863b2b07cb914467e3f5d1b4d3965005caef35ec03a4b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5f8aff30-751e-4f7b-8949-1ff98ae8eff2.tmp

Filesize
260KB

MD5
58130ee6a6fedb1101951379e1702f4b

SHA1
824bc21c245a3fc178cdee52eff08b381159f421

SHA256
7dd6e6e400397702e13e1cbb6ef9692ce8d51f52b8e1d6d4b82306a94df98105

SHA512
671e7e5094691593349af3e09ec00782fb9a7170d390367eb10e04af63ddea2067e86e8304f4f0d4ad2822c3995674fc5c9232180d7acfe48cca2dce56840d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
59KB

MD5
33d2dcc9ccf87d6ed728ab0c46235369

SHA1
249e080a07601d8537b242546067229f49a4aca1

SHA256
a455f1cebb519dc1861af1646224fb2cff08843469c0f346d93efb6745615c4c

SHA512
754e230d5ed0a578559702f43312b2cb2b282676a95218ec3213efb566fed6ca02034bc6dc7ba124afee6f9b766a0680a8e51ea377b998eb2a10d0b7de67f7cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
2b16b2f936c9f39493755002882328b5

SHA1
54422724e3a503cb084c1ae5339873479d81c830

SHA256
04c0248291c218dd0b8027ddfec3b8e1d1c10d059f48b8d4c8dd38694ffe0268

SHA512
0c6e74b76ebcf6275396fa06cee948404ad533186ac0c89c80b89fa687d842d40f1e6e1913d4439c10bd6321ce8b79747b5276117326a9825161cd13b2277afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b83b9996ddd340179c9d75365acef226

SHA1
08230c1f15846bf1cbd90110f2b6cae7205dc439

SHA256
6fd720db70c3860ffe5a73fabac0a5a8abbb71246062449329b584396bd041f6

SHA512
1c044b5a52ac1b54ba6966b295c84438c567473984171325dbf4375663e7208e0fd5d8b9f0a950a1865b0b178cd54c030e9e9ee882818a225923701dc68ff630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
23a8ee2857ece5edab91fcb713bee1cb

SHA1
3fdb1d193e3c3ed8aa514f2bc464a14ee78808d0

SHA256
afabaa1bc7eb2863bdd3c72b8a8bbea88c373159671c0fe10b1bcfbc92fdc82d

SHA512
c795e0322602f489c2f983f6adb347f711cc2c49aa4f72f56adf9112b8895d2a57444c6dbdb4b196be5557a36c3fd4b054698230cffb5e36eea557147c08a2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3788ccc08acd12f1fa713a6668937b72

SHA1
4d02d3ad386ee4aa023af94ba2cac36f3332a35b

SHA256
4e237c3927dda4f6730a64e89e932e288ea1c4a74a494099a2f36ac18ab96468

SHA512
5e7fb9edfb1f7159579835d3580bb3dc4f1becd0da86e47d40d9a1322d2d1a0c6a309b5d30da035b37cd3a1ed064559461f047efc1b00fa0ef7752db0c22bd8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a071f0d37d281ee09df0f80c7b97c333

SHA1
af4c882af87223c67ac63290c671e4eed5d37962

SHA256
b40ac391f660b6ffa5f8ff0d621799a2532b2b25819c49f616600a8786ead6cb

SHA512
10540b3f03d08280ae01bb6edf6f365f6123313c34e0cb3b54fc587a0af22404787c40e4b925f732269c111e5826c2ec087037d8e5872abf1c069b43e5854d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1020B

MD5
d8614acbc94b594fb8df35944bc4f00c

SHA1
0d428febf0d9d29e3e162268fcc7dccd6f51bc12

SHA256
f0b2edb72eee11e64b77d711febf4a49f1527a7df6743d9fd4f8903e50960fe1

SHA512
1f4b8a3c445ec1526b147ddf509d22eed0730476bfd1651a06b90a48fa4b02785ce3f443402096cf0bf595decff1376eff8547588f5231da4f2a8a90f09cf467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
904c52a118cbdde8b69a43210be6a7d9

SHA1
68790dd3d94eb954785030cf6fa17365492665b0

SHA256
a15b07fd97cbb6d96905a189f79e432782b45c1a308c74b1843ef2819a1b6df5

SHA512
518117de064c5f98d975da47d9c9e055a37076bf72cd4c8aa9f8f1737f3ef9d2d5a3df7d13af6a21cf263c97ff15229e70b5590c85602ee0e33a2be0b3d218fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1022B

