7dddd3f6b4c43d2bd874fdca7fbfcaf2632a6f4f79a63b10ad2b5e1efe7c41cc

Resubmissions

23/08/2024, 02:26

240823-cwzs6s1amb 6

23/08/2024, 01:06

240823-bgcvesxdlf 6

23/08/2024, 00:08

240823-ae6t2sxdnj 9

23/08/2024, 00:04

240823-acwlasvdkb 6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Tee Grizzley - Young Grizzley World (ft. YNW Melly & A Boogie Wit Da Hoodie).mp3
Size

12.6MB
MD5

34b9ab9521b730e44f5f221c36a43f41
SHA1

bdfcaacde2c963288f548b14fbb514cb0a43ed1a
SHA256

7dddd3f6b4c43d2bd874fdca7fbfcaf2632a6f4f79a63b10ad2b5e1efe7c41cc
SHA512

b838ed664807e769b25bc9efcd5c0ef7b3264b3f3e232ec2b1ba84b3b72b692c147779b48155080ec8160b3f0e3d98302fcafae7374779807eead1a742847bc1
SSDEEP

196608:yHUribnmYW+K4fv2rep+WKr6lHl7dUctiGVwHESt07spEo:w2MnHu4BaIFpUgiGOHbz

Score

6^/10

discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
129	discord.com
130	discord.com
131	discord.com
132	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688451106146770"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{95E74890-A26E-49F6-A378-3CB963EB456C}	wmplayer.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	228	unregmp2.exe
Token: SeCreatePagefilePrivilege	228	unregmp2.exe
Token: SeShutdownPrivilege	4152	wmplayer.exe
Token: SeCreatePagefilePrivilege	4152	wmplayer.exe
Token: 33	5040	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5040	AUDIODG.EXE
Token: SeShutdownPrivilege	4152	wmplayer.exe
Token: SeCreatePagefilePrivilege	4152	wmplayer.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe
Token: SeShutdownPrivilege	1356	chrome.exe
Token: SeCreatePagefilePrivilege	1356	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
4152	wmplayer.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe
1356	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 3212	4152	wmplayer.exe	85
PID 4152 wrote to memory of 3212	4152	wmplayer.exe	85
PID 4152 wrote to memory of 3212	4152	wmplayer.exe	85
PID 3212 wrote to memory of 228	3212	unregmp2.exe	86
PID 3212 wrote to memory of 228	3212	unregmp2.exe	86
PID 1356 wrote to memory of 4856	1356	chrome.exe	95
PID 1356 wrote to memory of 4856	1356	chrome.exe	95
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 4520	1356	chrome.exe	98
PID 1356 wrote to memory of 1636	1356	chrome.exe	99
PID 1356 wrote to memory of 1636	1356	chrome.exe	99
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100
PID 1356 wrote to memory of 4408	1356	chrome.exe	100

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Tee Grizzley - Young Grizzley World (ft. YNW Melly & A Boogie Wit Da Hoodie).mp3"
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3212
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:3832

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x464 0x3cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8da61cc40,0x7ff8da61cc4c,0x7ff8da61cc58
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=552,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4760,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3332,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3276,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3292,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3264,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3428,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5372,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5020,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3424,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3144,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5048,i,17781550517517160488,9432226354375203581,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3792 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4308

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f351be5f86566260f0eb8fc7208d091c

SHA1
693f6d7814251481b36c203db0cee4242d4432db

SHA256
08ad3d47c176c057ee6e1061a9f6cb134a3f2b75edaafb159bf0f2c3e7560e52

SHA512
8eb061ed48bf5e970b2a5560f60833e077d3d02d56b8ad061f4057ec0b8dc0c9af24406d8e8389726ba19bc9d9c66214704af9e40cc6eedd202e58c0e8ba526f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
1fe825e538a64da275fcdec9da246696

SHA1
b1976d9b465e2973982f96786a40ac6c4969bcfe

SHA256
85614766a82cbc331c54ec66770b500a95680cd1b5121b98d193f62aadd23995

SHA512
91a42c49ca8fbb2608c05788d99b1f2c5dfd2e18ced21431e9587195e166096dd263bf682dcb3e6e5c245c16933b74899b2f42d3966147d2b95cd011ea402edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
4b3e020f8356a7f6d199d44baf451830

SHA1
44f31b1cb2e1b68d4e6959ee71a9ab6cae8d4838

SHA256
f4a829311154898334792afeb7e18455d8ad30bc5ddbc30d6f7c44b02824cb87

SHA512
df2c8f7399b45bde3e70157ee237b0fb94535fc71d1817a5ff589907409eef2435f222f87633624b730aabfa868683cc5cf4eb80f6a58b6f04df7d6b50446fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c7f174061e4d33229052e00e376b7788

SHA1
e79e2c84a48ac098fc2b3a3e46cf84a81ed24f9a

SHA256
d73bc6de25cc191ce1a1e75fd546741e1c16183b43cd4c58956441fb1d6311de

SHA512
37f6499aeae4c09ff9e67ddb7265e8e5033f1b6c6b43dd8dd17f79188c52c99a0910ba12d91c0836fe4d6a156b1b84c18a5c66720fc8f69111d4fe8f570f88b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
266aa4bff41aaef928313ebc4fada6b3

SHA1
71f131ff00fbddae996f576a990c04f5766365e1

SHA256
404dd3ba2c48352ea29b66c54c476f8fb00e4aa668a55e11b32d0ea2bcb399a7

SHA512
1f3c473515be3fc55fc077f369df67df630105030c53132376e6a751a2109743a472fda060c2edaa4d0918496b81e373fe48776b0277b9e2136d594c0efdc332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fbd7ec4bf8014478caebd40d6fe29e1a

SHA1
7403f1d8aaddfe9d1ec4de454c7907e76bf57024

SHA256
d1c1796977a8d7901d47a47c43278b2b16b9256689d2230b627b47bbc14ef214

SHA512
7ec7286985d3cd8ebe227e39e9faa3979b47c0e05b1c106c09cb7b28172af25a5310db34c3eadd061fc72fd9b2822dbfb4eb444904d4230227ecaca76a73c75a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
b6405d304cd99b083c249e9a4b230e45

SHA1
df8388243e03f7c09f13fb2d1d9e5166ac97937e

SHA256
59773fce2895448c77cdb52d920530c4a37d136d7d62f13c299644a269a9e896

SHA512
16cd937e4dd095a3f0262e099f59bdbbc7c7981e9441ac7c2e38b1e789ac5bf11778303ba46b3a9f1d7ce926cc8f1411cc07736add0a7d68e4e0ba3ec541b958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
77205146bfc89d99eb04804bee81daf9

SHA1
6d886f03558d96f842341c8456a5fb9b2de79d7c

SHA256
c2879df3781d55e0a2f006ef077faeb795ce76b9a9ac3ebb7cab833d02532785

SHA512
8c10c4b33979cd6ac9e35d4e2917185bee55734f58a7636b1bdf0d26eafe994cb623e217bd66f8324b6b57af1c6e9dbcbf4800ce2fbdfd5f2c9f1c29104c99d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
39f0fd5f0a4014c56913d7134135e59d

SHA1
8b315830337c2595dc9943de302180eaffebfe86

SHA256
d9a8b197eddf03a82a8eda874e11d534641e8cdb7523284dfc50cadd76ff57c1

SHA512
08cad7c41ae43b74bbfcb9db52dd4729dee82673ae6558a24ea23493ddaaebcd34b797aeeda3a7ac58092b673e56b0ef1b6ce7d46642054c3dba346415f9410c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06b6ae905f772910c60d6f9903c1e59e

SHA1
e5237e17886201814d77fe7f08ae0f0090636589

SHA256
2deb88b9c37396735a617a0a9c2fe00bb4de0f1125b07b5b56bebb62e1d527fc

SHA512
49c33a469c5dedd38dccfb0513e078032165fad80a708e5dc61c5bf24dbe64c6eea4ec5a5c08cb75b5fad70868979870c1f6954b6f039dd3c814863a56ce8ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
612246469c62638e7b6be711f5e8f0dd

