Malware Analysis Report

2025-01-18 00:16

Sample ID 240613-ly9ktsxglk
Target female-vocals-wonderland_121bpm_F_minor.wav
SHA256 2129ef708b866ec19b4c343b9e6edca94d26109c222a8bf51fa911b00bac2297
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

2129ef708b866ec19b4c343b9e6edca94d26109c222a8bf51fa911b00bac2297

Threat Level: Shows suspicious behavior

The file female-vocals-wonderland_121bpm_F_minor.wav was found to be: Shows suspicious behavior.

Malicious Activity Summary


Enumerates connected drives

Drops file in Windows directory

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:57

Reported

2024-06-13 10:26

Platform

win11-20240419-en

Max time kernel

1214s

Max time network

1219s

Command Line

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\female-vocals-wonderland_121bpm_F_minor.wav"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627478670870547" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3892 wrote to memory of 5016 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 3892 wrote to memory of 5016 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 3892 wrote to memory of 5016 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Windows Media Player\setup_wm.exe
PID 3892 wrote to memory of 224 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 3892 wrote to memory of 224 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 3892 wrote to memory of 224 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 224 wrote to memory of 4784 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 224 wrote to memory of 4784 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 3552 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\female-vocals-wonderland_121bpm_F_minor.wav"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\female-vocals-wonderland_121bpm_F_minor.wav"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ff95eb8cc40,0x7ff95eb8cc4c,0x7ff95eb8cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1880 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1680 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1704 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4384,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4752 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4416,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4556,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5084,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5080,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4768,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5164,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4256,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3260,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5312,i,2009727136656696192,4691755602184000057,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4452 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa6d2428-2c72-4e3d-bd72-b19c9ba430fa} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 25495 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92846e59-01e0-4651-b519-dfd6e5cdd0db} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2916 -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2760 -prefsLen 25636 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e77642fe-cc01-4761-83d9-1697b21317ac} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1428 -childID 2 -isForBrowser -prefsHandle 2712 -prefMapHandle 3420 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d479f71-fdb9-474b-bcbd-68f5703ef2c2} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4652 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4644 -prefMapHandle 4624 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {545f8ba3-53b4-4b72-add5-97c19021421e} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 3 -isForBrowser -prefsHandle 5172 -prefMapHandle 5212 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4552327b-6c38-4476-88aa-b74557428d8e} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5148 -prefMapHandle 5208 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3a96eed-6ba0-4f4c-a14f-e34fa9659473} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5616 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f32a37dd-5548-4188-9083-28cd60027194} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6000 -childID 6 -isForBrowser -prefsHandle 2808 -prefMapHandle 5864 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a6e514d-b48f-4c00-a78d-0b40d6971698} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 wmploc.dll udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
N/A 127.0.0.1:50001 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 127.0.0.1:50008 tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp

Files

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 8c46a87b7732fd85c28d46931fff7039
SHA1 e7a500bc6be37fe3ae634c191626bfb2835d9ea0
SHA256 b24ed64712d30f6d4578063c15e38dfdd738d4b50aeffac3b7cafbf2aaf4edf8
SHA512 cfe7c16605a209b4c555267b89f5c68fa43bda54902852d38c805f673d2f0e023497f0a3bc0b9d82db341ff2f5eb25f881f93940ec3e4eb134c22dfa9d5a3fd8

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 63d4bb0972b7b9531ccbcb032719def3
SHA1 245916ddb20bd377dc5590d9672efeac5d3e9668
SHA256 3fd1765fbf8a15e6840c93ce35fc53570cdc5c585fcb6657d7106e4a9d995e33
SHA512 ff0c4b49103c6e24c96eb1395ee848ad42192e7df6a8cdb46a505c052c83c21cece91dc089d269beacd01b0a4f691b5ce7a6e61ca6e2873a8840f54a5a7f84e4