MD5
25d72c3956645ba00446b491391f170c

SHA1
e954a7a76403878dcb005b4d98b48717f3b87f94

SHA256
5a9add444a26afd5778b5e66cbef9f74c805589f8cab0e3183029993c8b91436

SHA512
5d02ed00193f9fc5fc446dc31a78633d38586bea9e4f26762d855170dcd1d5bf2b7a190981d9644f8bdb959adb6571c7c7eda17766e17dc7c6042fdc955c2921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1022B

MD5
c16abdd61470e560093a1a3c5677dcd2

SHA1
d3f87209ee2f9d71995e626392aaceedae4ebcf9

SHA256
7c6bd9104f3653094ed047e415e8a674d6c0c95bbc4024f093cb1e480bf23610

SHA512
dd7c36234217038112e256d951b53d900398042e310c2876b0c6b921279ee11b6a21885753b7ce5c52b07e87090f9605e48fae0fc64320d9476481b6f2216110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
0317eae3d7c80dfad11f4f5ea3a89a9f

SHA1
24915eb124dff544bdc34544741e28b066a44229

SHA256
5e9a2dd45cfb7c8efb80b90ce123b1cc37e3908f79f1ddbf9a5ef531014ccaa2

SHA512
a045700799d961ef40abe65df4e17e4ffb007616746b027b9fbbc7b7d5a4132e430049b500f9357c531ca595850fe1d2072a0f739cef1746ee0fd96e1a5ca56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1020B

MD5
342493785431b53b2ef3328325ab0ea2

SHA1
001d9d6bc04789fdf91e10ab973fe0044dcd3775

SHA256
f2fca748ba94d6512cd94dd3f6556b0df860d252f87c5fb6a84d17732614840e

SHA512
b620206d730aeedea63dbacb61a1a258af690eed4677b8225b1865237b28b1ae87df43584de529b51ebc55d899b3e321e7ff4889fc1581aa0785edf5f60e2c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
3b2022ea4a51376a4f543be6190e138d

SHA1
29346239e4ebeb5ad1a24f51bbc9cce6e88b720e

SHA256
c5a6035c5b432be20f06e9cd3ea1f19e1a395c595d674063be29522ae0293fcd

SHA512
b677092bd1557c0642690b6c4dc8076797d63a9c0bfe07b727f686433241fafa23a7b0c15625e3b6347dc60a92651408ccb8fffcd2ebb370ddf9e073fc22dfd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
685B

MD5
fc8af2fd18dd91096ca2d0737a8994b0

SHA1
e8fd1e167ff9c2e6ce74ae292281d4a690445fcf

SHA256
d1f51173615e62ac7a9c4601f0f0eb35d075177e2cb0eb81bea4fc5a72a46481

SHA512
23c63ac3cbb6df5546e50968d60bb0849df2a33a23dc72f54607e098fb92fb0b4ba20778837e707b974fce96b534890702e3327f1caa38b342b88b3cf66a6e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
8e8a784a3e9b5eb80ee51993c0152072

SHA1
aa1017c5a7d311009d5ce2ca56264d2efcbcbfc9

SHA256
eaded2c71862920cb66177f67119b1cc25bf717d4b9af362ef9f09848d73c69f

SHA512
d6e6a24f9af52ec71a11d204d6b1609aa68c7740fb9e151d0848a37373355b86d805295c588692a8d40f2935f7443a6f07f580fd8ec12bec85e4902c54cfbc50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a767454e487f071a36a23c29dc7dac0a

SHA1
91942c3488f0fb1b96cc0a99dd737c76978a5dde

SHA256
119f846919876d9fbfd184912ded29670b3dbd0df7a34503e5287e6972c1d412

SHA512
be233c514445b398fb7f2235be4dabed7f188dc08dde26c7d5dbdad59c459d48545af735cd6793881d115d7db1a128c9334852e957f27f023ec503e5688ee7a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7063475bf0e8852bbf2e95c8b7ab2c68

SHA1
2be9f51553af9f097bcc247d56774e1fcef1d8c8

SHA256
8a7c1691aed95a6faa54871cd0eb1a543ca091b95dc65aa44fa9eef2c0736175

SHA512
dd40d25ef0952c1b8b8732527db33f64ccdb4cbeeca01f4843defa52cc048c593b9e2ff2985a67b4055d66fb82be4363f0a3ca6b7d9cb5f2106870967f65dd10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9374a55f2582f701acdb977154c8f1b5

