f8d5e6d2ebd9e72aa47b1fcd25d7321fa37a5de8400976b01711d28d3d1a2d0a

Analysis

max time kernel
33s
max time network
20s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07-08-2024 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cube Combination _ The Rise Of The Cubes [1.4.9] - Roblox Studio 2024-07-21 17-01-37 - Trim - Trim.mp4
Size

24.0MB
MD5

9db0492e9a94ce1993bcca5b35e24cd6
SHA1

2d61e7a925445c4df3c8641bed4a350751f79d42
SHA256

f8d5e6d2ebd9e72aa47b1fcd25d7321fa37a5de8400976b01711d28d3d1a2d0a
SHA512

4a719b02eee044116c3df808b8781f103bc37645a7901cc2dbd9169aaf3b12038b09c44c0b38017b95765797bec006e263274d30cafa6d5b237c5ee41e9c5cef
SSDEEP

393216:MCsiuCJVTmIE8S24Z4+HSFv8g/7ycoeflQleyKV1GqMP1RQPql+Jy4JsQC/poSuq:iiuCJVt0L68E2De9Q8yKjM1RQPq6y4J2

Score

6^/10

discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_wm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675008320496670"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4144	chrome.exe
4144	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeShutdownPrivilege	512	unregmp2.exe
Token: SeCreatePagefilePrivilege	512	unregmp2.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe
Token: SeShutdownPrivilege	4144	chrome.exe
Token: SeCreatePagefilePrivilege	4144	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe
4144	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 1272	2324	wmplayer.exe	73
PID 2324 wrote to memory of 1272	2324	wmplayer.exe	73
PID 2324 wrote to memory of 1272	2324	wmplayer.exe	73
PID 2324 wrote to memory of 4608	2324	wmplayer.exe	74
PID 2324 wrote to memory of 4608	2324	wmplayer.exe	74
PID 2324 wrote to memory of 4608	2324	wmplayer.exe	74
PID 4608 wrote to memory of 512	4608	unregmp2.exe	75
PID 4608 wrote to memory of 512	4608	unregmp2.exe	75
PID 4144 wrote to memory of 4400	4144	chrome.exe	78
PID 4144 wrote to memory of 4400	4144	chrome.exe	78
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 2516	4144	chrome.exe	80
PID 4144 wrote to memory of 5076	4144	chrome.exe	81
PID 4144 wrote to memory of 5076	4144	chrome.exe	81
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82
PID 4144 wrote to memory of 1348	4144	chrome.exe	82

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Cube Combination _ The Rise Of The Cubes [1.4.9] - Roblox Studio 2024-07-21 17-01-37 - Trim - Trim.mp4"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Cube Combination _ The Rise Of The Cubes [1.4.9] - Roblox Studio 2024-07-21 17-01-37 - Trim - Trim.mp4"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1272
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4608
- - C:\Windows\System32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff89bc9758,0x7fff89bc9768,0x7fff89bc9778
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1784,i,8304556291141419053,11948555184667630282,131072 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1784,i,8304556291141419053,11948555184667630282,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 --field-trial-handle=1784,i,8304556291141419053,11948555184667630282,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1784,i,8304556291141419053,11948555184667630282,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1784,i,8304556291141419053,11948555184667630282,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1784,i,8304556291141419053,11948555184667630282,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1784,i,8304556291141419053,11948555184667630282,131072 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1784,i,8304556291141419053,11948555184667630282,131072 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1784,i,8304556291141419053,11948555184667630282,131072 /prefetch:8
  2⤵
  PID:2972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ca9c5f2eeef1bf7670e9260f549725a7

SHA1
5f66b54337e25ccd7ce250b0f6207727a569063a

SHA256
5a02cb9571af64f215f59cbfea4fa19380b422e717b792a992e74daf7c93fc98

SHA512
e2b096854594f89f6bef3c02881ed0024de41951df05a213e6cd0b93210ca25292f72ca559137529c3b68c3d6d92aafc5518c6ed26e798976e2ef951dd5732b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6e110a09ed4edde88dcf9e431ad057e4

SHA1
1fad357a6c0d941dd83216a74237956387080762

SHA256
1394deb0118db0658f44fc89dab088a142a72532d05e4afcf4911603b30134a3

SHA512
c2ba474134e8d39c77c5c6eee6ebc18b679a8432f14f2085882a8c76bc97151bbf1c2e9634c5fb23ae830b2a077c7b2c9c05895b3802c2679280b34aabb2e42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
4ddb9fb0816581c613bf0ab77c42ad9a

SHA1
a9e77d0bf62d74db42f72311f8c5f164205e8cef

SHA256
220933a1b233b30b15c97265cea05174c5890d72dc03772d3e431c6649e2200b

SHA512
f9e7076c4a01612279551fa8d4503932d8045c59144970d4e3c2acd7f1810e1f76a8cfc59c59aad2355a59f342b5d7249b174898430749cc7a70ba10f1c9b31b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
292KB

MD5
f753b9bf862ea82b1f405bd078835d87

SHA1
21e7857b3963ac06807d1317317c57cc06667627

SHA256
6fd451ad39652a9cb1d60c5b28974ca6ea5339dffa29c348deeab165db951013

SHA512
1e2d02a679fa2396341f46681b78c4211df9d912fc79f103ee5aedf6a4ccc760b81273d944446b287c435ee976425e4c6e6d6ffcbc65ca866b447c393ec859c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
f19cbc0fe6f95513f453d8c1d0bc0a43

SHA1
fe40eec93c9f2bbae036667757c786583a028592

SHA256
4360d972da47246e9f52a016a2f2c1a43e101cb10f7203f9ab489de34c50011f

SHA512
6ff6fe4cc24f6bf89c4ba432abe506c0c3ea54eda519ce5f8ba94ecf01148e5f6c05924a5fee483af043e7acde745b20f851f991f5d1fd291c715e7ccdf88541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
bae67383c9ea2d39d54953a9fc0da383

SHA1
4f2047ec7e1a1fd9af9054d06465fdddaa68313c

SHA256
6cef6d374b4f1501699dfa755789f653c728b280e252c0079ee1524329f6ef9b

SHA512
717571a088c71be11e22911582843c445477229bad4e8d442a3c3c15e13f921bf794f699b762854d5f0560eaff4191f7d9f239fb2910616d27b0c8a68d92e7b9

Download Submit