Analysis Overview
SHA256
b2332a181526ff2c507f77b21cbeb195f4c9125b2284bee3638bbbbb959498c5
Threat Level: Shows suspicious behavior
The file lobotomy.mp4 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops desktop.ini file(s)
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-12 18:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-12 18:21
Reported
2024-10-12 18:23
Platform
win10v2004-20241007-en
Max time kernel
74s
Max time network
75s
Command Line
Signatures
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\unregmp2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133732309471506302" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID = "{cd3afa96-b84f-48f0-9393-7edc34128127}" | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350944739-639801879-157714471-1000\{C70E6B16-512F-4EE6-9BCA-C552CDCB5C58} | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\lobotomy.mp4"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbc474cc40,0x7ffbc474cc4c,0x7ffbc474cc58
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x534
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2008 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2240,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2076,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2316 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3740,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3780 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3792,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4400,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4488,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4368 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5360,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3888,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4036,i,10149575707212685561,2473617582494248867,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5812 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 72.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.169.78:443 | clients2.google.com | udp |
| GB | 172.217.169.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | musicmatch-ssl.xboxlive.com | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| GB | 2.17.4.7:443 | musicmatch-ssl.xboxlive.com | tcp |
| US | 8.8.8.8:53 | 7.4.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 5433eab10c6b5c6d55b7cbd302426a39 |
| SHA1 | c5b1604b3350dab290d081eecd5389a895c58de5 |
| SHA256 | 23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131 |
| SHA512 | 207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
| MD5 | 90be2701c8112bebc6bd58a7de19846e |
| SHA1 | a95be407036982392e2e684fb9ff6602ecad6f1e |
| SHA256 | 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf |
| SHA512 | d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 987a07b978cfe12e4ce45e513ef86619 |
| SHA1 | 22eec9a9b2e83ad33bedc59e3205f86590b7d40c |
| SHA256 | f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8 |
| SHA512 | 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | f6eabdf03e1a9dd5abaf443ecf2ca3e2 |
| SHA1 | b1b2735c55a187e4e74e185d3f3aed2905325b4d |
| SHA256 | 2feb6a188abaddad9720cca2cbefcedd3f461fc8a230304c38fc0ecce5f6a789 |
| SHA512 | 807e1f3e651c0845eae4236d1c118878576a2ecad6f5b771f41225e3a568d1d810a3ef6004899102558999d76dcf1532fbbbc7e7a5afb41ba27110b8ed4865e1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
memory/636-36-0x0000000004E60000-0x0000000004E70000-memory.dmp
memory/636-39-0x0000000004E60000-0x0000000004E70000-memory.dmp
