7fa597b72892b233159100f39a6562cc62eff47b46745771fc6062691ff1253f

Analysis

max time kernel
1398s
max time network
1401s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
05/07/2024, 13:47

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

lv_7382479526946671888_20240703122622.mp4
Size

1.6MB
MD5

3cf22603b103b8a578f48e29c1a39483
SHA1

7e464bdcb8da0b7f3d17b379356edec09cc4a593
SHA256

7fa597b72892b233159100f39a6562cc62eff47b46745771fc6062691ff1253f
SHA512

cc0d2f1bea1312b23d583134cb0a53c2161457ba9cd4a5d3c0928ce209e3b2d0178204586371935a030a3585ccec751fb7ebc21f856466e456df6dd57a4f9ba3
SSDEEP

24576:WDTZYiiDxG8pvayIaFEFZOYplXjseAMEs55QOONEQsZqXps+VK1J230:STZpi/pvMOYDAel5QFOyG6eJ2E

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe"	NoEscape.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	NoEscape.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3590242114-4229536887-1276274119-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	NoEscape.exe

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NoEscape.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	NoEscape.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
108	raw.githubusercontent.com
4	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3590242114-4229536887-1276274119-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png"	NoEscape.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\winnt32.exe	NoEscape.exe
File created	C:\Windows\winnt32.exe\:Zone.Identifier:$DATA	NoEscape.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File created	C:\Windows\winnt32.exe	NoEscape.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4188	1948	WerFault.exe	77

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 16 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "210"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3590242114-4229536887-1276274119-1000\{D6736DF7-2478-40D9-9736-81C2506A760D}	wmplayer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3590242114-4229536887-1276274119-1000\{35544314-51D1-4ADF-8C46-231F368F280A}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3590242114-4229536887-1276274119-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3590242114-4229536887-1276274119-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Windows\winnt32.exe\:Zone.Identifier:$DATA	NoEscape.exe
File opened for modification	C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\BootData.7z:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4268	chrome.exe
4268	chrome.exe
2708	chrome.exe
2708	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3236	OpenWith.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1948	wmplayer.exe
Token: SeCreatePagefilePrivilege	1948	wmplayer.exe
Token: SeShutdownPrivilege	3940	unregmp2.exe
Token: SeCreatePagefilePrivilege	3940	unregmp2.exe
Token: 33	2508	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2508	AUDIODG.EXE
Token: SeShutdownPrivilege	1948	wmplayer.exe
Token: SeCreatePagefilePrivilege	1948	wmplayer.exe
Token: SeShutdownPrivilege	1948	wmplayer.exe
Token: SeCreatePagefilePrivilege	1948	wmplayer.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe
Token: SeShutdownPrivilege	4268	chrome.exe
Token: SeCreatePagefilePrivilege	4268	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1948	wmplayer.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe
4268	chrome.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
2560	MiniSearchHost.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
3236	OpenWith.exe
4500	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 984	1948	wmplayer.exe	78
PID 1948 wrote to memory of 984	1948	wmplayer.exe	78
PID 1948 wrote to memory of 984	1948	wmplayer.exe	78
PID 984 wrote to memory of 3940	984	unregmp2.exe	79
PID 984 wrote to memory of 3940	984	unregmp2.exe	79
PID 4268 wrote to memory of 4408	4268	chrome.exe	112
PID 4268 wrote to memory of 4408	4268	chrome.exe	112
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 4276	4268	chrome.exe	113
PID 4268 wrote to memory of 1308	4268	chrome.exe	114
PID 4268 wrote to memory of 1308	4268	chrome.exe	114
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115
PID 4268 wrote to memory of 2292	4268	chrome.exe	115

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\lv_7382479526946671888_20240703122622.mp4"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:984
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:3940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 2256
  2⤵
  - Program crash
  PID:4188

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:2680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2628

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2516

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:3112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2012

