f35c32336623760c4c7f2f97de295dd92d131cd0acf8aacef4228df6605de247

Analysis

max time kernel
716s
max time network
716s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01-10-2024 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

monkeys dancing.mp4
Size

11.2MB
MD5

78ba068286738c17db3758bd36e07a94
SHA1

a1d28e2f93ad2ee7c26766251773255e4e6b7f8b
SHA256

f35c32336623760c4c7f2f97de295dd92d131cd0acf8aacef4228df6605de247
SHA512

bb187df15a43aeecb908f480c5ed7e9316d42135e125a1260f8c1a512ed8e9a0ced6621fc09e06ef276c38fd381233566a56b762fe218d32a5a8a82c161f5592
SSDEEP

196608:AfKpOUXRMMLca+mpG0aFr6/6EDjFPgEyAO307hXNu5VsTpe2XTsuUlwqWP:AypOUS6cTmfmr6RDjFPiAOyqVso2X4uz

Score

6^/10

microsoft discovery phishing

Malware Config

Signatures

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722444552412598"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{4A41301F-BDE9-49A3-B1A0-27F224D794A8}	wmplayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer	wmplayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID = "{cd3afa96-b84f-48f0-9393-7edc34128127}"	wmplayer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{5ED9F745-9DBC-4754-8061-3E43B312ABA5}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe
340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4656	unregmp2.exe
Token: SeCreatePagefilePrivilege	4656	unregmp2.exe
Token: SeShutdownPrivilege	3324	wmplayer.exe
Token: SeCreatePagefilePrivilege	3324	wmplayer.exe
Token: 33	2528	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2528	AUDIODG.EXE
Token: SeShutdownPrivilege	3324	wmplayer.exe
Token: SeCreatePagefilePrivilege	3324	wmplayer.exe
Token: SeShutdownPrivilege	3324	wmplayer.exe
Token: SeCreatePagefilePrivilege	3324	wmplayer.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3324	wmplayer.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 5104	3324	wmplayer.exe	79
PID 3324 wrote to memory of 5104	3324	wmplayer.exe	79
PID 3324 wrote to memory of 5104	3324	wmplayer.exe	79
PID 5104 wrote to memory of 4656	5104	unregmp2.exe	80
PID 5104 wrote to memory of 4656	5104	unregmp2.exe	80
PID 2028 wrote to memory of 1136	2028	chrome.exe	86
PID 2028 wrote to memory of 1136	2028	chrome.exe	86
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 1768	2028	chrome.exe	87
PID 2028 wrote to memory of 3688	2028	chrome.exe	88
PID 2028 wrote to memory of 3688	2028	chrome.exe	88
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89
PID 2028 wrote to memory of 2564	2028	chrome.exe	89

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\monkeys dancing.mp4"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5104
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:596

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff8f2acc40,0x7fff8f2acc4c,0x7fff8f2acc58
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5076,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4660,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3464,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3340,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3104,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5396,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5368,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5700,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6012,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5412,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3496,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=1152,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5976,i,3332319248724284658,8572765699623926326,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1496

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1844

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\06036ddd-0753-4604-8cf3-8f0d23f94330.tmp

Filesize
11KB

MD5
ec22ba20a6a7f3d6cc825c7019dcf04e

SHA1
c64158aa04d47e774a398a4791b6160f3e781c1c

SHA256
da7fd75a9d4c9ecf95a942ccfce462f2ed52eec6120f72501e0a37fe45e7a368

SHA512
40dd6a161811c86c8b49417c3036675c0ef901c86f9927b54da6caf3a5fa883843200b78463d7b633f6b3e1e48f5df8230369a1cab01cf2f802ecad6c7727b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b14c2ac502b27020bc9397763f894bfc

SHA1
b97ce531119d6ed24a26fd154539fc3245fca054

SHA256
20f67d87d379128f64af2363a8bee14f760e7e4369ab6560460c8563b89c730f

SHA512
86d90956d41fdfa4f6b7ae4c88b5a30c63ab37be93f861d0b51adac2d34a4eff335731cde032ee5fc970881be65ea8d7ea65d923ad9d21ba251daf5d955a1caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
f73d0b1d874e7737027e58aa4abf626d

SHA1
f62cd2fca7d60e033dd90fceceb4d6d0aba08c3c

SHA256
2061e26d5d51009d567567a247f9dd2bf34c03df2278d01d2c0313d947ae2e04

SHA512
75cc5934e522e2da4c894d4d187d7c8e778978a4f21473802bd374c4349d869fc848a2e7f13baeb0e42f43a1fe2f94412acd8e848b0e6d320516b0ecdf843a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
01e130e70cd73af3390d2e28b46aa50d