\??\pipe\crashpad_3552_ZCWHMZYEOWLCKXOV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 ce955a977cfd6440702131769a560d7f
SHA1 8a46b39b2eb8f24936215e33578001c1ea0cad05
SHA256 a93ca8d544fab7a70cd97bef7ac5d4058f9cda272ca11848ac7d6110a5252d69
SHA512 70ef8069a53b483a76dce0be0f9449512642ae52347e63228291ed806dae6e2b3511e2de43dbc2133b758e86f7372560290f725054689bbaa58ae97972c6b0c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7cc003728fd50a73095e32f2f131d507
SHA1 f10446d8cf16029adb09ad318282877405eb54d6
SHA256 e619c88fa2e247c40ce3a189b34eea9c2a7690c9871eadbaaa8f2420a697cad8
SHA512 998d37d36564d0432edb61b827b984461e2b807049092a238445434276e08834cff2fdb52ed73734fe08d40827e84f7bacfd84689373039246620311a754925e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee4ec7c0bd99a71a6919a5af555b4f61
SHA1 7128a3800c235ab3e417fa48c0653f1efec7c519
SHA256 6b1841e80afc115160a1d76e80d8560a88bdb39906bddbe8ae2ee1ff457197e1
SHA512 d3852bb3a502c56c3d530caa6cd187f3f48cecabb8a9411063f20d64435ed2812d6a575a12f13b207c405a57cd35a4d1069f8f62dc1e28192c960fe8a1706568

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a127cf1365941970a5e2a9382737b7be
SHA1 dcf2daab6b739b20051e80727f356f8f0c75e5e2
SHA256 2cde9bd09b4729a314b1451dcb8989d5464ee57cfdb9b10bc29b10ff0191fe7b
SHA512 9ea4615b428192b5614cf9c9abaa2be5b9c06bc735870544b1c294e8b1c81d9f13854842efb65efcf1222f979f73e0c1e421db0229d9bd49977f7077b8454df5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 845f622b4e5aab3495dae88fd45d1f37
SHA1 c4296d6320e9037ea1d7f5236efd613a1bc219e5
SHA256 7667f418c543f7610607800831841719e0709859c924deac3c654584ef037a52
SHA512 6111c11c1452edf3f52a80e0d751f91d44cf407ab00e692088f1ec94526f75691147a7257ca8d849521ccf53d61bd288761ebc8f7e978ae0d5d86c4193cb5d0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c1cd8c01a4ef38ba6254503a1c288ec3
SHA1 a64ee8c1eaf23cc4b21cd4b6612e1b6b403b72cf
SHA256 c6ec508c32e393b0188256ed4702d2efb8e88abd5f9f98918a42016ffc235539
SHA512 a64d6128bcd09a63a68e8494707048d9ee9a60aeff64b0a2ceec921f869b4532595e0b7ba5c4a9b4baa6d21e216c09cb3043f6990a015f17de89fd4314b3495b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1960b71ed38cab420f647799cfa5056b
SHA1 e3063cca5c7dae9718956255ea62cc018549d21f
SHA256 3f03ca16a340b1c1af22da7442c2957dbaaf2c38adbcc67a03d7893942aa2bfe
SHA512 5a665642e36a192a8868e3e8f146fc4b09efef7777ede5e6670cfe72756feed716cf77771f2bd64f86ae9348cbd8c6bb95247921b5e617c7bae749acd140c78c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 aa3d026830fe03e44c915763d486f8b6
SHA1 55beeec111558ed79eafadafcd883a12479230d6
SHA256 cbeda2f935f9e92566fe322f967aea381968914f79e74673f899ec7494af4568
SHA512 ff29dd2a136369c83d41b43b774dafe6829e2d4846aefe3e287ad71de2933413c69c633f547f51d4bbec60024b86969282df34f3d6905403e38c22f78e209e0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76f90b13cb99c20409e6885c668d0102
SHA1 0aa91d7b4ba26481155d65ed6e27b009fd7750ea
SHA256 d34908f8a5d34bfa739a262052227fe2e7dc363f1d2380864c9c71b747d7c0bf
SHA512 515cc1234c7cfdc79b604de4012aed954ff668a6ff0e6e8a3813c7ab1b3e8de6ffa83722a4456f333a886740f34c50f15c2925a6c8125390a84805a62d8d8a10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2e60de5178f77f523aaf829c84c2b094
SHA1 4c545d8afed140eab5b9d22623305aafaa5c0e19
SHA256 7f90d0fd31cebcf7988790f4eae33fa6be1ffb4c3a0fcc4195462213de22bf59
SHA512 ad9ed6094831b8bb74edca7617e5b48b42519877fd570782df698d55a67febb6eac7612cdf6b15ce47481955b7d5fe8908e978083a7aee79b53df60eab5b05e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1b9ae80231d2d667a54190c1e9814bcd
SHA1 2ecca4cbce607ee6e9af5e1413f14d5ec9e78cd5
SHA256 8c4bf87f6d245b76e8e495e120bb67be2c8890c8d62a980b43c2b889f667986e
SHA512 43d3f87d3b141e520c8242dc9b854725665797f9df74007a598afe407b627c66ad563b1308d962d671f12503e705537f53301123e67f0774f74d86b0fe72814f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8bc8f6e93b865890d8e3607371a12fdc
SHA1 144a798fb1b2ab0154ee2dec2a591c8276d715aa
SHA256 63f35541ffb547b6777c8b2fd5aec6842d041ebcf5cc980b8d133b2a26abfc71
SHA512 bbebb5d7d739d7df8f39134eff6aa07abc955a2915a67f1175d2606c00b90acf8b8b44024ccb28b18a066d62d94787f50f956fc652851d777075bacc98eaf246

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7f8c5609a3d2a4245016d004d062f0b
SHA1 91437ac33131725744b15436e4a1c492f04013d9
SHA256 cfa9be73d55fdb37ada6d668435d4f48a30489512ac693420c7a3763bfbe7197
SHA512 4cb488f0433ca9853190514a5844babe533252a400e061a7922bf165063b4edcb52ef899a9342305e63e45f3feab939c10d5521d3bcdae65d16e299b7a152257

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5deeb45d51e09fe0947b75954883673f
SHA1 901989daa673b33779c538c3b02ee0b6112485f9
SHA256 7169a97b1c8f0e62eadbcc333d1da72c37132365293395c1dec6c47d8063b434
SHA512 b8bceb290701f8204d73a279244321ff9e631c3df648443861eedd9656345343a056050de863a5d19abfcf36fa03d1cc00cffd8691b887660f42a42a916d0f0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8b81c0ad630ebffd7894ae8061b1d743
SHA1 3c591322b597761457b96a5f020e698c2a4cf15f
SHA256 b77751f992c2d53942e06f87df39810df75d7e84b95a267319e4689d86b3bb69
SHA512 2b4b8b9b3e7bf8175e24895393d123fe204d841110b894c78c548dfeedc57d67b8c93350a35cc3cf97beaf9784114df5500a6ea873c8737cbf84869e1ae23eec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 068cee36bfde3b9651997e21786ee8b2
SHA1 2eba78365a7bff1671b7af31c188de59ba931370
SHA256 38916ba662aa0f20552e01baba617a05acecd3fa5d7b506df3a76426dba9a5bf
SHA512 c6e37ee8c82d4ac08b976ccf695bf5c565b8f06960366c3b7925e723931846ee3cc194ccf687ff30ceb5753c30871a546e9883fae03f3a5daf4749086ecabf45

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\e7fad17a-3d24-489d-aa99-d9f39ac8f04a