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:236

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1948 -ip 1948
1⤵
PID:960

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3112

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:4816

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:680

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff80cbeab58,0x7ff80cbeab68,0x7ff80cbeab78
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:2
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4228 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4492 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:1
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1460 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2796 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4772 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5076 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3260 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5372 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3068 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 --field-trial-handle=1824,i,3565886903339850548,13892746702765040387,131072 /prefetch:8
  2⤵
  PID:1952

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004D0
1⤵
PID:924

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3236

C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe"
1⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- NTFS ADS
PID:4504

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39d5055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
616KB

MD5
ef4fdf65fc90bfda8d1d2ae6d20aff60

SHA1
9431227836440c78f12bfb2cb3247d59f4d4640b

SHA256
47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

SHA512
6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8a06c846045d454658f5118c1b56d047

SHA1
f6281c2f7fe20bd5910ac3882de49396d2d25d2c

SHA256
a51e76065a54a1911b5fb6f9a96e99d30161fd597bf44c54f9a56c4d01f80001

SHA512
08b1bec0082407c33c88d7c91af1ada570f1de85e13351304e573ae1f99edf01a2c4ba908a6d1d681ccb1fd214a46d4bed24cd5cb3ba028138432891ac1cc965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3a5d0c4e4add6b4229094890525a3a1a

SHA1
9b3e2a27a3c0024134e58973f27e9705a25d7276

SHA256
cb35c560ad726e40ac88cdbca6375870039e4c103c9bb57fd54ccca84286b56c

SHA512
9fdba25274aceb6c4b0b7904a3f0b0a38684d0268fa505d3d8fbf192262e55955c3bdda9445fc4c78cc50c32307e0f5c6ff4f356602144af85eccd54ba6a2ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
957fb56413e3f6c453295946699290c0

SHA1
ff36d3dbff40e86e513e942f3d8de54e04cd3dcc

SHA256
220a13fda1eacb86e66de34e2feb2fa7d7bc4a5ff2ae3046ba7375e04605cb3e

SHA512
ac836ffc5a90c72217bc09f3d02a4afe255863ec7195460dc776ee19be3f2e6c596737a85810da1b23d2c338f4707afa521f7f1020e103987e40ef988dbe3dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
883bef7bc3908d94d2537e6d16398e21

SHA1
541de67a25c4c8113e33deea1a8b8b8b3f96e855

SHA256
9c45353190c18c8c296c6edb5b313446f1118a27edc3336cebe361908b8bf14f

SHA512
66f16e83b375edcfa8d941df45dfe7da275e82cac291e7765b238ce6f75966711881fb71d53360b08c572e7694b40b71fd64b327215ee28e3554732dda03f92e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ab2697dfae5f5488bf05b55288f5e1ce

SHA1
45bbeb908ccdd902ee5934917c6a2061dbc2e01b

SHA256
57766eb64152af8b63a8bfa7ff637828f021e13156c902b0b524bfc22cfaf0b8

SHA512
9d4ada12bd60a45bb59e139fe1c1ffa3fa481a80ac5f082acd34de8a70ffbbcaae8277f9a9e1a315056c12d472d69ed79b352b32147c33703e6d01422092eba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
501e0349e2082910e8e2e186c5d72e31

SHA1
8757ffeba6c52edaf5822a720ba122151a6a0f13

SHA256
7becf753e5cb614072a4b9a1c9894f901d12d8703fbc769f595b0b3958e2a139

SHA512
227e8800fe9741b56c1ba94b1f030e5b6dd0e203ef3c8bafef65951faed14578729ac5109d9344b38d169eff18fb62fb15fe73a8ac3801d394eab3cccb2e1ecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
242bc097f0675ed611b841ad618a03a8

SHA1
dad11d0db6d3e12a11b596ffff1ac1b2f32ec39f

SHA256
2b63feb863994869337b907af5aff29b82469ff145cbb784fe365f1b94570ead

SHA512
4ce918de5fe270ca4d9c6f8cb4d5ac6ee7a37de4e8bbaa989e51f06e271b3bb7cb9b30bed6a8c9a481d630dbf47577c1d453545f05965def7d0f2f3558756c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a3b121c5d8a68031ff23a59fb4f3515b