SHA1
7050b11ac5972441ea9d438a992ef6e5644ca026

SHA256
804e4e6653921c1c8a7c856b505118cc3704760858f32ffbb9464c291721049c

SHA512
b32fe0269a9700c3255daf33a999cdb215f4f587a34fe3e0fdfd0b2dd2ec75d26240f3afb0b86635e8ff8c65b22f2ebe65b7511ce8f8d6b5dc5d356a86971a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
aff44e0ca5a751e775b7d354494d85ca

SHA1
3c39576e663de60168529802b61e210b632ef6e0

SHA256
e18aefcc93dd89fb3b0877e13117e5d4b80f4d97d8fa516b40a3e4e45e612742

SHA512
e99ce3753da652b0e6189a20b7a954a27ded2bcf26927e5260356eb1ba5143bf9d156167961b9984f69ed11a4e55dc22400ed0f95398de438faba3dc31feb7bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
63c6b18148b45b8c5cecbd2b5ac35aaa

SHA1
8ee9c0eff9a6744c43f20007744ad2e6877c6012

SHA256
49094b0c9818cae0e7e7e5f744a73f74a023587f30c21159b78aee7e3e016794

SHA512
227bee1f75bdf846ea79ca73cfe65446a6ac03fee5a0a24520a1a9cc6a44a1b2d432488f77c4b9eb19c05af5e8fc8dd21af6f0230c4f01b79a5006477ec9565a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
11a993a4e838fe27c2f4d2e070116484

SHA1
fecbf627d5ee2244f488ca5b215adb2131e50e14

SHA256
2ac1be1ade61ede8f7b38d5dfa543729626655cf11f841e80dff69e5d42cde82

SHA512
7097160f6cc8cd04064eaf4869e1823f8a447274258ad80d1259f3a60c45da0799d1349b964a5e6d54dd5a02df93ed87c495f35ec2758acb0efcae3c3168edc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cf9b454938b442c88f9c19e813811864

SHA1
27b784e170c413ab98eb9d6ccb056db489a36bc6

SHA256
802e5b8868576f2967a1fff1c57c3f4035a92b2ab7ee9a3f201fb4764fb37f87

SHA512
33c734714563cfe3861562e6911d5fad86e200e9825dee720f765778cf5c4bb32b8d5a5370122e5bb87a2b856fdd3780e170b79eca3a8640caf8f7af8c594d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b260fb901f02db54a35f5015fcb3cf5d

SHA1
bec744800bd4b4c2bf22b7501ebc64f767839671

SHA256
76af38f7ca88f61c4d3717d4e18bcb7a90e25c5201fed573a33a6ce861d0cfb6

SHA512
1a6c9c804a3834266810bc4ab0a6a6cacbba60ceab686684f11643163d3c5a3a9ba5d95b7be29d97030b58875bb96c407f4eed44c1cb2aa291ea05f834d801df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
487e741493177cd4328d344789be40bc

SHA1
c2093b604c108dba65ea05001600902552bda0f9

SHA256
1c611b06d5e2abfc082bd9839facf3d194abd285002e99925b54eb679004f874

SHA512
05cdbd69d8abe15a8cb4fe4749aae2dba52b6c3ed10a75ba8a4fe27fa245c97f90f5221f8500b22fc1f74212253db3d04a2a54c88d38b6ac405fcf527ce92a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
0d3d83adeba87b4b1b84228fc6aa7b1c

SHA1
b89ab7e9fcdd62e15ad328cac3387b5915231c41

SHA256
2c8c8bf9cb0a1d592152e1a4850d3d489c80447c91b1e4f203ce3a0dab648cb3

SHA512
0443e4073308adbd6ecffbfbf4a8f95e228ac53bbfc21a04b4340f03ba47b746ba4d2c9fee905bec4955834aaaa5720e766fe864d409687eaa209169bf5ecc34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aa449e23ada8fca6ceefe07f08e08a12

SHA1
8530d1abe97f4386132c04c2e354d454afdf4f1e

SHA256
9fc7bf8acfd7716f8606b332881e9babe75faf9d9170a95dafc5a443fd28a2d2

SHA512
c59b49f116682b3d1415ac7c345caa2579570b7d20492679cbb9d7e7f7f3a122875aaf748bccf0ae0bae5883e608ed54148b461df248be848fea51e62d233173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
be2994f6c413c62cc78b2638cc991d84