SHA1
81ba078946751ef2f142b16080e0deec9a5e445e

SHA256
a479f7785152b0b06a8032720bece8782cf755ade0933d10a96c8047e221bf92

SHA512
1cbb7e96271b0b719ea9fbb470d8247b7776884348114f7ab72a1143586d566de702009527bbdb178862f8f4b13bf4d3ca56a2efe0ae37cf29df34c17925f83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b6fd30afc22c8ff011ee7b40bbbf29e

SHA1
f690d6f64474ae6d6ee5ae3d9425a3b07f915fa0

SHA256
b9e94b0db65c51ec48f4db1f27b5bd7237bc6c2e063f0f769cbb3be3a3f5a9dc

SHA512
a188a4c1bea79b8011d2a5cc91c6222f41a9aa2d678c9a3ffef400c26668fef8e06a948850d877a7bd85b5a790e51bed4b7ab97a8e4867f2570eb3eb7538ab21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23853322be24e4ac0ffb842dc0923908

SHA1
09d12a6ef07df2db500402e7d720325b656d6dc3

SHA256
ca090e622b478d21c5ccfe1306b2a9eaf0d58f086fbd30023ce0c5f68445a182

SHA512
2df5267cf52fa283f8365df4edd518319cac1fe414a745c7da6da91717c27352c8219e61f5597a20f5ebfde5fac6a98514b665bf44a2f9b07b72899b50ad72b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea1949df54b7212ea4cb931097b0bdf1

SHA1
6edb9e83ab18c5082e4be41f0baf547bfc826b6a

SHA256
0e1302e38120fac7ff9903b1a9b67e9e611e25bd43076d3897ad97668188af01

SHA512
233e505150c45ff8ce5d73874c70a0d4d9b371e75f52e0247b76457efe3aeca1817ec88f624649e991df04df9e524c0083badb3b54c113aa095d8bda1c025651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8342932d9109d95ccfee8268d186641a

SHA1
9e5d1bb164a9d8391c0839c4e31d076d5d4f722c

SHA256
6c20e71dc11db391303ace7aaf87a1cd445bd32d308a92fd651375001ef4ec42

SHA512
44deaa7f84500aa81ab072ae0429d43e7ceec428d7bc525dc7d8da988899cd868b2c87051011d619cc86eec13a0b8578275e962876f4ac81c52db28800bbb7a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16df68c296e64f915ab22bca3d4e7fef

SHA1
65e2a76fb9192f051a5bacaab6656b0db3b02c99

SHA256
70a61807f9a0d089481d108b437814dc902ab71bdc8f00b2a17261100f612a3b

SHA512
974025b5b00773f9c3f0e19ed3c9a597f4c9fcd02d5a07d2539ed2ebe69ee971a4a37dc5bec69d24de0e87fffc94d1e47a1ab66c6f9f9d5ed831b23ed08fe071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9620df2caabb5b5f7d588ac94b27064d

SHA1
e080508c530e4eade942e672e62875a99116dfb4

SHA256
12b29f4601efd1102b1a50d9dbda0383b56556c52d8acabcb9854cb6e405d5b7

SHA512
b08498f39ba7d704f925e6952454b2be8250c61ae866dce017933e1430591b73413f7e648f183d792026cccef8868da367051817732f45ac90a79bff1cbf2426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab45a0a05c552498d4f99f59196e0a80

SHA1
be7461fd906575f9f97837a13f10da488864fb87

SHA256
2a78067177989ee90555670117e072fab7fd75a0f0cd64ea54f23a2406253b66

SHA512
750830637af2ab3581877af30923069702b3a11e8236093db8926579ab743d6d6c0dcdbb8072705d464e3e1377396a4c7c164f63fb0cb3ac273a64bf60a74e49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b2ca361bf33b260b2dfab478a62c08e

SHA1
32a0735ed2a492a7e77f1b838f6edfce2688ceb3

SHA256
64f5f22f072c61e02d0344a88421056452501bb47abd13741edcdf7c5d002a80

SHA512
75b4ad5df31abaae91b4f621098c973acb5913346648560914bf1d44f7312b21dcdbda1c30d5e262cff522036ecefdd9527a0a2222b9031e66af9559ed95d76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ac6cacfaa14aa837093f307e3bd50c5f