SHA1
38f4f59916e3e08092d7e628bc30119a705ab13c

SHA256
780da85487eec39aca25da8dfddda4899454c115530b09cca3005dbae210b28c

SHA512
9372be150a1ab518aa63fa48a3c5c78747f0e4a63fffc866442efa22c5360526d635f7b9c6c572c5b1523f7571d024ef704de0f33ab4aa78fc530e2037aaa274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8ea33b8db143aa2f010386ffae971eba

SHA1
2ce12c0d60e9c045db512bda0166a15fc2c6fe74

SHA256
7a3c9a9cc2898d48365bccbf510058ae13f423828a7c2be660d22041179d4e7f

SHA512
c594e8df6c1aa0c7fba1250a5ef3a70ad4bbc902bc5e901e9c333e960516fd466049b6217f137152a8c1498518d94ca06a3a900da9ad07258a0a0e29ab1e4de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6693cb82da68cfb204b56ad9d4ef4bdd

SHA1
3013bb3d4fc549e1edf664cd0081186b4154e3ae

SHA256
842778dff3bdd0256cd9361e471d69ee28da28ceafa37fc84840e78702a7457f

SHA512
6c8a640c666bd9bb94f7e99f13699ecef678e8225becb9c8718a8eb5268ed66c16ddd61f7a35078da5f766569c702e5730c3ea2d90720ddb1d12aae8512b2707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
63575c44234c03158778eac7b2635e95

SHA1
8bf3e8310bb61d000c6e9713641ad02da4efa1ae

SHA256
a5b54eeb0b59594da787d27d1675ab6f4702cfaab6b60b2681c1654b76616ba6

SHA512
2e804a436ddc2179ea63202e0027e0b1e95823cb07338e8a4c906a09b74099dc0355c139e05539ad8e1e8645344cf25cdc78d7141c116499df9096de84b7bc72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
bdecbc2452e95154b2709d2c31387054

SHA1
1f9e9f2213641348970144b32b4bea569bebb181

SHA256
6a77e543eee7399d5db0d03fa175e7514a441def831841beb68115c6db16976e

SHA512
021c7391bc94eb59708e6a3b74154087eced29319337a3a5ac18dd4574c8aebb159d53bcb70a5c8fcb6ece0ea94a7c6c06f506c24cd361b7184d75edcc7808b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
228f31ce9a082663f0545bea0e654a37

SHA1
9f351719d9322e4329e4838e1a3cca64c5e16df0

SHA256
97947c01976e7a4babeb8f18745331c49294ef0d1d70e32dcc405d8a76ad34cc

SHA512
ec99f95dc5cbade5b4117eea26dfe7c0c6c2b1e35b052b9eda958edbfe1f8c3201c3776f5e4e40f8a4a8de413b17c8b9625c68ff65ff273de916eb2ba2ec561b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0d57ea27955fa28036933cf8d8c38192

SHA1
79d36326e0695a4c63dfcc77c654a55ef630d8da

SHA256
8c23835cfed4705ab1eeb87288e8a1092d5b4c534d8fd81ddfb924c4f91d7752

SHA512
806c89c5eb8e0fd16f9dcd5af5855d3a710e6e8967f530270579902d3c2c306691e56af98fca99598b527e6a39fa96d8f15fc3f8f52e244195da6a223c187187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6f06d0be01183a29c1f872d0fb7dba91

SHA1
d5a8f27b670987ef86dd6b604b08313ffa8d9aab

SHA256
804a028f6b1a87c24cb804fe48469079d51bd3d7c5b62360990e4657dd1b37de

SHA512
8feec721a9fa9e6bc1735470f404a42001e07ca6e2d90cc844e94460978443aae68f3a5f777f09875adc1c93394f109ffc06943651a65132f20188ebc06c7837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
50033b70009dd6a49596776c90d96cc9

SHA1
a93bbdbc682cb4b0b12c7caad34ae7e4ce0ea28a

SHA256
d1bff061b31b8da01abccacaf3b82e046e3a7700a9b05d6c95d217b23e9cb368

SHA512
03bfd801ab2fa681fcf84590db98d3bb94d462778ca38668aa01beab21e7a4a16db7400920dd7108861f3cbfedb24d3e416dd12979c7ba07130003b7cfa22bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f1950762a63400e5f838544addbe7c87

SHA1
bbd1930929e4d638769bd81ac819e61ff54ef8f1

SHA256
ce7d2ae9a3c036a48a3dd1a2a1184cc2fb77953e11e14f11069ca1de46d17cd3

SHA512
0fd06a06e936462dede6a1c1c61259f66b1502a56ef560be0804bbd963b940c888ff24835031fa34ef0e80381b9ff23880465cb1aa0319ae339c3cf59e4cd7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac51184def97a8110730fea66c2e43c6

SHA1
ae1afcdac198d425dd8a00aa42a48bf43ce3c0db

SHA256
d5edd718e20ba239cb181dfaafd9217ca8176f6adfc00e34aebf49bad29ef3cb

SHA512
a7feaa0fe2a181a9f3facd9fe9cde30d505859dcb63ab41dcae1ec2e328fb3bb7144b58269c5234a57fa2a3861d8bd755aa457bc1e4777b3efbbe982adfc9801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e2de267ee922dc359e9fa930fc669bd7

SHA1
892b509eb6a0ede35567c66d15f6ebca9c313a84

SHA256
08dafe238823f250bdcb6f7133bc50f873f5f45ad25cc99e05d18b96cafe70df

SHA512
fe6be6ab9db92624bf9c8f1e22fb46c29c4b028ebfb4f904281ac3ba6d4714b64d657d7cd738e9d2419992bbd16e23cb8bbf4086e4b3681aee882eac528d3f76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c273bb1c9bab35bb8ebfa4f0118c766a

SHA1
1e104b433adcdcf4e5918219068e27bb50385d4d

SHA256
6bc6213b02717c5fa6972bb990205fa1c46a4294ebc55816afc364bfe415f188

SHA512
4f2568d6af0bd45aafa5a43b960146968887c6f4032475fd764a92677a013a55c978823cdfbeb834b27e3a583e07ca7e4d934a80193f6f156828eed1581cf49d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3dc77e192f37d3a86aba6529bd613620

SHA1
3b8efaf03bf6b93a79e11b739333f67adb9cacb8

SHA256
df072b9d9eb448471c79572bd85328d73a2ea997ce978f867e0e28786837596b

SHA512
624a81751da8c5666a55483cbb20f2e5210446ad74dee5125f886d125881d66a880aa2db235c6e617a277a501940318fa474b865449fd0d3b0bfe80b217c6cb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
b70dd2b4d1cdc22e90658c1615d82c8c

SHA1
3154ea9492625bdd0c66b61326d5050c5c2ecb7e

SHA256
c7967b336b1c9c3a89d0a465566f4180e70643bbedbef8ac7a60ca4dadbc9ffb

SHA512
05fc8e71589db37d959a5044b87b96768514e186bee080babcd70aaac8a7ae431b167da6155c4c4321d2be39dbc823c6a5b2e6bc28915519f57e7a8687457d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9d3cb988-beac-4a85-9149-18612cea5286\index-dir\the-real-index

Filesize
2KB

MD5
aadb71363f5bc28eb3f66cb2a27c4c29

SHA1
3d49821b71d8603f1485c5a08a2fe48cb8a0513f

SHA256
a93685e379cc74271de37c129af596332d40329792169eeefdc7a22cdfb00069

SHA512
7705728a451f1fdfd7ffc88c9fcb7c6daf4f996d6ff53b9d76ee25e83ea60223278009f528f064e543f8365c8fda880152ee224f19e14e4dde6d5a41b4746687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9d3cb988-beac-4a85-9149-18612cea5286\index-dir\the-real-index

Filesize
2KB

MD5
8a8f76651dabbe51a40a9c069ff847d9

SHA1
fcd6ed45f4aa3e19eccd9ebf0f2dfb5aeaf04c7c

SHA256
97df9317187b7588798b4bda3e07b931f9ccff8ceab8e710ae5a2c7fa10b2d88

SHA512
8f97f9e95f4f70ebc41cf36b619c07d3b5bc6ae34cf3411ada87d54cebe1e7509ca9a309f424da4117b1cdec9b57c17393efe9602ba7d6fb2a5717b9dbb1803e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9d3cb988-beac-4a85-9149-18612cea5286\index-dir\the-real-index~RFe69553d.TMP

Filesize
48B

MD5
6e00a62a6b52a4ce1d616f325bd73d06

SHA1
30fe66ee68882bb7e04452d56f8e5b61585da813

SHA256
199695d0cbe86b46302577dff3790335dc9170a655603d454fed60f00e0ae971

SHA512
291318b4d7205cfe3d1e7548ce436436f6a8fab9ca123083ba22e33cad98bd353b70868b3767774eed930fd7f507109d70707757d785e33a29d8f4ace7bb4bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
8597d90ded9d33674113a8393054ef9c

SHA1
9fa5d1f7d7868b4411b20f9fd3d77987b8530129

SHA256
d3b8baf13913f6b50a972bbe1e28b4075c2d253e56762b89b54d5233fac57f06

SHA512
e32f28c89e7411dd8f00556bf160a482063faf39f6c30f07957ec66783ea248711e07b960d75d5f3831b0c1a806cba0354aa5145c359b03d6c457a64b39b0985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
88167ec6f5d203639186ba0aaf4d9fc5

SHA1
0d3db277f00eaf2f1fdb183516e73145a6d707af

SHA256
fc28ba279d423c1c2b2f671085f78f8f45a688723d13bfa6974a5cde86e20191

SHA512
212958a6562c61479a15460b76791f8ec6efa51d7dec56a4ba2391c7da6ea6365f28402ee50f2002c283d6c3f45625f9b8c28e56cc5cb00e46ed20865930be74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
9047642214ebb5c00d4c601de6805e29

SHA1
a21071e01568d0dda14e0cd8c19b92ebd266f59d

SHA256
a42e851891270662d8872c61dc20ed843b8efac70b3219dc2bb098aae6716766

SHA512
a54d6f04acb26d997f86e6c9c391862e14441e7bacb7f71d5b6a992939d431533b479e62d9d63b97b31ba341403de94bbf206ee6dc4e69618188c4911284f051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
be86126747df908b3b0e9d3ea3cdb208

SHA1
d739d35e4c05db1187b546f3949189da2f990160

SHA256
7c2ed8a9e55c2b7e120261012f885fc4ec27d5a6e02f007061360acd044d8ce0

SHA512
ab8e03b477a125964dbf6284b6f1424a797ca9d9db6617ca70412dac6b265d4decc7cbf03511d5e622143db852c832e9736feb2d1a723fcc6f265df99589df58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe689cab.TMP

Filesize
119B

MD5
765235b2d99bd0937671bed0e3f55c41

SHA1
9ec0f069bb5923df064a4cb076af182fe8e03f80

SHA256
e4d6f7e230fed81939e211d6d4e1641793ae5bb8d98d07a145b9067eb17ef423

SHA512
388abddaee0bdf810465b814f787ba8fb6abb81f6d17ac363ba05059283eefafd370138b2f3e44a840dd5d4f114e9c5db16ddb07a1f55a15ce968a7badac63d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dcf02befb97f738f6e9ccd2c0a91c33a

SHA1
727a2ac3e3421aecd73aff6263934b85fe6d6cd4

SHA256
50f823cc11b2acb95df69dd90754883386da76860de416ffd463d48b499ff1dc

SHA512
15e74c9b7a7d3f069a155c4bbbb22e3317d08fc3072af9ac7e4044eb8d8744d2679563d148881391cb38a1d63d500beb132f2660c2950c2482375dbdb64c1531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4268_1743878140\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4268_1743878140\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4268_1826027467\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
3bd72886b41208ee97d1dfb9e2cf9ff8

SHA1
785e5bf997bbd0e083bc7efd49c3e64d8df04674

SHA256
0df84cba448288281961e8f0ce9df3753ab22f92643222f69238b0448bbf6d1c

SHA512
6457d290afd0abc0ee6150e7cada82d7ebb0fda0db2b88f677f62f82440b648ed9b1a9088ecde3592509ccb8cbeebc3e7f2eab87a75ff33370138aa399658c45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
4bbf59d7b3a33c496b744a3d812f205c

SHA1
544d14539546bc937ff4a7646f3c57807e7bbb7c

SHA256
5a2736f4e4c625362ab11a1bb61824246c732d15a181cb919b9126e7f7c801bd

SHA512
f1485c9c0f89cdd062e418c9dedfc0ab847dbc61fc0a9cfc82d2b1e90e5d8d2ffde9d561bbf6619b54f2091350051675784960b3e22fe0f75b204fed9fdae68a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
ee2aca01a33c6c80378d230a265debe6

SHA1
2f336647fee83cc5e44968ac46e01bfe32260435

SHA256
93b92ebc7cfe3ccae8f329d0a1543a6645a73427552b94cb50ca3b15a958970e

SHA512
ea87d99fecd1fade2b08264a1bd15f3437f24283ad93d11011631f4668796fa90902c5798f6973c4f0945b1bbbd3b5a4c3af8608a0225749a8b62c479d76f15f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
dce6428aa9ebfc2a556eada7c40a8175

SHA1
0a82ceff0bbd32ab25b3a3284da6279a912a6f72

SHA256
e261e51424f415e6cff5875cc79edb999e478ec06d56d1ef9faa1495586c5778

SHA512
315a6c4697cc676cc028c3866792a4098f9939689bc3e9b29e7eb5e34e42ecc54f4ada023039c199b168b5d2bb30d41c7f25d8d598741eca71f4d1f49b8a21d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
941c023f80f1c4b0e3086f74ef0d4930

SHA1
3a6da90f1794ca14b099d55036f550ba90adcb5d

SHA256
56b578b8bc01b82c6dcde1a424ee357bad95a7466b60c4df4d54857765128c15

SHA512
a5d3fd7f6951009c68da752eb725a3fb459ce322e42aaa6b756f9e43d23d68d947e6b7175dae37290acb3649f91a8d068421a600031da8c35be3dd0ad5febfa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe694251.TMP

Filesize
83KB

MD5
b8e0ea0d4ce46a6068ebcf0161553bc2

SHA1
fcac0363ac4aa4388537be8e394b83cbea1fb850

SHA256
ef011740aadb4198e1aa741e0f6cb1b84d9efa71afe92b57da7eca35383e024e

SHA512
57658cc19ae7c8df6c189d68b727072dbb50fc40886626ea5ec9edbd006f460c8229298b96aaaa6d3b1f68fc64d530d7368519cd5841052f82d405416adf5040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
5e428f9e5a725ed2579f788063a2732d

SHA1
8a07cbcfd4810167bef2f841b0d7e0c968d16aad

SHA256
d549c60b2274961c4117ff46b7a2f8fae41832504e59966afe4a5a6001d8b3c8

SHA512
2ba7dc154350914a52f4ba181af07298778051161362925a764cdcd77bcc4dd4b78dca3289006b1d24649cf8879d3451eb1622c5ca27871b13647e947f421b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
4220908f0ffb9a88c7ca6b72c34e3503

SHA1
55a3738cba3e6c48f1260f8313ea9f2f6d9e0276

SHA256
ad5e738c37a7fee79da80e00775dfeec2a48e94adf8473abef3296156d08340a

SHA512
02301f220e7e9a8ebb49185367baa4cb4f41197eab679a0bc47939a862b2bc29278b5f6c49112d8dfe72627e1a2d9c7a6c3fb9749af8773d5e08a7ab424b3b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
5b74dc6e87cc031ce6e481e6a1b518df

SHA1
f9fce84ff7ede42b037685b7c317a9a300ce72f5

SHA256
5c1daa450564a78d1c5997a608d1dd71f3b121b692fc5ec02e7d2d153ec80bfb

SHA512
6dc7b5a6aae86540ad401d3018761524c37d4eabf823f0ade91d531c5b3d70f932737708e01afccb89612c97acc11ad8e8ee0959abd198eb12a0a4906dccf48e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-5.1350.3112.1.odl

Filesize
706B

MD5
e3339f6e0658a4870105cc29a029592a

SHA1
72ef53f0a9d2e6eec29c22b18546821b836cb03a

SHA256
1ebc2f91efb704d2f426e94a6aed3b10fb49aff122156490e4520b00d283a85f

SHA512
597068801177222cb2ef3a0de063a3ad58e626fa25a47133b2968e995a4c97967c891668c05baf07e7f3ac4012863359e0e253fe52cb5f820841b706b586332d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-5.1351.236.1.odl

Filesize
706B

MD5
6a29b93ed8b64f168a2c2d9c334f3471

SHA1
f389ad1c6eb935c681de64cb9539a10715948847

SHA256
bd0dcbeb1428593967049086f0f8442efa8ad1cd8aef6a9c481917f99e192417

SHA512
f809b2f40102eae5d3292c579ae04a085f346e712298bfa5af7b6d4abce3e9f8df484be0060ec85d4226caabae5884590a8cdb0c9506cea0a4fdb04bc69c5e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-5.1352.3084.1.odl

Filesize
706B

MD5
f11d979cb05acd688e9cb8aca8a660f5

SHA1
36b78c4a1e831c988e52aa018614422e8950eaee

SHA256
8bead04423c656e5069abdd53d8b6c4b864ad05c6f72a4239afb6fe95209306c

SHA512
36734adff8bbce61a8b6731914c0b5da278760a24fb7995088d6ed7fef12059879b6dc37ae70be86d2c7edf4f1ac1708595c47df561126aa57a6a29b3e8cb0aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-5.1358.4816.1.odl

Filesize
706B

MD5
ac89c05b06f9d0f11502049f7d66206d

SHA1
333db666dd0cddfb0c7de22cdb597b691c4a43eb

SHA256
630ea982f4d92f50321825e092deb1285868832c26094c9d9c7c797cade8367b

SHA512
a7226818e3a6fbb3a1f12c38ac00a357478f33d83ed055f099f5d111e6b4bc6388c421179d9144b9231d81d426da35f829ef573598cf0792bde8563d14f7946e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-7-5.140.680.1.aodl

Filesize
706B

MD5
0aadf4f56711e152024031f393f89a0e

SHA1
02abe6e1ab0666f3a1ca6ee6b80680961cb51db2

SHA256
6ca04dc3ca77ac968dc1cd3651b0275fbea6a300ec3394061ede845304146773

SHA512
c6746f8b0abbdef848fb360ea1cc20adeea8aec27ba432795a972108b2e43597d8e3ea5d17289ed966984a502d2692ad71fe5145be6214f7feff2a66bfac602a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
4d156119471922b4f1d74519edd0c973

SHA1
5c86a0a51e040d4e5414cf6bb08ce3e6295bd9a5

SHA256
367a92ea4f9e9dbe2514bbc4bfad0b1f66f6a0dc9e1af0dd592e4a30ef028219

SHA512
df18278c58661350c0a4e6a2371e37d2c7bbdb00d167fc4e9d84956beaa5cd1a4a3c9398a4e15bcc1638c06aeaf844f4ce0b4198b09f0c48c3b8363858b83fa6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
07942672d71ba068791e519c1d383e2f

SHA1
82a6fce335b928b094e0b2df27af8c6ccb84e908

SHA256
7defc305effd368758d4cdfd52133fa0c24ea5f51f2fa7fe394fddae45f5e303

SHA512
29a85b4392cf9cab4b2ae9b81bcb87787864703b5e397f3ce8dc814791a74a0ccdaf8b1991a71676e107e5fb1de5a70dff851ca19222f4643bdbf12510f3a6b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
dbee82085bbaa2f5cecb21ed3942c5b8