SHA1
1bb78d61b075f01fa160046524f82eebcd71e3f9

SHA256
049a5060765b9cb0ec265710f6f5b235ef44fcfe643c37370a527a61e20a2976

SHA512
8b74d31c688dc9d51de63b939ffa0e668f7a7c76dc8ed105d109a7c12d3b951a309da2f98436c2d186c9b889ce8fa89c13eb14333bc93502bac073db48feac8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
adb50823ec45f4070a9faa3db73b4b5c

SHA1
e67a9f069c3d276942d14682722b1f27e67f051e

SHA256
457803955162c4ffb1db174c93d195956e3737efd8f1318724099cf6fc4bf890

SHA512
be7e5321fa5332cd95197e8bab99edcc9cef3e3aba7ac1b98bdf716c27a0a226de28135cc9fe1a3c5b7b8e7f75c7798456121b00e1679fabf8a385d34dbb8c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cdb0840345e52a790087b9586c0c89ad

SHA1
784bbea76fd00f807a52d28d1df559d0d77d8610

SHA256
3db75f7009c6de03dae5ae760771c16598ceb91853b1e45f6659684d8ba72667

SHA512
be5da48e21af84474931ea95f63e2f672af5a8a2fc5c1c81872014016618e22d139b81c51309c708dcbf8b0ecc40915862f80be9c497561aedd176c58b542a6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
209e58c13a4d54f249ac224fd2c65983

SHA1
b593a36f095f740cb705964885c610d7158d8dc7

SHA256
f68667da63195e86b653e6c94b827c52ee919fca126532e1d75b9b52eb1c0dfa

SHA512
07a9f8ab818d8a43dcc7a845a71f9be2974420b64b295805d5221e08febfe2d651c106265abc710a82ba7378065ae974dd82a0c375fc387df3c6b33081fdc937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5591f0699dc957be69372bdc0a16457e

SHA1
9862148a84e0a05e74286758dcef616653a5fd9a

SHA256
0de98557e3ee8067910cce4e76f39388a58f316c6e73cddd45d6f45776995c55

SHA512
600c07ef3338389fa2a1f2924dc99ba8cd316b2e51c060deb243f267181f08805953fecd75ba4aa91b05c65ea1595fa188211a7db7c14d6820a41d21cba15311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9786330119f67f762523410aa1e08056

SHA1
08381e7da45f09bc7b0177134da3286d3f1733d5

SHA256
7a656caf331ce97fb3f2c51352feb4ba35e07af844318d08986a304950e72987

SHA512
feaae3da9fd6a7e9fccad60c1a19e8ed2d6d97245779bce8347e8394e824168ce2cc7dea8c5f8b6e31762921f6d5140bc79369f608e4184e87f33ea299bdd427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98d29c451e3c54efba174770af2683e1

SHA1
001a202f3831721d93b2bfcbc2b601e3dc713ee0

SHA256
502126fcafefe95f8c420e8cdfe238b18b8733873c02cc2f6b5074d7aab61029

SHA512
5ee2b69f068cb6357da9f3fb3be732a361e84021aa66b7a8a3a1229776106b081c457c93a770edfdf1af992d7ef5a95b60821e30320f722d87e6008826f48cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa2331955f01425a173094ae5dfea4d6

SHA1
6392a1bde54eebabc887df674c6a27f5cd0c073e

SHA256
bb70ec5212f6846d21d56f0d3da1a09db946e08672fa844295d07cb40c327178

SHA512
aa78832fd61b448bbd91419056f95db2e75778233d682202de0106311b0265b27200db6bc1ce736afc7e7c06624d47f81fe269d5ae9b0e7fdb3e1db6a8192ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d660b334eb72d800cc733ba1141789d6

SHA1
152eff525244ee55549f39a04b012ccbd03c0b8d

SHA256
0a784df1292112de9eec2b3eca1c858898b13aaa7ddf1a666e22e168eb6e605c

SHA512
72a815eb3b081732f997b8c5dd4b4aa13d4f286c7b11e1c4d681e7298235eb1f70c9024b4dcdae47ae0c22b85c6f9cbf272cf64f5724b49cfdfda921e88dfeb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5564e129f42b07073876ec38b256816e