SHA1
f60474a7e2f1254c78a6149f4b0073c1df02c461

SHA256
704adce6df7dc99e24f14e1dc94a7e1616289c2bbc67e235e769392fd7cd82b4

SHA512
92659243cc8edd164321257e66e98562f0c509ba21f6685d214f8d8eee513df208ce1c31e533969b55369b21bdecfefb06608b7ccf51ac3904ee149c024e53db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
93154f3a88e3d3b1769db4046664e60b

SHA1
b5b88539e290796a91e2404962bc68500a31e529

SHA256
a863c770ae1c8a6cb4a7beebfd1d9c9bf96ae973f18f5f1066eb8a2c7c043676

SHA512
e2da14864d43b4b1859f854c410105745e035eb2fc8de3d604517a2b7c07b1d128c17350f0ebe305b4bef5059ca4de11d15f609dc13f73f0bf07b7a4ea3c4d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
a66e3fd3d72a46b1f0bb22c4abdcee0d

SHA1
d300407bca96c91e2fe16a8590c55e115ecc1327

SHA256
59cff556ee0066046e3902e03d7103513db82e724f0b1f698a2237ad140494bd

SHA512
7e322aa49ca6931d17043a6ff0baf3fbcc15e9f0b443ff5e014d41c5fcb9c80b541f352accaccf41584056b9f73c468db7ff45279e6e05a4d10a9c6e5cdfe435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
384KB

MD5
c7ca2711d80cd052da0d98ce7e6dec6b

SHA1
b051f0425224cf70e3a10636c21bf113bd1cd301

SHA256
a0c1147d7f6adb99735dc3fa370ef6fb8e6ddd3687eb7afd677af5c71df6957f

SHA512
487b985fe8a4fb9a0cb59ffb0b485133e0b089115e36b9bc3f0cbb64babd899daf1b282a9554b45874a59a4c7d9c07db370650c28a5731bde50f52e66a0fc0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
1fc11e1bab0ce69ec51e0b07920969a2

SHA1
e7de330dafeb0319dd1af115ed7f00844aa2df4f

SHA256
12d375b19903182c050f0e8c6b859083a3dbd2f5505ae46fca218dee525db5b3

SHA512
a3ad59f5c4a8c7a1f536b6a9b3714d35fae9ff7694cae5069765d12bc3ff81af686b0a9decc22d7dc02d820a18176ca57df76c119cffcec9c25bb6ca85646379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
5433eab10c6b5c6d55b7cbd302426a39

SHA1
c5b1604b3350dab290d081eecd5389a895c58de5

SHA256
23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

SHA512
207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
3633dbe84d7397a4c62e0b3f4711dff9

SHA1
befd01e4ba8a0365cbb56706224ac3479b994081

SHA256
fd56de0ef70dcc9c5a21a669ecbb8e40d74df5d5098f38669da13a983ace304b

SHA512
a20031bb389be92b8e2747f4d4d4a2ded4104c36e4bc8b321c970a9a42c1012e66ded95985cb155b449654fd359bf2283cae96a125fdda875f37bb06782adef3

Download Submit
memory/4152-31-0x0000000004640000-0x0000000004650000-memory.dmp

Filesize
64KB

Download
memory/4152-35-0x0000000004640000-0x0000000004650000-memory.dmp

Filesize
64KB

Download
memory/4152-27-0x0000000004640000-0x0000000004650000-memory.dmp

Filesize
64KB

Download
memory/4152-30-0x0000000004640000-0x0000000004650000-memory.dmp

Filesize
64KB

Download
memory/4152-28-0x0000000004640000-0x0000000004650000-memory.dmp

Filesize
64KB

Download
memory/4152-29-0x0000000004640000-0x0000000004650000-memory.dmp

Filesize
64KB

Download
memory/4152-32-0x0000000004640000-0x0000000004650000-memory.dmp

Filesize
64KB

Download