70da5b37a90fa65f24aa2d0ece3b814c1b9a0bc03484801bb5ff2792277e1a37

Analysis

max time kernel
300s
max time network
290s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 20:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

[FREE] Ken Carson Type Beat x Playboi Carti, Destroy Lonely, Opium Rock - Backrooms.mp3
Size

2.7MB
MD5

6940edc0dc6465460ef4a05c841133eb
SHA1

4d6a33d95248ffa0344ce0783b8825bda453a91d
SHA256

70da5b37a90fa65f24aa2d0ece3b814c1b9a0bc03484801bb5ff2792277e1a37
SHA512

ab0cc64d45895ba91c17fa7b0b169c6baf801063628bec6ce3bdfa5882c13cda4f3a4d20c8f96975de6d01c1c231c12cef548c06bce95a80779ca375ca1f98fe
SSDEEP

49152:SAgan9hmaDkkQVJLG/6CGuBl08nJRxsWJ8G4E4hMb/U3L:S4hLye6CtfT4G4EnzU3L

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4812	1920	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	compiler.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID = "{cd3afa96-b84f-48f0-9393-7edc34128127}"	wmplayer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000004b495565d7e4da019cc7860edce4da01c9fe5d5819e5da0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1704	chrome.exe
1704	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4800	chrome.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4076	unregmp2.exe
Token: SeCreatePagefilePrivilege	4076	unregmp2.exe
Token: SeShutdownPrivilege	1920	wmplayer.exe
Token: SeCreatePagefilePrivilege	1920	wmplayer.exe
Token: 33	2720	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2720	AUDIODG.EXE
Token: SeShutdownPrivilege	1920	wmplayer.exe
Token: SeCreatePagefilePrivilege	1920	wmplayer.exe
Token: SeShutdownPrivilege	1920	wmplayer.exe
Token: SeCreatePagefilePrivilege	1920	wmplayer.exe
Token: SeShutdownPrivilege	1920	wmplayer.exe
Token: SeCreatePagefilePrivilege	1920	wmplayer.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe
Token: SeShutdownPrivilege	1704	chrome.exe
Token: SeCreatePagefilePrivilege	1704	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
1920	wmplayer.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
1704	chrome.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
776	chrome.exe
4052	chrome.exe
4776	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
1096	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2156	1920	wmplayer.exe	83
PID 1920 wrote to memory of 2156	1920	wmplayer.exe	83
PID 1920 wrote to memory of 2156	1920	wmplayer.exe	83
PID 2156 wrote to memory of 4076	2156	unregmp2.exe	84
PID 2156 wrote to memory of 4076	2156	unregmp2.exe	84
PID 1704 wrote to memory of 2456	1704	chrome.exe	99
PID 1704 wrote to memory of 2456	1704	chrome.exe	99
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 4160	1704	chrome.exe	100
PID 1704 wrote to memory of 224	1704	chrome.exe	101
PID 1704 wrote to memory of 224	1704	chrome.exe	101
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102
PID 1704 wrote to memory of 4540	1704	chrome.exe	102

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\[FREE] Ken Carson Type Beat x Playboi Carti, Destroy Lonely, Opium Rock - Backrooms.mp3"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2156
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4076
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 2344
  2⤵
  - Program crash
  PID:4812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:3084

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x478 0x3d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1920 -ip 1920
1⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffe422cc40,0x7fffe422cc4c,0x7fffe422cc58
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5132,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3184,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5284,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3216,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5272,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5764,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5808,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3408,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6064,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5480,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6092,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3320,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=864,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=860,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6040,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3316 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=1540,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5476,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3604,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5144,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=240,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6028,i,4171053778585292495,12830962107311018452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1368

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2784

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3344

C:\Users\Admin\Downloads\Solara\compiler.exe
"C:\Users\Admin\Downloads\Solara\compiler.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4684