SHA1
6e408061e051f309f6129ccf7c4d7c872061140f

SHA256
2adc113fe8d3d52f35d7d72c9e201999e0613b19992ea26d51ac944eaf55475c

SHA512
5d73f5af8475b7cab6314da2dfc0f6953d1b6a91c9cb1e5e003b6b278270078a9dc4961320c43fe9b04a79ba5769c741e3c5ce202f533c02609af7b42c4f5737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
243c7c26358464ed4a7b21e86b19c000

SHA1
69c01418a8b65e89684b0c1673473d683b7b33a0

SHA256
ae8d8da00add47acdd9fc820d276a371a6da754c0770161fceb07d97ad79c999

SHA512
200a549d7dde287d8cda99ff9a2af15cf846f6091e9b18ff838b53c43a3135709e227d8f11899f9ed9c29d76ea4ef0923932d663efb32f2b2f7de6ff77d9a8f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0615efa820ad28b9b85b260de4cedd07

SHA1
c605c09644abb09e47d6722b621ea1dbc1122251

SHA256
3069c66195e1958d2245b02e87f969821dc63f6fc2a65de8ab33cfd2b41907e0

SHA512
724d79a5fdc165d3a2471369b4b15d6ab5b08dc103faecc19bc16aa73742daacbe67348aa5de5c07eec32299308cde6efeb42eaa3d3591bffd3df634c24d2562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ae67848bbb61919c329cdea34cbcfabe

SHA1
1d1834b90a1dd835f6cec8ffe872317a3bd1469e

SHA256
d1bd95fd74ea751e17a69faebb9a0e5737532766a8a852f0d11d8146c69cc728

SHA512
13c4d41f9c581ff5bdd7ab37f320990a0f34469aeda799d89fb45d0842468adeddda1dfffc59b547d20887da869abdd77f62e82e857cef10ad2f4fbce1f0f0e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c817ee706ed474afe7beb64240100520

SHA1
6555033502221acb1074eb6e4fc5f27517da5da4

SHA256
e75779f82b405cf0c81c93911a636fa1f2659962e3f8b354f574b8f55369dfbb

SHA512
ddecda82f12fe6711baf8094c48fb157e020144869cc458b043bdb4158028e45e1fe7732646cc07cbf4d293e676c7524083390ebcd85e49bafbaae7079b351db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f513d7296ec849cad5d9d2e9d5a81bfb

SHA1
5afed85456f4422fa5a42465521dd8c0768bba2a

SHA256
53b409bffccda929f1cf046348474178b9e9eca334632581d223f2c9170fe526

SHA512
d40fd31a24cf4896e2241ba3221d72a60aecdd17d2e28aec2edab88c59400bd6ec246d49943b29b277e096b4061df0d965d29c55f1b5d636835259cff5bd8a64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
930e645f4258346f10122858546ebe74

SHA1
0735b478d7476d8aacd77b1a4f01e919d541a21e

SHA256
d64288a0e50e185db28ade9ae428628cd0d42248155f03ad9715bbb095f55cf8

SHA512
761dfecf759b672569e77227bc40302f8bed640fc024de0011cc639f2349cfabe148685eee806bb2108481c492ff1ab2e9063c191e11fea8e7a116f981e5b42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
d92f72aad1abf7cab45e69c721709de7

SHA1
7faac35cb1a29d69d25261139998aeabe95f0fe7

SHA256
a45afdc3328de92b49ee8dca886a09e7eda3b345c753b6d7d2cd2786ca6e9157

SHA512
6c9985795c9712fe9df3a0949fc6ad97002086c391d63a8f7cbd5b13319d8c22b11085835cbcaf269ef08ac71a4a9a312ce71f0b7200239847e56f35c698824b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
7b761f59b49b45b768bdeef2d294d179

SHA1
a2ebdaa7cab2cf909a8a79b8e09dfb070427ec55

SHA256
4922a07cd8b104b9e16a420433f95e679176bdd472015578fa333ddd8c03142b

SHA512
962ccad0e0f9da418037ae67ace2affa9685838619d8670eb10b1397170bf2de0073cdf67ba3316fdbe0bd4dd8fe260093c9a2cd209b893be6ff9b5236f29c26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
6cf28a5fea7d81b223ee6395460303f2

SHA1
88bb83be78a559d5e1cbc7ccfac5a9e9cc4ffce1

SHA256
95b6f1db5828777242f543d2de6ce0576089f0ac465e22cfd92eb2ea062644e4

SHA512
074bd4862fe9c5b51ebe2b66f6540d80ffc17f8af3235ec294cdf78e28fb124f2afc4c717606007d7be5aa7dbaa773d39df0d03c95e45830f2896b1f29aefe50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
066f6e5acfff197d12b550ef7d452d41

SHA1
aaa8cfa5a56519594490d069f31a42a15ca515a2

SHA256
cac3a8354c7766b4ce0900bf4d8097bf372ec405a6af4bba63a6d92132932a30

SHA512
21c3985bdc883b7c0fcdfb660a577eb03870943d9e812a24726158b6c06cc36b00425fdeafddcb099fddd1488173280563f7241c9589e69d04d1eb1b5daa786b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
94369905faab06460ef70ebc7b6a526d

SHA1
d3272d1a8d7713577070da6e6f7f5e27064cdddb

SHA256
60d66d9f663d4bed4df67315ee46f3297a9e8d31029a797d7288f682a781278c

SHA512
6bc6aa0a39a7926a0b3ec8471f2b1535445b06621054761d763c0b0a72c997730fde3e30a3cef6606934d5ade5db9a0d2caf964030f57ec07c510714d2cd5d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
41826b2ae9c320a43d8a5c74cee75041

SHA1
72fa269cd3e7fcd23c154c08a8806b0b2c3a976d

SHA256
4d795534f990a1c2cb19fff905b7a219effa60f8f35e309a28e0840dea76d4c5

SHA512
88859b7ce39abda46f4a9b083be02b7b61d5f9d8802e32a529c6e38be04e32d744c9acd4ffd27d1f944f20b2f3cdc2fed54a07b29b675895bedb630e3f7d7ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
5433eab10c6b5c6d55b7cbd302426a39

SHA1
c5b1604b3350dab290d081eecd5389a895c58de5

SHA256
23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

SHA512
207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
b57b31f06302e3636cb40e16275efccb

SHA1
b7dd41418f2e6b05c4da1855359ae4c35c76ff5f

SHA256
03bc9bf205f131d9c71b2bc7bc3e928e8e2edd76cc926f6e9de1db4edcf5a634

SHA512
f24687d9839a7da7fc478cdc99f1649fb83d6ae96312e5746c14e51bd1d412ec3c409929e98eaeee2fb7219ad0e7f5e5fc61b2db78dcbf0376821b636483597b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
211f32e76941ef01366e6286531abee8

SHA1
9994c76b9fc64a9b889f5f81d6a5b86463dd840a

SHA256
eb34686fb77312708f111fb9c3b9af0e181c993418a3932ba169b199219e08f1

SHA512
d28da2c3f93850294cd5567601220bd8b260528690ab9afdb7827c76c56c7bf5af90070345f135c085fca268209e96ff198a28cd70e29eb81d0d11d9dc58dd61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
2e7893cbb6bd76f3bb7d9122f63a90ea

SHA1
5bf0b6d8f6b8f809a81af04b774ccdcfc1b4366e

SHA256
06bca9840630afc39218c5134353d37c992f1ec6a036298383935c68b4971d16

SHA512
d747a507250a835ec30fda45457c9fa5698b4549b8ab12e061923fd4716b0e9d65d7b7a5ae74b3ba426efee487bcf92e1f8abe8202764e9370484e7734eb05fd

Download Submit
memory/3324-51-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-70-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-86-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-85-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-84-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-83-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-82-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-77-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-89-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-90-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-93-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-95-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-94-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-92-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-96-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-98-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-97-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-99-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-103-0x00000000090F0000-0x0000000009100000-memory.dmp

Filesize
64KB

Download
memory/3324-102-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-101-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-104-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-100-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-106-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-105-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-78-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-79-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-80-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-74-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-72-0x00000000090F0000-0x0000000009100000-memory.dmp

Filesize
64KB

Download
memory/3324-71-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-87-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-69-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-67-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-66-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-65-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-64-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-56-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-57-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-58-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-59-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-60-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-55-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-52-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-53-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-49-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-50-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-48-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-47-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-46-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-45-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-44-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-43-0x0000000009650000-0x0000000009660000-memory.dmp

Filesize
64KB

Download
memory/3324-42-0x00000000090F0000-0x0000000009100000-memory.dmp

Filesize
64KB

Download
memory/3324-38-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-35-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-37-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3324-36-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3324-34-0x0000000009570000-0x0000000009580000-memory.dmp

Filesize
64KB

Download
memory/3324-33-0x0000000006D10000-0x0000000006D20000-memory.dmp

Filesize
64KB

Download
memory/3324-30-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3324-31-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3324-32-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download
memory/3324-29-0x0000000004BD0000-0x0000000004BE0000-memory.dmp

Filesize
64KB

Download