memory/636-38-0x0000000004E60000-0x0000000004E70000-memory.dmp
memory/636-37-0x0000000004E60000-0x0000000004E70000-memory.dmp
\??\pipe\crashpad_4992_BBORSPPWBKXUWICJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/636-45-0x0000000005020000-0x0000000005030000-memory.dmp
memory/636-49-0x00000000050C0000-0x00000000050D0000-memory.dmp
memory/636-52-0x0000000004E60000-0x0000000004E70000-memory.dmp
memory/636-51-0x0000000004E60000-0x0000000004E70000-memory.dmp
memory/636-50-0x00000000050C0000-0x00000000050D0000-memory.dmp
memory/636-54-0x00000000050C0000-0x00000000050D0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 9de86dc42ff976b3978f96f602624a46 |
| SHA1 | 17de0b9f01656e0c1de09f475a2a9f817f244506 |
| SHA256 | b9a85c33d2deccd7257d1785a79964d65021f01b35ef059ff4f7c49e115d367b |
| SHA512 | 9f2ba90dda2e83eee4de2c05818270ad1d3f7e41a701163cd5b8eb55291bba182029508104e4ca39833b0355eb40bf0351983e64fce3649746fed3693c06b2f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e74bef77cc643a581fd62b572b68b461 |
| SHA1 | 591fac3309d429716057a9734dbe2537e3e81ee9 |
| SHA256 | 74db01986035f479ffaca8837fcb8394ef69be46c95007947b214b9f72afe3d6 |
| SHA512 | 4e1d6f0b965bcab9f9b95fa8b866f87382c84bd8c324479d77b64e9f92fb92b980ecedf12012e38edc47d0eeb3f203fc24022970bc51aefef4f9bc1dcf4fdc62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 57c091ced558b4fa0ccbda8b777c0ba1 |
| SHA1 | 9d47dc918acbce680e624b8f561bfa33d4c4a6f8 |
| SHA256 | aeed1d4ee6f91f3ea681c108502592535021413073b63c0c37697a303693cda9 |
| SHA512 | 5036648bd5378c5c8ef42156d01a882d83d55e6d5a9b032d102b22c2fe80ddf0f7e27e48b312f2463dfd99bd85d602b1d96a8281920f878280205921536afb64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9fad92c2f100932eb1420f11955bcbfd |
| SHA1 | 4dfefce98345d9bed953012ab6855d9a9c2e6087 |
| SHA256 | e8c29f7ae024e33e784f1dd90e97b34897d06206ea6560c848e7fd62f735ff0d |
| SHA512 | 5102047ea90a9683666465b39a074e98f407a512b3bf9bbc3355b061c2a1eecf790a7c7b24d49a85749cd0e69cdac9ff71bf8b4986dab8727a66eb51c7ce5813 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | cccc76238ec73cb479a7a1d00bd1d2be |
| SHA1 | fe30b7d96f17d240ecef1ceba87eac995db570cd |
| SHA256 | 9686f044412c2e334de62f5274d9704f9ad1180cb586d239ea7457c0caa6f474 |
| SHA512 | 81f519e9dc186f720a2e9893cc8a3afabfc7dff0f45a5173f19537c2112041f00c0eac23bf0002e9aa7ec296c98b7ddda33d454a66f1d6f9b4a9d68cc0209b70 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
| MD5 | 8b1876108290cc5f301d399bf03efead |
| SHA1 | 21036de1e335ea2593b4db8704c13b572bc284ec |
| SHA256 | 0883e808d8b1caef92226356cd956fe22e5f58e5c9eda4d34db851ba32fd9074 |
| SHA512 | 7d3cf1bde31938eb5545696de23056fd747140020bb796a1bb3e7169d656418204aadb8f1e1126a47f8393fa12c8cf20a08876832ef70e30f92602c8f251c5a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5996ce27e14ca617278b03639fb1f76a |
| SHA1 | b6e2a62af6e5148cc0fe881f024a79c45530d0ff |
| SHA256 | ae2959c1d86a96c377c5a83ae272a66ac091c5aa5065bf6ff4525bb78a75ea40 |
| SHA512 | ba48becf74e46279ce7e3be9d04350c111211796e92e36d681586207854ae07c6ae1f89b54d76c669ee916f5a905126bf60c8d7c3aaaf360abdacdbb9e34ccb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ce9b343efebb96233e11ca02610b1b98 |
| SHA1 | 5c1bc69d3cb001952b091de65b73aa7f0fb16b3b |
| SHA256 | 63d52773c1a28943eac3609c8ad89d1238f2f378bf1e9464b46b8ab05f7ee0d8 |
| SHA512 | 8dd336dcd68dbbfcb20839506f3fc8948c96e940740e9259689baacc9865a3f17b061cb03d492a6af90cb9ae00202715ca5bc242c9fee0731223c96d8f9ecf33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 418760ef5bbed8d6db482d6401278345 |
| SHA1 | 63d89f48fdb179b5f7e4ffe2d60519010c0a3a48 |
| SHA256 | 11ea9f703b9adbeb0b1cf1ad94d456216157b085bffb22aa8cc7de5334e37dc1 |
| SHA512 | 4424b0c6f8a8ba1976173049e2e7be2b8889a1132872dc089981e7a48ecb6df09d02f7e857ee794bafb7181713ba1b6ea6aecb4c5444bdd3430882c364e9ac7c |
memory/636-337-0x0000000007660000-0x0000000007670000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0afd1ba1f76e9775541f88c7675b4ff0 |
| SHA1 | f62dde952f7f5f4682364cd1cdddf8b42676857d |
| SHA256 | 3c07d224be58c430f56b3563a918ae8bc909a44086c12ecf88323fada6029de7 |
| SHA512 | 746eeebb5c35fbc4cccd074a2bf2bc31b2675af0b390f994023e94f9ced6334e3573ac842c587b9a69012d8bdf69727fefe1b2b5eaa5937886fd5302f9fdc49e |
C:\Users\Admin\Downloads\9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948.crdownload
| MD5 | 4842d5cc29c97aa611fba5ca07b060a5 |
| SHA1 | f93772038406f28fa4ca1cfb23349193562414b2 |
| SHA256 | 9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948 |
| SHA512 | cf1cb3f0291f3e0c3b47ff3ee9074b624e2d9781f9637d14ede0628ebb4b8b0fe13e16583f6a933a3e20872ec084dc812237f021757efe2a6d527a0a1723b5c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6146b80d071b4ba0801a3540e3e02e36 |
| SHA1 | 1401f87794ff22e8bd993c8cf4685cd52aa852d0 |
| SHA256 | d2eb4503ecde21baf307e5709572ff7bc88965ad01e3ef76076ff720246186ad |
| SHA512 | 50c6c92ff2030318eabaf4551ac1d1c5441ccae7f8e9e00489fb60717cc797e96cbe658826ce457af8389e0284e8ae36a109a6e1fc2285f467ffce9e4f431503 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1a92efc85e73a050af7c1e730b6ca613 |
| SHA1 | 9a440608c1c35d130fb9b0600dd02fb2bc6bd9cb |
| SHA256 | ae43b9702cd5e6e48c9e20628fb49f0cb8f1d53c9c210701a9197fb368353000 |
| SHA512 | 345e939fa87c52d86317dc2345b527a17d9156b93f9255b437919ce542e8eaf641cc48aaf1580b8dd3d45404e2d61d092725c7b8d1703d13518e8477f1b87b46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 156fa60d5162ae34d67f66f0fe8071ac |
| SHA1 | 2755d932028c70d9c89d523637ab5e276cf06b52 |
| SHA256 | a9028effe30bf2d48e095c1dc32420178092568cac35c96424ac02e30beeef34 |
| SHA512 | 93706c626414711cb00cf4ae54ce6ebfd3aa9018c34ffa65b5ec0c5c04a1846cf50d803301a5b0dd031727a0fe558ccf3014ea3aeb5086af4b462a1ef43a80bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 43619c8e857d7f9baf0ef71546e38f68 |
| SHA1 | e3031d76b83c32ae4f7799898d315a5abec9e21f |
| SHA256 | 3d05ea383344bdd743bf95dd4c53d8a50774bae84bffb569cc57bb0b0b867079 |
| SHA512 | f1222e7c7b3b396508b55e66a5355eeabd1a4abc74785db7ef7697c5802fe27eb2e07ce5aeffe92d501b1539e0b7084c34af01b1f888141b7e31fd267435979e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 45131a7cdb031e7032725f3f113930f8 |
| SHA1 | c49597de3f09195dc4330687937b61a8476123ac |
| SHA256 | c6660f5139efa67aaa4d0327bc583cdd9043521aafc47552e879ff681d9b0a62 |
| SHA512 | ff70b87fa023c4ec2914a077067bfe1f47ede053b1de564199e82f03184ab68b49b5cf96207f3d53f04213acb065b8db9468310be66dec22352eb8761efbc8c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5623217f063d4a7dbfe5c2bf578d64c2 |
| SHA1 | 877c6b6c59bea63407dca3fc60451924d854762f |
| SHA256 | 8037e12f963863b3116238e66aed5b1446c57106ffa6ca185850b6530f63e2ef |
| SHA512 | dc8fd1394c123d7b69ca54eae7bb83ffbfab455e9ca6e4061cae2c41308025adc303dfe0065b579c85f6716c10dc2d85167646c85cfcfa0293e7fe13cef003b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b7a3c6371cb33ba66ab9cd9c02a6734f |
| SHA1 | 2a6db4610ffaabacc7aae80ae98807cc6f46a523 |
| SHA256 | b0ae875f5d835d4e95fa7fe03cd8915218955da48db8445fd678d2b42fa8c990 |
| SHA512 | f00fb17d03ea9e3b216b537be78f8c39e6f933711967e9a165383d7aee6d2b6f09cc7cf5f2e7b5ea14b885e2d39729e41f42731eb63becb10bae50b1d661cd8a |