SHA1
d6fc1692c22889fc84cb55239ad1b49bd0e4bd07

SHA256
cab5464ba2395d3244f70667bc6908988a04ca920123e655109bd549bc79911c

SHA512
19dfcce4e81a9dbe8b40ecf336c07e0ba6ec96b9a087450f65b36fd33d170a4d0629d604bfea75a7b771396296dc2ca10d3956f04ab4fa7398883bb9785edd3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
17dda3f301fdddfb147c6dd85d36852e

SHA1
34cec6efe80f371d6ee63ba23aa84e760b2357d3

SHA256
b10cecbc40d7ec237a48f9cc1254cc74320b2b38f508c7c55b37c9a233beec66

SHA512
fec7b6ebf56a802f6a3065bc2fabbec8914d18a98c87f22eb77ebc3265dd584b7023feebe64f59b638fdec540aa5b69eb5af3382fdc70e426c591d1bb7f85a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

Filesize
22KB

MD5
a073e24345f96d305d0b49b33765b4ae

SHA1
b336336c01d31e6db63d6d7ef0e9885a6b672311

SHA256
21b51e315ab4605c74126f9bb3cba268451b87f8e175c905238b007f01dba815

SHA512
5f083dbf4b6f43ec4190deccdbdaaa1bfacb32dd2286f27ff69951b94bcb5d3b213141a1d0ea9eeae0650bfd7a3bfc35c7c3b5f1e234dc4002ff1bdc3cc726d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
7be8b73479d2db88dbd7dbc91b3de304

SHA1
c9d921f107855adf35d59238804915288d362d11

SHA256
38d795620f4cfe0b8264d76fa91989c07c9d8e7e7fee53f7cfc21bf8741549b3

SHA512
234660dd78a8ac320a9267cf23f6cad7cf83d65c0ccbb71fb61b90199dd8a6e38513e32fe1cdecc456ed959060509f848063621dc39d31a1b950a9319705ae70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
163a3102b77c00e34d38a04590e7b555

SHA1
a0e59cf33658756b49b53ab1a2855e3aaa8022da

SHA256
776263ecf8058536458bd079fdb919b65451cef4f2877cf3fa352077e9a4ca7d

SHA512
d326d432e1f2983d82b2829fa1a3b477a63f8c48d218de5879e38025a79836df4bcd0bc6af0245906a434b58cf764bbf354713799c46fbd2fd35322749e41c28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
79547df2dfcc11e5ade9c410688b8c5b

SHA1
d123b7f7873c1250a17bf95d43333bd51a410e0f

SHA256
bd5f497322755ae05b5595e628b3b40c37fd1c6ee13581a9618c62e14c733b8d

SHA512
d76d61221b70ef58ed51ce1f7735f5a373ab12e31f5596743d7fccf0a32948ce6372c5258ae37a0e89992ebe90f032017e8ed21441d499448e2480f3250e205f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
4977b27d615b404b4a409875c88826fb

SHA1
afeb133efefdb3956fc1359bec2f819adcd50969

SHA256
998cb28acc25afc9b3dc239582fbf4bd186b26614d76353bc6202107d1f1bffb

SHA512
2688433d36524159dc24362719d5353090adcc9b15809151c03ed98b79fec5fdc408229cee2d1dd9b254cbac75277ba9157ca850a34a1d3acd15d8236a467d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5886af.TMP

Filesize
90KB

MD5
d33778a9ab4ab98fb34df8ea6b34e61a

SHA1
8b00a643c3facf931f7f7658d56868ab890c6b06

SHA256
3e0399fea67db8bfc508b5bbde75c7808ab4a63068702d80917592e11c30a24a

SHA512
7f30fe8a30be8017ea46c40f2fea31961e37b4a2cc7cc85e988b4ba7bb44b993e3e5eb6126a5f306a025f3122578413178319bccb1190b5d22decf578ade2082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
987a07b978cfe12e4ce45e513ef86619

SHA1
22eec9a9b2e83ad33bedc59e3205f86590b7d40c

SHA256
f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8

SHA512
39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
4fe1470424d169a9eef874ee78c96989

SHA1
bc4bf4d6d6bc646624713c0a029382f4e8089c90

SHA256
fed85c73f787c027c94df3488f75d84f015c63372226ba88bb9ece978e2ae9e1

SHA512
be434d8ae687b9a9e7c67a74fbcf5750909d806fbf992ed5d64fe2c1625d3541ad2d91e094d2b367e1d29cfbee12ded49f388eb7c3f5d2ac3393b9818355d41b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit