2910fc13fd3da3aa87f1320519b9ed7184c026fa5213c9a0d95c5578d577ee28

Resubmissions

10/07/2024, 05:27

240710-f5fcns1drd 1

10/07/2024, 05:21

240710-f1y9zsyenl 6

10/07/2024, 05:14

240710-fxefea1alc 7

Analysis

max time kernel
202s
max time network
233s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

0811df58bccad6d4a6dd029c85c8fdca
SHA1

de6c8ed386cb0661fff00bed66f790a51ef2274e
SHA256

2910fc13fd3da3aa87f1320519b9ed7184c026fa5213c9a0d95c5578d577ee28
SHA512

2ee686f247ed20a38cfeb941598028cc9d5956c674c9f9619e30acef3b4a25a5f77d0ded36e9f69779e21534c45492dcf64ee969cadff805a809a1ec3c935920
SSDEEP

384:yJc1spY1ocy4w4lbGaTsvhpNYTW9Mkp1S2m0Y3Y06Ib3afl1xCejiw:/B1ocy4fEaQJpN2Wykp3Y3Y06O3ADxPF

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\catroot	chrome.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{35FE0751-3E7C-11EF-853E-4605CC5911A3} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000006c9e9e615972ccf05a66a1576cd392e3abff90fc6fc8bffaa98b011947a85193000000000e8000000002000020000000d394a3419c3ae1dee58d0657056e5a1651c1ca00a8b09599da193d89763438c7200000003e498392e6f709d95edfedf0dd6c955a2defeb0a4349962cfc38346ae8abee48400000004fba9278d208c836e1c739aacd26931b3d5c668860fb90191b37ddec6a2b90ab1c45de3a41e6bffab75054256bbe2e65654d096a564ad1ef765d9bbe96804188	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426750735"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0f0c90a89d2da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000ee213720df74c9185de9d2abf13471ee15cddf65d7dcdc527d02818d6eed44d9000000000e8000000002000020000000e1d454cdc481f52a3505b6bc87c6d5c4aea7581c19ea17e3c43a8eddf3dc0b7d90000000514207d1cdd8aa248ff0468365e8f1c87b227492d57752430e6640d015d8c948ba195ed7e542aedc0d480e195eff8fce69352ff7db4cb3b0455622a28a9180569558c24ed6ad523def603f86687fa8f4210ca404dd6e02cd80ed39579ef0e271e774c11f806fde57381ea6ac6ffd1331c8e9f86c9852bc196cb21ec11ac927667578e2912ff4db835850b9d045875c2240000000abccfc38acfc4235d95729e9fe105af76ee5cc91dbe340a79b6d75b662b9cb31fe820678a239c3ee1933c1d819f09b813a9977b519158f3bf9f78a1f5eda0e99	iexplore.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer	wmplayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID = "{cd3afa96-b84f-48f0-9393-7edc34128127}"	wmplayer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1624	chrome.exe
1624	chrome.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe
Token: SeShutdownPrivilege	1624	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2384	iexplore.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
2600	wmplayer.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2384	iexplore.exe
2384	iexplore.exe
2896	IEXPLORE.EXE
2896	IEXPLORE.EXE
2896	IEXPLORE.EXE
2896	IEXPLORE.EXE
2896	IEXPLORE.EXE
2896	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2896	2384	iexplore.exe	30
PID 2384 wrote to memory of 2896	2384	iexplore.exe	30
PID 2384 wrote to memory of 2896	2384	iexplore.exe	30
PID 2384 wrote to memory of 2896	2384	iexplore.exe	30
PID 1624 wrote to memory of 1776	1624	chrome.exe	42
PID 1624 wrote to memory of 1776	1624	chrome.exe	42
PID 1624 wrote to memory of 1776	1624	chrome.exe	42
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1356	1624	chrome.exe	44
PID 1624 wrote to memory of 1576	1624	chrome.exe	45
PID 1624 wrote to memory of 1576	1624	chrome.exe	45
PID 1624 wrote to memory of 1576	1624	chrome.exe	45
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46
PID 1624 wrote to memory of 2252	1624	chrome.exe	46