C:\Users\Admin\Downloads\Solara\compiler.exe
"C:\Users\Admin\Downloads\Solara\compiler.exe"
1⤵
PID:1920

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\90852439-bca0-43bc-bb42-7d06dd9ea136.tmp

Filesize
10KB

MD5
223eec03f62621387a2779154614ad08

SHA1
ab65137fc208a9799a338222b5db0af02d82bdea

SHA256
5e813308e153594eec838d6aa4337f6af4cf4e5037ec763200389120c4a2c5de

SHA512
27fa0abe737c75b029a3c19fd4886ecd808ff7db44be7c8ef129350f93da89a1d5af252840b086cc93fbfe2ad0948d1d38023b06b6afd88fabadd7819e9dbdbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
70KB

MD5
86a162abd8da8954c9489598e624c97d

SHA1
26832fbf83ba9b9458e4975a1db3370249e7b2ad

SHA256
64b9cd4a4ee6a195eab971c9178340b8925480628386ad7fdad7c6223cc73395

SHA512
a6e8f9b27442c940ec121d53c25130e2727d28c0e1ea6b57a65dcfaa0e16a76de7243652e3c9ba605da354c36d90b8884ebfa7a823dd160dcccc28f7821daaa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
404KB

MD5
546d4a31b636d01ebb787119f8552e09

SHA1
9158fbb82778358715582c9f857c0767a14f124e

SHA256
a90da9da381ffc16c39ed3863ec121aff52f60a7cd05a77e70555603b94d100a

SHA512
a691e3c8b945a427d882acc590b881904e17b8e80e8d38e6cdb5093c892f30db906c2737b5e75e341aa66deaf51e6d8debe1913d4e9e68b0041e391975e1570b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eab38bd5c2a336d9470da3f5129494a2

SHA1
301d2ae03f546096aa72360045dbd85022ceb250

SHA256
81eda5f41fc278354c0fa2808383736ecec33decbe46f74336287db280bc6429

SHA512
fa3cbe65b9add9e385d6761142c49c7efbd89cf654cc5d02de500812e1c10d3a6d6a78be205046439a4ec5f075588441fd8da178c89a4774438748ec529ff159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
81d09782aac2024ed4d628cc851d7a87

SHA1
b4217ec62a53deedc9ea9c5d2479a658694f1a22

SHA256
8bc97d66954a0fb2431c19615f7895576313c16889ae2cec0582fa6fc3c83838

SHA512
eec5fdcdef91db91d8480e6122feed4f86e7e0bd440ee650b58f83c51122b5c55d81c6f81bf4792058736861a226e9384360e048760a6c175168faacd6a93063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
174d08b6914fa2ca8f78e5c4d912a5d4

SHA1
ba3ce2910c3e061cf12e19d95e1a89e22320c5dc

SHA256
531ec6a957191fb13d02fe74bf0aae46c6065964a6f30a11865052d1492b2f8c

SHA512
fbe68ceb4eadedfda2542cc4360286b040276123e90bb4b8deb4329e806ce410ce2201cea8a2d7ef3e980f2ceee5003d56d906ef05a0430bbe051e326e56082d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
72458705f862d4125451d62e815d61e8

SHA1
9ce714f1a12b331177a271a5c3e0c2f06cada2fc

SHA256
e0cd30d47e6658a0b28712bcba2a73c56b8f3f170ab6dd1307a4d6beca39fa79

SHA512
fc02e9a9e1794c506ca9d7128a1b7450c01ba1b96a70a33afedff697b37813d410b29f729392c1e3006906224802c72510de705c7433a289d0c1222a5f639671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
ad86d6f3c52b10695ed988b471a5bf24

SHA1
77383193eb96bc214b44c704a5ff8577650b3de4

SHA256
839366a5e701c11c5fe91d9009c080d4ca8bbe123726f89a8c753b7ee06e95ee

SHA512
0e979612ad100b06098da90a89310b6ddba516508f327aa067ce98138bafc34e3dead2a5a125fe28bb2f3b416f127d9c9539641d583fb7865f5160bdf41fd743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
ea0481005efb50cfaec10db5b177035a

SHA1
8668828374183ff2b4452ef494f84ed12b060c9d

SHA256
aba3e1b42e1651cb0bf9a5744345135e658beda6fb29aa830bf0081b2d0569ef

SHA512
7f1f6d5f1ba33b471bbe6bbb22f33fabc7f169e803c0aa90bb74ad83168a197f18c3d24ed792ef56781a32b5745344d0c783d830aa8870e7030d8243748bd6dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
82a46facb37bedb40416ab28b06135a5

SHA1
d01a9b5ab9d8ca0bc5e0a18277e69a47475bc15b

SHA256
8cd20fe03a37d44a50dc8a84d6b7027ad161b80aa532240a82dfbb48f2db070a

SHA512
1ed27001d885e529f2b05b5b15eff5c202804c388099e04896ebdea100b3ae9c6ba7071410ec1c65f77f4ea619176647f4fb3be0efe3bb7657aef16ddf6061d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
4774f463f2cc106268090646f33e5f1b

SHA1
f3634e256cf9d499d2a84c793ec325334133d58e

SHA256
d282a3799a477003fa50c32b181e0ce554aab9a27e6a663ca4a2bf6678dc748f

SHA512
f10d7763217af12928ec4d411c2db93f5a5ad8eca5994af21da8cb877748bedcaba794bc80155e55bd0f02449e1855a1119275e86c3e1b254e03c6408d1b15ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0c09dd718174b3ca35f1ea6346944bd4

SHA1
a64b743fa2c06e1f1507b0315544aee67cce9156

SHA256
d252378b048e83291c86f8ccccbe57a1f34bc87a0e185c20a3bfa5d5c9ff81f7

SHA512
457daf8eae158a9876f3dec07cb7871f60f63fb19227381283a8b2082259ee20a2d055147e16190b9eed6fee2cf117613d45bf00df3c41db385e87bc7c8596b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
5333b33d122fc59c32857e99085ebcf4

SHA1
21f57527ceb129020a0ad195aeeb770991425479

SHA256
cb2e4736df529a87ef002352450397e07ce0b9359b8deaa9c9af46d9e23dd2d2

SHA512
97b72e052b033d69f379237853af279a2475f675b37b32dcf5032a283fcf99ef4f45ab57a38416e378e73cf45d439ad94b2c94ae3e79d91883c20edbaefb73eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3579d48c1a53ddba3d9773a7e191a3f8

SHA1
6a81fc4b4972de4e9ca37f6ae82ced6e0a605559

SHA256
494e92144cdf5bc1885b454fa0cfc30c89022276883bcb633381c32bc7345468

SHA512
2e0a030ff0ed72b628b13873d6d5f52f1d16cd20d4e3ea528cbba071f65d47513ee5ae15516b64053012afe6fcbceaae04d6c71e25c500f3a95bc177bc86c824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6860ac47f9dfca8bb81a14d35ae4ee50

SHA1
dd9189de2672c31325c61b4102b17653272ee4dd

SHA256
a24add7046ad29745b4f3b82a8d2d3bcae879eb3f579adbf8d8e3be76681951e

SHA512
8ebf2f90796128aa753d327de522dfcb1f5febad0717d2bbdbb1cde0ff883ec16d5e7d5a70e43d5b30826a44dad434c254a2392dad178c2efdb8e4b01a2f892d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5c1afcebc2241cb37ad8785b5da4430b

SHA1
2d632432acaee97815bfd8be65bc2f98b12bc0e4

SHA256
bdd9ec6ab7072880281c8cce8baa6fc831ef9ffa21fb8a08ab09a7549a73bee7

SHA512
94feab5325281c3d1fefe2de7416ddc8e4630db21cb8cd3e806674c1aadee4d086c50dd85f091b95ef68505820e347544545d603a136cdeedac7dc976e04f349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
eb21bdefd148bf0855ecfc54cd0f0e4f

SHA1
31cad0d5595bb38f49b2f6f9b5a0910a6c90851c

SHA256
87dd8689eadd419085031918b0fae59269fc3783a000b129eb4522b500d7be33

SHA512
148cab5115baeb65225faeed4b82ec9b4bfd53d478ad6a7ae534c4829ebe0440b265a6d3c0cc69530b0b49a08d819931031db4b362f7c6c2ddbe41aff56967e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2b61fdacc997c8042cc9231237c2be22

SHA1
1901d9479e1d1209e4399032b6f2e97b43382dbe

SHA256
c2c54d417522119c719675cee91c1ff9f4938414e8e9bfb97640161467ac63d3

SHA512
00b90e98e8e6a6a32c97aeb39056f6ead97ba49e57296f4f6c4c8fdf57c36752911c99ca16edaaf48ca86a1b4519ce99518306bbbb7bb0ca685573b60c2f4646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
466fdf96a0ad550588d4145d47e23952

SHA1
4719157e58ea2c541c3b9ebf7948702687d8e82d

SHA256
e457055c9f324dd4599b6979b1beb8665a17ced4417f19fe263745b2953e9c9c

SHA512
d6e450a60b62fa1e5071ff0cfdc489d41ff95cbc6c1ec9cdd3d38a1c8954d98e854a7ac7fc049fe5f90328eac544859dbfeb6da1f3e974ea5b3ea670c07f03a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f61d4267c9e3a9503b10b58490afaf4a

SHA1
fdf74bec81008d99cfdf733af9eeeb58513ac501

SHA256
2686aac55a54f58fa69fe2953791bc5078b8d7325399cb468dc226e34c59dcdb

SHA512
9b83c9e72924bcb77e7d7e1b134642d5f6e0b0e466a8bf623ab04661e2ed05b96343a586192b320731face0ad859e41b8a90ff23145babefc6a1c3a235ab7cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0903ef41cb836e85d8d9ea9fd6f61a17

SHA1
5df114f2f569f369bbd56d444c444e4e50d617c3

SHA256
f62700a3e237dfc753a443662797cd3cceacb0abb610d30c1dcc2d5affc744fa

SHA512
8a8f60951752daae9784692f1ed7adb7d6c150ed9467305247e29a2b89947ab971dc50d5be3e6b4521120f5378f22d1376d163d5d02ff2244270a3a590c32226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
54843801d944361275617cbbca064263

SHA1
ba79e0ab1c8b312a73de5c56e11b804a91a0f703

SHA256
13bc506dcb2fe98b1b371e1a704eea25e2877e8495ad49b268a808001d81a670

SHA512
4e2d8e39869c10bcdd5d9e29a0e4ddd75cd1a9e0252ba7d12c4e0094a57dc6a7be3526d45c8f439b80e5780afd2788d98b08932d0bbd2b0fd92684efb887ba7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb6560559d18a4c24b1bccb785c6a000

SHA1
d3d1d5f77be466c9635f98c2b48264f8793a9f84

SHA256
38fe2a22ca073055ec3e0836dc0ad81ee2ea12ae33f2656e7c5b8f2debc2dd99

SHA512
ab06885a11db70b2984683875010d437ca00d01f8b655fd9b26a3e7314bc9c47a088aa5736bdc173e884e9619f997fe03d7a1460ee9e855d230ccc1df5991ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f9263da30cf4b0bc6ab0e949c363652

SHA1
563f89b6630ef06eecf9867ca67b6e4ddc01e1c3

SHA256
c31234ede9153e66a6d2f096cdaf1f76c33d1c523e5362dc48e0254d5e7d717e

SHA512
7ef9bcf1261d19935276117b3ab1c05659d65f2e60b2a0cc82948aba7c79f38f89b0e1808430dc8cab6289f7636cfc3d1353ba91064dcb11d29a6fe4ec734efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a7eb56078b59bee6f625780009e35b9

SHA1
f62d127f36239f8cfd748e42da526e56d4e49d01

SHA256
f996613ed7616d266d95f320203eb12bf69a7eb77c2abc3544c4b6808e46f1fb

SHA512
b7ef10f52f1626430bab60cf8caa50f75d12ebcd95e45f7610e46641fb53cf127d354afa3e87d94339ff538e6c754b02ea918e5ee9be9bbd78989bb702502591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c263a6391bed71dcbb79c6e207c213af

SHA1
e6145439c21a25ae6a64a71fa1d55d31d9e206b4

SHA256
9bbb51e66b0115ce952b951ee046636af82985c3d0596b7f08c392150fd3be30

SHA512
ee1db82847fe0d884569e0585768f5d1cfdf5c7fccb5218940031bc7feddbba3bbbed8991e6563f023b03b7260ce084f9f7d26c7e26178cf1a47ec79751ac45e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63970ec723151040004030d8585028a5

SHA1
c00bc55f5ee7365d1350f92be4e91994275fa172

SHA256
a306542c68fe2996f332b2d6127e75567dc7ce65558769f970068cb8976fccc3

SHA512
dd54f932fa61027ee3c735a39a98c8cf64561305be064ecf335f2d878cad1b20d1750e058da3a97398181adf5259bf56dfb3a944d2ce564e8f867275aec1149a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5235247b084d9566c4bdae30e2a400f7

SHA1
65fc629a59bab77ff4c3038998ab1ae647d02ddc

SHA256
add41b45009577c38883072e11bf3eb8fce67e90a2d12fbe70f2217714a492b3

SHA512
c063110350d5fdf78afdac4025643a85a8dc284f8a4ca94944cb9b7c43c089281d4404c7ee5d6f28588bc6d546149a9386ba5dcc9810d6fe6408eb84ceb250cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3135f0f60f11b603616ee1d3b5e95f45

SHA1
ec504fe5f8040e98f9db337b3583540bef645f93

SHA256
eb23b693bbbd56d37ee973763a2859d0f98e8e9347fbcdc0f086dae93be47647

SHA512
daf37e5bffbee9892c196dbc3a4c22eafef8be1a5a9df3fad5ed6d357b9a4bda5a17cdd603391fe8e3c21ef581302eff1b2e8d0e6868303d8be43b560693e2a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b6c309e69bf0a296b6d0045e74417fb

SHA1
2def5a879767b8f57f7e6527a68942a0005027b0

SHA256
5dc59e817b969af5d7b9390ec4ed236c2078e88636a5bc09ae806d9c900a6d1c

SHA512
7bd7821008c0d912bee569c928e7e12db2bd6bb2fc3e05ebb4ff77bfbfc02b5802f96d2146af83c1a3e20087b03f45834b6d7695efd02e77a6d56f242913b231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2c53e1258e290a14cb13cf0819cd81d

SHA1
359a53adbc0b97b12270c099332ac054794deb4b

SHA256
ceae40c7dd1793759042eac18cb795e31930896c6a17c5b2e58cbee51715427d

SHA512
490950f6f83c9e7306bce52d839695cfbb9018bae869ade3548f73c6ff7d3853b69971076ca537552fd3046c35b00c842bde77b4873ebebe7676498e30f2287e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e340190722730c5cfb374766a0fa9535

SHA1
57366df1a80fe0917eae300e29fece088c91e3d3

SHA256
864e603cb4491d292c0a2c2136cdeb4c644d5ec67cd354ec08308e082f0ca0a7

SHA512
2050f389ce985b1d1dec841dcc5e6ecb5839721b06e6254aa168ceec90c2533107f08140389ca7049703d5802e118e7556294b96b3e51fe40287d6447e4e563d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5c1f638ebbca6a91e2327f8bd90330af

SHA1
5690b654c3d01fea288e9531308eb4f024a43080

SHA256
68ad3bc08bb3c672a23c80f162fabb78d35f5b154f37970f4f41f9ada68a95d4

SHA512
98642bc10c34a838d8a263c89b98ca11fd55d58655ac676a181d3d2736e68fca6ac27115d50a757ce1d940c1d2e2300904b1539d027b67030b1d4c5d4e989427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0815a21b26587bb73394ab7500867a44

SHA1
54d456fe92f607edfddf01c5f478a541663baeb9

SHA256
da78b0da4fd280b45e8daab95cb1d5e906df6cc48df94178595412f51aa4a49b

SHA512
d5603b71d3271c45474e5b659e578055de6082e895874ecd6051444878e7e7021c4fe4edbdc092c9d54aa1cbb70b753c730f80d785c6e8e90191149fb4ba76fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ef8b577f-bcbd-4224-8ea7-8fb18e7107d8.tmp

Filesize
10KB

MD5
3de356c88d62e93d376da92e370d0346

SHA1
7289067ea4a4162fe713ef254bd7d38639191b9d

SHA256
9ef29a8769c8ef084afbe7ace0b94d1f03ff124063744de877a16bf1ba3dc91e

SHA512
50376a7e73bffb19234d51927ac9f0ce56aa9b8f1d3690ce8f55bcfdb979591bdca041a764cc32ab7f3311f28871e11b7619bbc8a0c3e902e216236bdd58ae68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
b827399511167a316155559aed456f88

SHA1
dae354220d49ef8bf75e5c729b3cd4068a23e448

SHA256
f72cfd40fdc6136cbf978f861ae3c123497a078a0999b56ebca8d407bff3c9d3

SHA512
d8788df5a7ba0c36d4fce7ea27cf56e4f4ebc89500d6f53284767fee977154ba7d3670570bfc7d043a79911116f062e31d3507e5877f6305bf9d203fb0317193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
af52f841f710c481bc6e17ac94adad1a

SHA1
83cebb2eef67a85d2775fce6daea531e558c6930

SHA256
75abd6aa843e3107cc15b7140cc2e546ca80ca0139bf95d0bb4e306d34bda87a

SHA512
7d585d02194dfc98bd3e7f21d759f4ef9acd320903c5fe682c3e94e00c31498f3d10f5694d786e04068b8f21e1eb9deed33db31b3e411697f70098890b4f9fcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
0ea3d4e6d2cdfe27144790ed101a9f29

SHA1
339b8d7d0a58d76a33e4edce0be173309624a630

SHA256
215bad8ff50c4565c5af432d133cffd3463b63305e077682b7e8eaba4dff2be1

SHA512
8a3d04867ecfc447c550edf54bd2299c45b86718c2b4193abb3dae352876565d438c6417c2f15fd9c7b5befff215e667b44175ee3f217bafc1fb91b93975f831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
239a4f489f3675c40cd945e89a189a9c

SHA1
163ccda2a5ef2a04c8f122b9acd073f8aa1ac429

SHA256
da60615a3ca9e944b026a37bd36bfdc9d5d55dc830ab5e37e736d24db129303a

SHA512
805cbcd70e6078ed6c4109e6217c61e2674c8846c60415deee6ddb67d58c6ba2c7423f268216fe9056ca26d4ec9f1319a55ae50d021c7f9f84326a5588c1da5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
ce1a9f6c19f34170e826e83121290f14

SHA1
146595dd824816869d8c3e120ae5eb470bdbd19b

SHA256
66549f4b4647be5bfc619db86839d7dc208ed4af89fae51f6c804d00b37ee421

SHA512
b81717719577ab4a5aef79b66bf65aba9fe6115d6a75e2e92e94a68e06358c45e7ac95818caad4072f6e1bcdd78331c6b40d1956441ccf948ce699ed23c0cc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
c374c25875887db7d072033f817b6ce1

SHA1
3a6d10268f30e42f973dadf044dba7497e05cdaf

SHA256
05d47b87b577841cc40db176ea634ec49b0b97066e192e1d48d84bb977e696b6

SHA512
6a14f81a300695c09cb335c13155144e562c86bb0ddfdcab641eb3a168877ad3fcc0579ad86162622998928378ea2ffe5a244b3ddbe6c11a959dbb34af374a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
f494ab9cff57ab69ca4a9d4c731981fc

SHA1
c3671c8d35996b85230b6a1a3ee8542ed9e03a27

SHA256
33eed3b1e918db61ffb5fa82636cac84727ff52beee9a8d5eb1be84ebbe4215c

SHA512
1852d2f53d4d1ae27ee682e1b3fd4360643537344756e649b819f34ecc4cd864e68e0e44345df114ca78c8e80f5d0bfadbc4515efeb06d9ab5bc9f834f126bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
b0b120d72479b7aa99b79d494790f894

SHA1
6d6a4ccc307bcddff497a7f0ab97109d79a84093

SHA256
041095b6af2df77c43f4a35a344ed5518d45addd2c64a12586dfbf45eba02f27

SHA512
b0536bdb19c6098a7ac03bbef1aff07132a96ecf11d791d932556d37a6279bf195057ed8d1b4e049b7822e76339f2725511e6906ff0166b7050c834bb4e95bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
5433eab10c6b5c6d55b7cbd302426a39

SHA1
c5b1604b3350dab290d081eecd5389a895c58de5

SHA256
23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

SHA512
207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
e850aac75a5f7c9e3856b600db1da339

SHA1
7acff504e885dc8895e84a79630d8f491985d581

SHA256
f8eacbbd9dbf1a8e3c9f1ff50a1f01a5426f9a6561075620a7b777b49b2e1dcb

SHA512
84b60b95d7a61f14aeeaf1abeec944cfb3feae0095e9ab00864d686931a5b02e66415a54086482d7804d0484d78e069f0d7ed7825a8df4820e8d8add065488d3

Download Submit
C:\Users\Admin\Downloads\Solara.zip

Filesize
436KB

MD5
a7b8a9578e28cf1efb2af79f23c63a53

SHA1
d6ccaa3bd3adf465de03e2a1f57e80fc8d638fb5

SHA256
498ef5db7fae596a321995ea4f8ebffd123e44f3385874188c656841e852617d

SHA512
7ca1e56dff5ec9df09d4fb9317bd2fc9221c6c7852b6b60f75fd2b0b349485fa658b6685337836f8650aaad9253903c308e8713211212519db10dfe5eb6b452a

Download Submit
memory/1920-34-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/1920-33-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/1920-32-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/1920-35-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/1920-54-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/1920-37-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/1920-52-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/1920-36-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/4312-773-0x0000024666D70000-0x0000024666D71000-memory.dmp

Filesize
4KB

Download
memory/4312-774-0x0000024666D70000-0x0000024666D71000-memory.dmp

Filesize
4KB

Download
memory/4312-778-0x0000024666D70000-0x0000024666D71000-memory.dmp

Filesize
4KB

Download
memory/4312-779-0x0000024666D70000-0x0000024666D71000-memory.dmp

Filesize
4KB

Download
memory/4312-780-0x0000024666D70000-0x0000024666D71000-memory.dmp

Filesize
4KB

Download
memory/4312-781-0x0000024666D70000-0x0000024666D71000-memory.dmp

Filesize
4KB

Download
memory/4312-782-0x0000024666D70000-0x0000024666D71000-memory.dmp

Filesize
4KB

Download
memory/4312-783-0x0000024666D70000-0x0000024666D71000-memory.dmp

Filesize
4KB

Download
memory/4312-784-0x0000024666D70000-0x0000024666D71000-memory.dmp

Filesize
4KB

Download
memory/4312-772-0x0000024666D70000-0x0000024666D71000-memory.dmp

Filesize
4KB

Download