MD5 4dc16a8d2da9328fa074aa02639dee24
SHA1 b4ad9c98b5f2d3bd37d392af38d023e2af081247
SHA256 13d16ceb1636274e6a2a11df91ee35f2746c80f18eaf08c47fe4a01f2f4d4c49
SHA512 2665e255477562b191f384fad5c263722960f91c988eed1a79df3d426b1f141ec4fb7894ed9c2d146f72870eeff73639be762dbdd1dbb297f356a2cb91c392cf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 9e7df45e4adbba84a4261d631439b16f
SHA1 eca046c41004d1aae629e23627995b23fea3cab2
SHA256 485fe7cff473f2279625ce28b31bb00fd4f75e2cef958b2eec241d92949d0cc5
SHA512 0305bbf6a0f176df97f7e124c65cea235117315a7fcd109816154e97eeb685bd682031599e2f812c5ea2c0e3aa48e2b0fb5fc6a8b2aa12bb7e6bd644e6657bc9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\5b703952-4546-40e2-9a60-e2cde6a863e5

MD5 fb7d373895d0128d48f00ae69bc01c2e
SHA1 a3185081e474946ae72019715f0a604430a97833
SHA256 04c0324da95ea0d7ef40458b4dbcb36096ee22d54411f998870a68df06cffc82
SHA512 18942b3c0a008f8cd189f2183eed8c58c185802a22452db8ac4821309098cd1c5c43161908a38a200ae9e6b799e3860e4e46ee9f63adcb17c4b37fa84c81f119

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\e511ee3b-c299-4c37-83eb-6eff2985d684

MD5 30d2303643244f1e9f8c4d4958373dce
SHA1 80b09b7aec1f0919bd1a889f0639218782ef53bf
SHA256 5f12d533fe3627acc6fd457e4e91a12f095ea29648d031394ccd3da3ab5fb2f9
SHA512 eb67ed09f2d1d42b09128239b40b2c12d5d95947892e965df5d1a7eda39a91af7d4125c142d7b268c3ebfc05766f289c480117778bc94c8b1adb745aea16e7d5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 4ed7fecbe202245f462ff6ae192a2d8f
SHA1 89935611d9ab68537aea4bb023e81890253e40c5
SHA256 fb06c4f07e77d86c0c4a18784e9407d08f5258a070b03e59ea2436d2013cb385
SHA512 5868f8fd32af4699c1d8149f68155646e9844c0861fe077e02fe89e6e80ebaa5f04d7c463bb8db2d3cf25625d05f3a9e8e41463d2fc92490ba1d99b5b5f9dbd6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

MD5 14bf3e9cede66e28299d357fe5fd96c9
SHA1 9c11481933afbe66bc8953b845bd3f771155a981
SHA256 d4aa1b4704519cfdd951d17949e106267ffc408b3f5852827d1e37f0835f96a3
SHA512 b16fe0d2058881ed077bb7267d00188cb50c5f106cb0df1f358abd2f208abcdda4968ff6dece26776a307a06ffc72b41e70ec669ca893afbc1dd4f85f09191ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\activity-stream.discovery_stream.json.tmp

MD5 291c6e0a78f3e80f16b556502841f0cc
SHA1 f9b62290074e961e6b1e124dcf0c034914e16df2
SHA256 e4d2e1e04f5ff5ff250154541abc97bafa17ba4a237ee69b1b6ddbfb8a41054a
SHA512 5aa73fc4d13239caca6200c8050cfc830606709a2f3a313028e815661b700c5a2088bc918ef615100a4d541cc26367b325af4116d5dc6b8c12b78e30f9633eae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 8b8d0db195b7389a730a98da2a2e4aa7
SHA1 9ce73292aab84722008bd9ac5861ecc80f918c61
SHA256 8d4a7117c22ce833473696855c5d7ed51f249464f7895dc2c4d6501aa3a0e7e4
SHA512 1a28bd9dacdc82e9615470a722f34fc6d49eda919236c98d7c5c45bc3517f8bfaa3cf830bc9c8bde0e2d510c34c69f5413619f31f149d855b02a74dc0ce462c0