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2896

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2092

C:\Windows\System32\xwizard.exe
"C:\Windows\System32\xwizard.exe"
1⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4e79758,0x7fef4e79768,0x7fef4e79778
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1220 --field-trial-handle=1292,i,13772833065580450426,8057218361813709767,131072 /prefetch:2
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1576 --field-trial-handle=1292,i,13772833065580450426,8057218361813709767,131072 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1292,i,13772833065580450426,8057218361813709767,131072 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1292,i,13772833065580450426,8057218361813709767,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1292,i,13772833065580450426,8057218361813709767,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1308 --field-trial-handle=1292,i,13772833065580450426,8057218361813709767,131072 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2200 --field-trial-handle=1292,i,13772833065580450426,8057218361813709767,131072 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1292,i,13772833065580450426,8057218361813709767,131072 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:2608

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:268

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
1⤵
- Enumerates connected drives
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:2600
- C:\Program Files (x86)\Windows Media Player\wmpshare.exe
  "C:\Program Files (x86)\Windows Media Player\wmpshare.exe"
  2⤵
  PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4e79758,0x7fef4e79768,0x7fef4e79778
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1280,i,9463796588180157647,1262959361237909999,131072 /prefetch:2
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1280,i,9463796588180157647,1262959361237909999,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1280,i,9463796588180157647,1262959361237909999,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1280,i,9463796588180157647,1262959361237909999,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1280,i,9463796588180157647,1262959361237909999,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1288 --field-trial-handle=1280,i,9463796588180157647,1262959361237909999,131072 /prefetch:2
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2180 --field-trial-handle=1280,i,9463796588180157647,1262959361237909999,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1280,i,9463796588180157647,1262959361237909999,131072 /prefetch:8
  2⤵
  PID:996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d4e12de8f5a0be4fe7c0968dab08f15

SHA1
bbd8eeaaaea9d72e02c4a204f0183ce5548db045

SHA256
691a0a7670040b66b634ea3d2ab27925cfb611813bcce839a7554d11258f1a3e

SHA512
33a6033069f2cb8999be3dcf7d32a9babbfc994a4a509d2451ffe8366861954fe84e44a5d81b3adf4ca0ac5d466f3afe22710d2503cb6ceb756acb01fdf342be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4989a98cf77cb4c5014410ce79b0e3b

SHA1
9bfc7cf0d09a05ce9ce9c44fb3cd6dc2ee480c9b

SHA256
c74036105122beec69ac3f60e1f84423523b33461e63c16af2170a8dfec1dec5

SHA512
43bdfefd3e4198d354ac4747613a561ba4620a41f53b4692e01bd9291f341e2d021bef8aa883629617ed8468c738972aef56a20a0a97dd049a35cdfbb1267570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec3e3c51b8bac7b0d695c8718e2a6f4c

SHA1
7b49685a11d683e679721be4a6786dfeec312198

SHA256
e9c199faf162df1c8d56da544336375207b4524c8c32ac43b13ad4f08ad5f74d

SHA512
9d5e02572b8419e3d8dca0c582723595accc4fefcb29effae206291f41db013e141a5f8fbdf47f442cd1d9cbcf9d1537868be626f2b264845da337821bb39568

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df7f084141a2e10abd48ce4f529c78c9

SHA1
ee4515d5e1b131ed7232344b140af0701c414a7e

SHA256
c8f7e0fd8694e5579a45ab5ba652f918ef4d7a5a6dabf7184784498b076f2477

SHA512
beb2792dff798b0021f537fa74aabd57b308ddd2ebea0fd5ef065047aa12b1825145e8152b303789b9e6174d1c4933ca91b068313045bf0f1e44a6e45f4bf673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f0462768058cdd09b4e76f99c9ddc0a

SHA1
94cbe9748103e5ebb9710f185b3172510e490fec

SHA256
a682c647ceec6c0aed83a436ff74eeeca665b0d280e4b89234fbcd1d48e24b31

SHA512
f71947c1437c263fe04d23e3b1b8473db27c2a0ac03ab24bdfe58cc60f40de2d59d9391f673c6fb057b0c51e80ab600c2556538ae2753b8f76f9877d1fb9ed55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97210dae33370a748d87c0aa0dc4ef37

SHA1
41a132c210b8d12519a3831300b9cfaf5b96db00

SHA256
9fb8730bc0b5cb6c9ca7bd8c7c391317bb05f7bc2fe5ad8e04d1c165f34e3328

SHA512
e12c23451bea7e798e57055f496a1c14adc1cd473a79569f9956d13be1e7ebfc03518f386f7fb87bb7046d778409cb55a1a63491d981951d1c93d4cbf0276a0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
826076770cd2e5b3f4ce911295c01c87

SHA1
084b43a71c856a6f909633cb79b4d3f0fb0878b5

SHA256
1cfffa2a12c6cfe179c255145c058a5686640a152735019ad7a61e0325cded89

SHA512
f3402f00c25d91337d8a2c6959f3f56d239ef760928b23120c0e38b47afd1ba0f96c8ec568b05ff59f9bc5cb4cd24db69265f8e5aae8ccf76fcaf6b743c18edb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d78c676e42ee5885e90b05686c004be

SHA1
a402c5c57738efc651127a73b6f2183d72b7d102

SHA256
5156ff3b0aca3afa4e3f3ad2868806600525733bca882e296544af56a89f9013

SHA512
8cdc5057702a44546eb30c0faecab244bb016882c503e9d29f361b0d1b3eb23cbe6dc8bc24be745cdbbde3ef32e706055bec6ba5d9925eb38bc0d616e16ce686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1307c314a70a538e200d8208f3918b5a

SHA1
20bdaeac6324c85242e22402638a951b8fec4530

SHA256
4f449c2548b7d454134c2ef3164152c94a70c72879c4d24b5d5cde55646cebdb

SHA512
cc0e28431245a8f9cd28de96c1a5bf8016bebf4fc1b176f09533ffb42dfca5afa5565691379ed154a8c43fb1f9c5f37d65526cfec07be95a8f278fc291ca58c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
247f90fb02c1f0caace9effc9f965a4c

SHA1
5cf533b3948a462b210aa1fb7a2555c7b1b40061

SHA256
4d99841435a79e0a1c1dea34731081f5c336f0a9aedbca9740fa3e6d6f54ef9f

SHA512
40b8c715641c1a85e1506101836e48ee52364d5a54b33a3bf8e8662f5f7a361607cbe1b20c03b8c02873aaf50628b5e8dd9bdc5f766f5f089b1ca3a47335224f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a5b732470fd3058b88484f1053deb7c

SHA1
b6b34e93ff62b2fac413bd242f66d5abc17470b9

SHA256
71c991c9d1bb3430f36ef020e752e8afa543fabbdc953904236d1d66d47798dc

SHA512
4d54f923c18fd9fead9e13dfaec724838c8302df3deeb7cb35b7c41b0c321c952e6e8d45de630d0736c3d9f0028fe776578b1fe407b7a706eb994098f21d4768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09803290dbb53f3245ab265581af2670

SHA1
3122f389f7891fdd2fa8da02aeb285109c7c158a

SHA256
16bf6fa1ba068e50b69fd2e52e4894e03310ec6d77487f0d04d648a05c3c5d9f

SHA512
6f1952d70a2e75bdfb1c6e4b8bf823a66ea27654920f2d8d98e27d4d4de4aeb2509d634268fff06d9474355a3a2d166a5e6ac4e4d2c18cfb9a951015e789466e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe099901b1ecaf0cc5f441f3de906a8e

SHA1
a2dbd0ccc5f56ca0c3eee471915fe3c0efd4d0e6

SHA256
ae8746545c296587b891c2e69355d03b10573f85e31a88001bc8cb20a77adca0

SHA512
892b3945f978b3dc3dfdb6ddb2a925578be6f4d21710a159d8e530035c3b1fe40426b5de5bef61d9a3792c215c84186d02109744eafd59844a18cd55091c3aeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e1229ae569162acc1ed1ddcd7626d4b

SHA1
7f76c1cad573b124a5af2ab7a4293cc1c301afc2

SHA256
67b76cc53cfecf19ea28c510b9eaaac4a1aeed79042aa80af9dcf73f0a915fef

SHA512
b7c0dcf78aad8cd6061aac4394f1a4d413765dacda8535b1e261a5ea1c1c2950cb2fa442134db8ca8e69cfa562ae3fe9652bfee0c78347b52af8f0b165df78ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7c52796b7fb3f8f582c29fe6b0a27c4

SHA1
0f0718bf295b27a135aa1014daf48509209b3e8c

SHA256
ee96f1dc7119f80857897a5b3c3dacdebad353785793e361c065ba619a2ad4d6

SHA512
394cb2a5d997e476b82826c4a8d8685543e14d5c12acf551b354c02f3f038017a4ce3c0e2139764249fecbe7dd4f73a9f3ffe04482fe988a7300de349cb9c363

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02199c000d8b49694ece3939341f9fce

SHA1
10702d5ecaf5b5cb76ac5811e1498268f22b1e9f

SHA256
e1181537875305c017138092dbb43c5c3f019211b287c20cc20352aec9e8bb05

SHA512
0d8427d8e78fe1934f0ffcda524444a45ba7626658f9d6066fcde3db79497f8f6e21ec5fef631bd2dcdb38db5fd4dae95e2202fff088700180eb3a902c0e1676

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e2bee4e5df2487a7cf346f3d7f23fc7

SHA1
0566b07b6329663240e27ece1fbd1b951f0f2a0f

SHA256
20006da4db3d05ab4eb74ff76a3f297dd230a50c38fc187679b343044e45e7b8

SHA512
62d17ab065fb62d99ec6a699139bf2df2c21073f27a4c0c1dc44fd478b77e518d07d52b5bd8d400eea94a19eceeef6b9b068ec4125d7f154b58d1632c4e834ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
582bf62a4ff63f4b791480ec040e172c

SHA1
0d2503afacf8a1283a38eae40eafc71943ca4b3c

SHA256
70bdf603b1f99caf7f2e4b919c0af842aa63bb1101422ded7cbf8c4ead8066b8

SHA512
4fc0cdf6ce93041ceb8228c51dd0b2530ea5acbd4cee8c07a0c443c4f9e5f2125d5d3b8efec403cbaa178e25a75e9ad6547253fb6dfc26a381de260d3c217570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
888c9fdc14f7f521d5a4bb098956302c

SHA1
1ac2d9f7b2f8716f8332bfdf47eeeb47d7b00aa0

SHA256
1f515143b6e8f38d4f740e10610605c67e61cbdbace8da3590cf065e7722cf9b

SHA512
b6b3d77d4e4b76c9385a68352d21169ee5f88c2ee34732ebacd42e886a8c76b54862950944d647cebff9d3dfe5eafdfadcc0544638adde13eed170a44d7be66f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ca884b9f56c1a54418d0567909d733d8

SHA1
784a175d1f780cae1ebdcae0b76a047f054c98d1

SHA256
c6f2142ff52f3bcfd677b1b5c884b586d878fa10267495d5a2643c3119f074cb

SHA512
2da2a3853922d08eb9cd5c52167a2574e179bb660726bcc251481ce81840f7e4de0ba11d39256019b0a43f76f9674ddfd6e2b75ffe2a6cd37aa26f8dcb5fe445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
ac240d85bb9fbfd9a1e48fa1c08c2bbc

SHA1
05f6b3518cafc02b8bd77574f672c8408118ce03

SHA256
4613fe64b78c1920e4e7dc0ab84d16ed7fd5c8d947f261ab42f11b1cf21a24f0

SHA512
a8c7ba9da1458b6e44476cd4b05f8df4e0fe83e00ac9a9819ae13b9b242a19b99952f18051a4406383c1255a09c132489e507f30cce25458276a48399f71e349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8c80087eebb17334811b724968532ba8

SHA1
6a9f387b25445f64a6f861effaf25a97e66f0a2a

SHA256
d35fe734fefec6244f81db561ca91455786d51ea578571bcdf98b287bdcc11f2

SHA512
3b8a66383bc48f4015ea4f2e9ad4a0b2cc08c59896b6da17469804ad339750a83c4e692c30f1b189607f18051c822d2f0de97471772b6cdf65d2ef2fd1df0b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
68a013dc6b1e3c301d1081ec4873da41

SHA1
7962b5d5ee744aa44fe232304184409c022a6345

SHA256
cc1852f57a7d56b961dbe8e0f81e2b061688a580f7c8a16d1c97439db6a515a3

SHA512
3c0c61c8110af1093f9405ce78bdebbfeebf66151352a6801efafa4a02d14135fc685a047b18d65563b8f5171b4e94417b063009df03b4bf1aceb472f9f8ada3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
1ef96524150ff91b06777c4146f1e3b3

SHA1
1dc845d6abace3f2d66733b8599133140e5097d3

SHA256
4b5bc1fadc9751d086cb7b1bd65b5916fc9f1da3f9f71987f91e088d639efbec

SHA512
78a01728049ff35af30eec267793d35261bd8fa841c6cd8bb095d7f84de524528c3c651912d91b5ac498075462d65db13a88b65056566423ba1d2223dc8bb1ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
1c866208969a34e2c15b9647f263e7dd

SHA1
386464ec0bf152a35347920d8bb43b9a536e0ba2

SHA256
f14d9103b3feff2739375e0785b6384c821fac0b17f4ce4880ef10e00455769b

SHA512
04e06e78c91cd339516c27337f7c118f64844b07e3abf45ae3e48f9886c9d599bcfb43a246c8d904b0d3c3adabdce5b0dcfc5c7f8a43c35ac8d7ff583e3718b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
98e7c09432333799a751e87c6d53bc99

SHA1
112e53d9ee5802d72a4c435bead7012682d08915

SHA256
93d7827e9e2e979bf606146b41bbc16f5eb91b6bd31ce1994e52ac26c254d847

SHA512
0751373b3b366acf41c7f644b5a6f8aefe5e69f25b6ca46f8ceab2f7dd3c2ef6ddada395dc909638bfeed91853e50c68868cc63eb72b4e2d7a071c1bdae55af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
08b138a6449d4c75cf5e90c5781721c4

SHA1
63a5b75e125429100d29a3288724e285ce4b5122

SHA256
d53b4bb99d0c00a450daf8ad0051c917022c6e9c6fd04e3b8db6e098c160599c

SHA512
c4d6c5299d62338295a21b015d2047777dd25df1e1776e0da1c9b65859b9bd16cb2edbb16f47389a7e68000bd13a0e1de96713c6864b09c76bdc8e211fef57ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
b354843c3a5cfdae22a00829856defc8

SHA1
1219073f57d06cbf9e19304c179f75fc79ec87c4

SHA256
d4d22e47682ec8b782ad76896b904ea3427bd635c4009d730e3d08c76d2f8e93

SHA512
d68cd8b7a03e6cc9bb770119a7f076e5302aa53b103cf49773c487d0a82e9e1c84a2f550cb70e3102fc92fda21b7af8a3c39da835d0558b3163b3bbf719fff2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
17955c6a1bfe62d0dc5fef82ef990a13

SHA1
c4bc3f9ccf3fa9626c9279ecb1a4cbfbf4a0fcf5

SHA256
1cba135964cd409db09911c7cd4699112622596ff633cea868a83c54088c03a7

SHA512
5fb73bb4f7eb1c9e26f34e5d0f310783c7e629e717760ee38731a52a8e3fba6831d77abf0f37631fed820839a00c9242a582e59266de08d3c92c5c4f83c8e7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
1a352c111c40524bd7944e0b18671b5b

SHA1
8c53726f5bc619522e8fd007d197578a876ad228

SHA256
4f6afe204bc733b8ac05183849938a683c541a87b44833a51ec42e98dcb2b775

SHA512
97d0f03506292c231530b4bb5fd7084df33126f005c426492dd79b2dc37ba3447320e2b7bbd66c6088e5572b8be3df61a1a60b7c98ddc503623e22915b708112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
305KB

MD5
40965e8c6f1a74f7b64c5dd7cd04a195

SHA1
2add3bb73fea1161165c2ef55fc1f936c8b1f13d

SHA256
1c3cf4bd0cae9e11ccacc0ac444d83fbf4f93865df73a03209cfa77fd5591bf4

SHA512
f83ea8ce1aafac2ab5f4678cc241eb2ebd413c364cc4244be9c38288257de0793ff7c96dce257fabb30c21f69a8e94c0846056dc00791a80b18fed4b9cacaa6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\af418da6-788d-4cf4-9ba8-032d4b58eb0f.tmp

Filesize
305KB

MD5
dcacf056dc7ad4e5237e51c453e7bb8e

SHA1
12396211abc058df0914be6f557d7968dbd2232a

SHA256
0d8f026ae71287441742bd7dfb30049641257287fb173f1649b27b031bfcdb72

SHA512
4d80d368e5a5123f4a4673ae126f1b44737b5d21d78efb9469d633171eea4d7699a581f777071735c16acadee7c9cd0f42cf5d409d4265ddfacfbd6c0ffc03f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{52B5B1BA-2069-4058-B603-0EF3E02AEBB5}.jpg

Filesize
22KB

MD5
35e787587cd3fa8ed360036c9fca3df2

SHA1
84c76a25c6fe336f6559c033917a4c327279886d

SHA256
98c49a68ee578e10947209ebc17c0ad188ed39c7d0c91a2b505f317259c0c9b2

SHA512
aeec3eed5a52670f4cc35935005bb04bb435964a1975e489b8e101adfbce278142fd1a6c475860b7ccb414afe5e24613361a66d92f457937de9b21a7a112e1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCB2D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCBED.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFD29230D9ADB245FD.TMP

Filesize
16KB

MD5
1eecef32193a7a497b116a400fff247a

SHA1
41925eabcd54f46b05ea9e7f0986c2550931e82b

SHA256
f962f3f0895353dad6ad413c964d5874050dd360b8294902f620b1a8e1e1c25f

SHA512
2e4a32815bc73967d91f670a2850f6742e347649045b8a075b25223dce69f8579b614dc5dd86f1a804572c6b04de256505c3cebee9565c0c992b4dacb3fc326a

Download Submit
C:\Windows\System32\CIRCoInst.dll

Filesize
9KB

MD5
fc1b8162b5300f77b4f341b0ad21d8ce

SHA1
36d4af6793fb43ab9c4799e10dc9a78f61293748

SHA256
905a317a20030688d52e4910db64e056017471cf647b6bee9bf6a6f976c51a13

SHA512
3e2ee44e1d13e1e66480793ddf5ac95d71b9490f37e9b07cfa69e21005ac1f5b37a2d3636d07166172840001722b8ebfa1a4c1029c76daad1353348210545bfc

Download Submit
C:\Windows\System32\aspnet_counters.dll

Filesize
30KB

MD5
48a83b2c83fb48b31be28bc82b1b0cf5

SHA1
f2655a88fce154104e5e81eb001c43be787f34af

SHA256
c0a1f3e5ad061115e0ac349b1c6820744da3a0019d7e69cde7829d8c5d03a604

SHA512
613ba853aa30729c9014ee5ddb50a38cff188de0b17008f4870dd9202c61e09ec5c874deda7f016ba6eb6dd024b8b61d1dfb44b2ed8af714c5a667fde2cb618e

Download Submit
C:\Windows\System32\atl100.dll

Filesize
154KB

MD5
53a3de22a97a40469fc6aeb54a151a61

SHA1
07c34cf6897053f9520b7c7c6899534559dd964a

SHA256
ece86e8a88de3a06ebda73d8945dda04df9a94a0c8f949c9c3e1c3d2355ca526

SHA512
390d90af3708d63346ff2bf33730a5740917df0f4c4973a7389b49001219568564a7b1e4616716f28bbd503ab6320c70c5b885c6c534b852a5a0945a320fd7be

Download Submit
C:\Windows\System32\atl110.dll

Filesize
188KB

MD5
fe00086a2fc935af640c7f302c12fe89

SHA1
919d9e63a3ed879d04bb31dc9d43a1195e24878e

SHA256
873d57e5cd660d49b403780685e91b6e3bc9e65b6e59435e0c5a5dfa1de0422c

SHA512
b9b0642b824846090a47c31e2730a568aff79b65808439277ff1ab0c0f257236f276efb1aae71ead5f6ddc8362463a9ae6843f00266e5e82ec2720792446a786

Download Submit
C:\Windows\System32\brcoinst.dll

Filesize
19KB

MD5
f02f93d5aec524052e4a37c1bb7ccf31

SHA1
90ac9d8a7708582ce517124355b3cd04e4af3bbb

SHA256
62aa0c49e6cd9b499e87c09fba55d5146e58ed68df4a5428855f50568bca3528

SHA512
d132d0f5c01d1a80fc03a692d970bdd4710194d7fb7e1d20693560cf7049c3da29c6a584f5fd13bfa921b08d3a2c94a1aa6cbd408866ce631570228c3cd53fd5

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
4KB

MD5
7daa251ef04ee4da808786018e6330c0

SHA1
77d1f9682e60449ab171296f0d6a330aa2aeba7b

SHA256
1ad11c00863510c233b012512390daaa02eda496c63171be007915e631806159

SHA512
ba17f12ce614a594df243fae66172a73a2902c943aa0b43098179c31087d74ce69d465ca7f849517eae75c50cadbd58205c9145992e3a776733093ad0817e6a5

Download Submit
C:\Windows\System32\concrt140.dll

Filesize
308KB

MD5
0b42ac3aff1633b0d7edb9fdf5e4ecd6

SHA1
2ca2129c8bbcbabc4e21368a6f9acf59a64d33fe

SHA256
5b757f98a5f3e4ab8b944067c12bec9d67a80aa31c7de702b15dbd199dd602ed

SHA512
afc8942f002ec2958eafebbbeb4b30c47c3e286c387322c4be8839b56f9a1621d556d8cb93caee6ece8bcbd1b99c96972a562b758080c183c27762b5a2acbee7

Download Submit
C:\Windows\System32\crt7ef7hsz77w.exe

Filesize
591KB

MD5
72055dedf9d9a69e5ffc96a7e3c1e6f3

SHA1
b872ced57c472b323cb29b44ea23d0387cd3904b

SHA256
e1b8bc26a84a70ce525ab15ee44ac7a1ad09077f9de4348145305bafb4a1f446

SHA512
bbf5b40ab5928fea18724e213aab6a61bb85331b12ec5c0d7eee27d6c38cbdbd983b03d5f0a52a58a9b0dc3eabea7826b7a21bffe0fda5819e29cfaccde253a3

Download Submit
C:\Windows\System32\xwad3e.exe

Filesize
7.2MB

MD5
f6d8913637f1d5d2dc846de70ce02dc5

SHA1
5fc9c6ab334db1f875fbc59a03f5506c478c6c3e

SHA256
4e72ca1baee2c7c0f50a42614d101159a9c653a8d6f7498f7bf9d7026c24c187

SHA512
21217a0a0eca58fc6058101aa69cf30d5dbe419c21fa7a160f44d8ebbcf5f4011203542c8f400a9bb8ee3826706417f2939c402f605817df597b7ff812b43036

Download Submit