SHA1
05029747019f9bd607f66f9b693c645d4de84987

SHA256
59bead7442b476009af05adcbfaa06c627452f0273f0eec19fca198d87339479

SHA512
b999cba0153b6f0a8ba3435b8a411c40e235dc5287eec253beb6ed34c34f69c30192742d204d2a538da1e1b7faba5a59075d743de40daa69b38556d79e342683

Download Submit
C:\Users\Admin\Downloads\BootData.7z

Filesize
7KB

MD5
2b32e968655e92c29b6e5e343f62ff8f

SHA1
a7f865fb6af4f460ec17b2cdc363a87178650a70

SHA256
4bd1d519351e0e187c7dde353e9fb62ac54a54b2795896a5d4b8e1f249613013

SHA512
9262eddedeeabd304d4ed0d59eea1a73e0ad10a3cab307648beb9d896a895b16c2d5b55e8f261cbaafc9de1168eb51032a6c105e47e773888f3740c3f8419172

Download Submit
C:\Users\Admin\Downloads\BootData.7z:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier

Filesize
64B

MD5
89837c9834f75fc421e04b20c0e2e7a2

SHA1
36a0df514f5c0917859597620eb3ed1f741e9d29

SHA256
6ee33db775de3df539cf83191b08320e39cb089705739f3cef58f4cc42e8bb93

SHA512
8f354a6b8d6acc9c33a0f4eb307d39b11c2720d3bc6c6c6c00a5520216e5564942569319b360f0af8d0dac56aea04bea7e1a343464b6d67af91ddcb8c0b2178b

Download Submit
C:\Users\Public\Desktop\⌠ࡹὡᮗ৞⦨ⱼ؁⢰ੇはჿ᰼࿢ḅ῔Մⶊ۱ቇ

Filesize
666B

MD5
e49f0a8effa6380b4518a8064f6d240b

SHA1
ba62ffe370e186b7f980922067ac68613521bd51

SHA256
8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

SHA512
de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

Download Submit
memory/552-4124-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/552-4105-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/1948-69-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-75-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-105-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-107-0x0000000009220000-0x0000000009230000-memory.dmp

Filesize
64KB

Download
memory/1948-108-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-109-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-110-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-104-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-103-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-102-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-101-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-100-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-97-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-99-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-98-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-95-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-96-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-94-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-92-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-93-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-91-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-90-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-89-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-87-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-88-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-86-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-85-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-84-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-83-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-80-0x0000000009220000-0x0000000009230000-memory.dmp

Filesize
64KB

Download
memory/1948-79-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-78-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-77-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-106-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-74-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-73-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-72-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-68-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-70-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-71-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-67-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-66-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-59-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-60-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-58-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-52-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-57-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-56-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-53-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-54-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-51-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-49-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-48-0x0000000009360000-0x0000000009370000-memory.dmp

Filesize
64KB

Download
memory/1948-44-0x0000000009220000-0x0000000009230000-memory.dmp

Filesize
64KB

Download
memory/1948-42-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-39-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-41-0x00000000044C0000-0x00000000044D0000-memory.dmp

Filesize
64KB

Download
memory/1948-40-0x00000000044C0000-0x00000000044D0000-memory.dmp

Filesize
64KB

Download
memory/1948-38-0x0000000008B50000-0x0000000008B60000-memory.dmp

Filesize
64KB

Download
memory/1948-37-0x00000000066D0000-0x00000000066E0000-memory.dmp

Filesize
64KB

Download
memory/1948-33-0x00000000044C0000-0x00000000044D0000-memory.dmp

Filesize
64KB

Download
memory/1948-34-0x00000000044C0000-0x00000000044D0000-memory.dmp

Filesize
64KB

Download
memory/1948-36-0x00000000044C0000-0x00000000044D0000-memory.dmp

Filesize
64KB

Download
memory/1948-35-0x00000000044C0000-0x00000000044D0000-memory.dmp

Filesize
64KB

Download
memory/4504-4321-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4504-4143-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads