8743d0ca21e63e8989031e976a8618e3454c9a9b62a097866953af3d1a605de5

Resubmissions

19/11/2024, 12:07

241119-patfgs1jdr 8

19/11/2024, 12:00

241119-n6l6ls1jbk 6

19/11/2024, 11:54

241119-n2yzlszrfk 6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

audio.mp3
Size

586KB
MD5

18cc509865fa6c0935ecd95665bc6a62
SHA1

9ba5ab2edbaad73d8622d8697065a93e83f4fba9
SHA256

8743d0ca21e63e8989031e976a8618e3454c9a9b62a097866953af3d1a605de5
SHA512

eb768f0320f370e14e2db25928a934d657c5acc260dcb37eef9a496918c99d1aafe9f18c8e197da53855f2cbe935842b41c0d9ea65c177149472dd12dd5b2731
SSDEEP

6144:NWNoi7BJfHaaOycCWPK6X6X1u0TsI++WwNeeeeeeeeeeeeeLd/rtjjjj63DrIlB:UP7jf6aOUWKu0kwAhtjjjj63Dre

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133764912971605105"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{9FDEFBC3-A50B-45E0-A0FE-B66812A1A7F6}	wmplayer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000092e6c6e09718db011e949818a418db013121a5c97a3adb0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 06000000010000000500000004000000030000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\NodeSlot = "9"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 06000000010000000500000004000000030000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0 = 500031000000000047599d4a10004c6f63616c003c0009000400efbe4759874873591b602e00000076e101000000010000000000000000000000000000000f76f8004c006f00630061006c00000014000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4496	wmplayer.exe
Token: SeCreatePagefilePrivilege	4496	wmplayer.exe
Token: SeShutdownPrivilege	3572	unregmp2.exe
Token: SeCreatePagefilePrivilege	3572	unregmp2.exe
Token: 33	3556	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3556	AUDIODG.EXE
Token: SeShutdownPrivilege	4496	wmplayer.exe
Token: SeCreatePagefilePrivilege	4496	wmplayer.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4496	wmplayer.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
5188	chrome.exe
5824	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 1940	4496	wmplayer.exe	85
PID 4496 wrote to memory of 1940	4496	wmplayer.exe	85
PID 4496 wrote to memory of 1940	4496	wmplayer.exe	85
PID 1940 wrote to memory of 3572	1940	unregmp2.exe	86
PID 1940 wrote to memory of 3572	1940	unregmp2.exe	86
PID 3056 wrote to memory of 1220	3056	chrome.exe	105
PID 3056 wrote to memory of 1220	3056	chrome.exe	105
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 3024	3056	chrome.exe	106
PID 3056 wrote to memory of 4548	3056	chrome.exe	107
PID 3056 wrote to memory of 4548	3056	chrome.exe	107
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108
PID 3056 wrote to memory of 2536	3056	chrome.exe	108

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\audio.mp3"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1940
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:3572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:2092

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x4bc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffeada1cc40,0x7ffeada1cc4c,0x7ffeada1cc58
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1824,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2056,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4388,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3368,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3440,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4060 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5268,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5312,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5296,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5228,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5316,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5244,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5224,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:2
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5448,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5476,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4728,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5672,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5748,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5700,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5912,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5472,i,2533102156696707712,1235911998300545903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5824

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0c8494ab-0741-451b-823d-1e9f89327ee8.tmp

Filesize
10KB

MD5
c42effd06e24773c45b10ed644f53213

SHA1
80d6f85c2425560672ee46073f9eacb3a32b4239

SHA256
d58baa287820998e158a514e3151c51f6d2cba89f381cf40c33ade593645673c

SHA512
c96bae96cb9bd57d6a15c40754a3e7e00877089970fe19e49f72206f47d455bdca1d92e3afcd9408bf81ccc85e08f071413c811d0f5e940f397a1aef7cd87082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2c0597a99ac3e3b1e38b1886080a3206

SHA1
2e86d3d5aae56bf2e1983d5c8b587c481758a11b

SHA256
aaa8f019ea2a60ae9c217dfe4072e520e5af778f76a6c15a79c9b41102d68071

SHA512
124133caa88c866ae045d11e6b69b2166e1771379505071ffd5789a3199ee4b6f33f124172b3622799972592a4158593ceb1cf18c05203871b92ce2bd982feb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
029cfe2285ad25bffbc0666829303542

SHA1
86997e0338ab72242fd76e3fe054e66e20d3d3af

SHA256
9cd22c03d4c781131f88b9feb70f74338ba9df930e7e9eb7fdec8aeb95afb903

SHA512
3d6cb11639d3c831aada2151d57853c2b65c2938952beb2b4e42926f1e1501d27c63e2e8b19cc84eb5a2c35b7ae56eaaf642df41784dbcccbaf3b08a59479886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
7dc81459cfc37993167e6140cf026364

SHA1
5cc3e5be0b0e8bfa48289bc9d2893c4d3291d41e

SHA256
0c6a91f8889446d0b38af7b3a4d161738a77860339783eb38f2d5f1bcee782b5

SHA512
75a336ebcd7f3448e07dbd35be897071caafd8e7b5b397943ed36176dce8b01d7767b097c7f47e49d3f0b9f386d56e4ed002a14a5d5cdd15aef542a0cb6b3057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_opentip.kaspersky.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
97978de1e5f3c30c9467a7fe9ab1cee5

SHA1
a2e64b3ccf8ffd70ddd47de7df3a61fcd5c9af60

SHA256
effc1b409f201b6839ea4de465eabd46f6aee42f7f0e17de4b2b7737946b63f7

SHA512
8e2fee9664ed4ecdab4304509cd5636423a26693218db076e6c1fa52aa3026d447d3c24f3b4df09e443c1c217eb485d66efba888315378d629acfbb4515bf812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
3f1d8dfcc08a35137c2000140e512e67

SHA1
77ac31ca261ca20f435f00b0c581f3eda699cd00

SHA256
1200faf5e2546a3a41720951304de116bbfaca91117b3aba9ce3f3166827f423

SHA512
581ca8806b8201f049ab47e4f674479be28c464324424f57298e02ebdf6c68c7e1eae9e6e03e4f30c4d4282e4637fabdbc0d7088d883ac1ec6600ae0a218af1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1022B

MD5
49775c8293c08a9b33101124dd43bad8

SHA1
134c204cf73ff45709e6fb2c3b88d54705050498

SHA256
c11f1628dc1952070ebfcae8d84c7ecf825ef34410eea20f9f592e10cae60594

SHA512
255dc931dd87f27103902de5dc7aa2e91088b26352598c9584a60eafd42f8c7bca0f47037c1d091fb814802a9e617159c37242c1c48355616bf0364fd207c6eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
c0fdeebb4e8b102ff34b463480150cb1

SHA1
8fe24ad27e7c0186b6385a3faffdfacc351e6878

SHA256
837c553573eedc7d8214e6e3391a6ebb6e2696fe63f677a46bb976d812e08b44

SHA512
63f66b68bb78b552c8715e8b0668630239d6439be4b211e0b9a2ed017a4bfabdf8ab1f97a0f19b693e7c956c7b9b29681e0e1bc9a44d3f401e708c02676e28f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
45f4fa7aabc5aa7cc6369e74bac9dd46

SHA1
fe02ec92fe8bba9f628a8f9325e5574a14002f9f

SHA256
749fbb3e31ad0e8ed5b1b375477c23653d81c54f89b7646a3950664beb4fca0b

SHA512
5f12577c0989f639a5e78d40eab3e23219107897e649cd975509d3bd11c1c1f140ca28c1ab0a5e94de1c2962989fd1cb81685555adf5c9af7ff657692002b165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96258ae171dd2cdde293d75f9fa000c4

SHA1
a1b59442130f134706bdb926c6aee5de561b7e47

SHA256
d613d7e51154ae47e7dafc6f30cbd04b9c9ba0b645c6056abc48e6f87beba4c4

SHA512
91af26a4b2d8a5a2e6b83924e9bcbf70b3f14d496f015d81d37d2556626bee02ad2c9786c90e1ffbb5cc43f608cf797bba73c8020ea65f3c5be81de0fbe0e076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8c7dc45480cbca6353ff54a6e38d6401

SHA1
6e605950760a5a2a515a7f87e2a799e29d0dbc14

SHA256
9fe6d86bd451780ebb5a5cc874562372a3acc11ddce36dfa06acdc7e7417491b

SHA512
5288f1152c830b0ef42aed522b49491a97ed005c3e52931fc0d20897fd324f853dbddc4239227eff00211955be0785a6422e76a71a28c4c3ca186e92ed0525a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7059a01e4dd297da73e545c2bb770f29

SHA1
fc0578728dea4ee8b90b871147edb89e9fd44c84

SHA256
86917ebe929e851f98d571372f407d9e8c026f3e7fea19436b34cde6fcc65a7d

SHA512
9d563a5fe21af51ff04bb7980addbbd475c9955ae886d8c4986761c56e30deffa3689b09f1d134ab8418cab432f9da85d712eb91cf2c49f2b717b0a87cf4d422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eb9bce5a19e9c80bf2ec3175c29a247f

SHA1
2bfeb2943a0ca253e40ead5326c2a065b10acf92

SHA256
62437db7fbd74e8df04f4633cedbcf65d4a1fda280be8250e108c280d55726c7

SHA512
00ba3592f33cf7442ded6a67e9cca02267b5bc0a9ee66c23b66d3e413fa97a7bf593250f5568e5648220ea4f8aba4c2ab4d33469ae40bc1372c1b76507308007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4dfa9e1c77829cd80ffe996f36d21acb

SHA1
39e628878b8d097b36adb70de3a0efe36115c613

SHA256
8a911ba4471d76c981ae309c60fc0f9fe1bb8d3827914bbbbb44f53d761f4217

SHA512
fa5d1183e350d974652cbc702f75507aa29d629a5bcf66356b1d204c62efb433911d069606550a6c4aaa462e7b08db096055f2df5133994748f388808d7713db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
655712cd0c05e2b56a3f6bf21dc536ab

SHA1
dd4b4e8ff64d7e8aed9d888183d3556d6634e9b1

SHA256
95485e8262bb672c84f484e722e791415581180663b0f88f7ff2feeeccb5a009

SHA512
5213543b51a310bd82b10c64aeb3e1541edc62ac66c8a6fe0d32f3a61c4818c3cb5c41f41dab7fa1aba49dac6727307987c81dc9a30516a22c36fff49498b61f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c20490ff9e9d3155902e4712325d362

SHA1
29e82bdc029496d7a5854fe98cdfdec39e2dcab4

SHA256
5cd2c30896a4ecee5f5ef9308092926243696c755ace894aded4c8dce0687d18

SHA512
a1bf710b5b75f60b0ffea3d63fe16c0e40825038974126184f27c7acf31366245f19bb1bb75f039cd1d0cbc629669c342bc26cf40dd5931671010efc42a27eed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9a48f9fe0bfc9121b819a7352f98976b

SHA1
39e9d97745857f4ac1bba2a616c2b7d6d1cf8771

SHA256
5f62aeba9eb96f9937d00b0812e9ce1b900d5a37a359f230964600cfb6161b3b

SHA512
dbd7da948530eaa3b59898b051ff75191ccf5a31347306e07124da7562a96ba68b82318cc0bfb688c39dfac553cb81399bdaa2db96038eb589d9ceadd219242b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2980a4a3c2b5e7af396fc0b0dc3ce5fc

SHA1
91927695be37472358721527ac0261a888e9f8b5

SHA256
08167ec5b49c4827ed2e18ba2fe7c753529a2504ced7b481ede791ac46cd45a5

SHA512
76a128d17ec8f56377736a0a539679004bf5b64adc763e69e4a08151b992737c4a9e083dcebaa20097c0cd51d892ec909af2c5fabfa2db7af0f707014c1dd1a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
732f2790a043ee339ebb835731dd5a58

SHA1
e583be1213ceebfda4746c2040bf3037473621d4

SHA256
885d57fe309aadeabb359a9c5813043adcc4eee58f0c52229f2c0a3321214036

SHA512
c786261b1ae525043847c81b27a908b240a2ee8718b93756097bbfea280e77c792b998f94dcd63868d0fa5511505110e6a8701d0a88adb6ebe8ec3897143b3da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
6c8dcf6c268d92cabdd5435db8482a44

SHA1
04661bac2743f16140891bd2228ac515dc998c67

SHA256
aeeaf473f1ba55911fc0340e3fedf023363f117a5d6e8d10c5be3e8352964098

SHA512
4957e02510ff75ec6dc8be3b8c1d69a982de691bca2b211899de24d765179e035d0bb39eba2e38596ff4721b5d93b6fda2bea001e951619c0c5503ab9215dab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
28e96714391f27e9350eb2c03025104e

SHA1
261e363a4a424536cd28b2827f6be21904507fd2

SHA256
ed6154f34bfea850493a2e3837e215772854931802e8f07cc118b3ddef52d486

SHA512
1f92956f99f4db893b11656271702f477374f8bdd4cb8f4cf2fd1918fab5f1a12bd64aa4fe3956b3d283b98dcbe06e0b8e3187ff2a8dfb1f54817baed53af9f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
998654c3b48be8485b87960b28c5affd

SHA1
89bf61ab7a0c7a95a7604be02be83ecf1304d7f1

SHA256
1ce72f38cd63c9024add3bfa95c15944ca6bc3468f4247ff37e1bd49a0502703

SHA512
f5c027cc2074554fdb2bce07e36bb07a8673e0066b9b201dc3ba5864b4679fa02c2f6f98a23786069024473e9999c231ab11c55d9507bf637d42936d928910f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
2753ff8b5ee51c172771832cebb19512

SHA1
ab121fd7e68021f9c77f7c2159d35a1e622058cf

SHA256
4de43c807027b7e9ed6fc868ce07acef44343596901608e4a03c284518887890

SHA512
c1867193a571dbde3051ff77845cdd300cc127c088751a1609d0fc6a4eac09c2e10f2a84319eb85c333f94a971ad3101605c66ebcedc44e8e2db33bf361fffa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
e2913e4eb0e0f5ef4400b1dedba03892

SHA1
62cd5482031eaf740d852877122d9af68e872694

SHA256
a35822e61de7a092199cf6d057a104b059480aa2a30d5924c1180b70e6e97222

SHA512
61550caf826da00f5bdc1e9b281249265d310f74753bba9432c345ace7f550d47addd6aab973b91b3dbee17aa52203059448fa4341085dc945c5e4a91e2ffe3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
29eaa0bb657a91ae96dcef9b072e2245

SHA1
2a30aa7be58fa22157a238baabe84a9adb9f4d49

SHA256
a01c8482aefbb0b0b8ee483b5fea2f4823d93f9a9c51dcc269a9c16cd2bbdcb8

SHA512
4d32432068f46b5b3c77c4f6e2b0c40f0280b02087264ee592171ef26b0e52ec9859c462eba8833926e6d6b0d66deb0b237449e8aab845b5b47248349a051c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3056_521752568\07583d6a-0587-45b0-9d4b-176e4a90aa34.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3056_521752568\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
1178115cb30534d2daec7e53701ef9e7

SHA1
c49e5c0e7b1c9508e93372073f81087a45939984

SHA256
840733fa6415a56dde45754f8ecef8a2194e9afc0e7bcc8818b6d5c315e1360e

SHA512
7cbb0cd536aa6c0466a7b8dbfab2ff21ac84542786ead305b20034710a8520d9963bfcf6573f1c127842a149181f6e1b74e7cc25d088f6dfbb789c9c01dce257

Download Submit
memory/4496-62-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-105-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-76-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-78-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-77-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-80-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-79-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-81-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-82-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-85-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-84-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-83-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-86-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-87-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-91-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-90-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-89-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-88-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-92-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-93-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-94-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-95-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-97-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-98-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-96-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-99-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

Filesize
64KB

Download
memory/4496-100-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-101-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-102-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-103-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-104-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-74-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-106-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-70-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-72-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

Filesize
64KB

Download
memory/4496-71-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-69-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-68-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-67-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-66-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-65-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-61-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-63-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-64-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-60-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-59-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-54-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-55-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-56-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-52-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-53-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-51-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-50-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-48-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-47-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/4496-46-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-43-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/4496-41-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

Filesize
64KB

Download
memory/4496-34-0x0000000006C10000-0x0000000006C20000-memory.dmp

Filesize
64KB

Download
memory/4496-33-0x0000000006C10000-0x0000000006C20000-memory.dmp

Filesize
64KB

Download
memory/4496-31-0x0000000006C10000-0x0000000006C20000-memory.dmp

Filesize
64KB

Download
memory/4496-30-0x0000000006C10000-0x0000000006C20000-memory.dmp

Filesize
64KB

Download
memory/4496-32-0x0000000006C10000-0x0000000006C20000-memory.dmp

Filesize
64KB

Download
memory/4496-29-0x0000000006C10000-0x0000000006C20000-memory.dmp

Filesize
64KB

Download