Analysis

  • max time kernel
    432s
  • max time network
    423s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04-12-2024 19:06

General

  • Target

    https://drive.google.com/file/d/1aUF0oft4SA5k8GyyxI_6a6aofYuooajt/view?usp=sharing

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1aUF0oft4SA5k8GyyxI_6a6aofYuooajt/view?usp=sharing
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:872
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5203cc40,0x7ffe5203cc4c,0x7ffe5203cc58
      2⤵
        PID:4536
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,4594732660254966895,3416121952934273458,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1824 /prefetch:2
        2⤵
          PID:3076
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,4594732660254966895,3416121952934273458,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2108 /prefetch:3
          2⤵
            PID:4472
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,4594732660254966895,3416121952934273458,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2188 /prefetch:8
            2⤵
              PID:3436
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,4594732660254966895,3416121952934273458,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3096 /prefetch:1
              2⤵
                PID:3128
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,4594732660254966895,3416121952934273458,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3132 /prefetch:1
                2⤵
                  PID:3344
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3516,i,4594732660254966895,3416121952934273458,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4252 /prefetch:1
                  2⤵
                    PID:816
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4672,i,4594732660254966895,3416121952934273458,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4684 /prefetch:8
                    2⤵
                      PID:1104
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4968,i,4594732660254966895,3416121952934273458,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4936 /prefetch:1
                      2⤵
                        PID:2032
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=984,i,4594732660254966895,3416121952934273458,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5420 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1748
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=1428,i,4594732660254966895,3416121952934273458,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5380 /prefetch:1
                        2⤵
                          PID:3432
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4972,i,4594732660254966895,3416121952934273458,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5036 /prefetch:8
                          2⤵
                          • NTFS ADS
                          PID:3972
                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                        1⤵
                          PID:5100
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                          1⤵
                            PID:1948
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:4808
                            • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                              "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                              1⤵
                              • Suspicious use of SetWindowsHookEx
                              PID:2720
                            • C:\Program Files\VideoLAN\VLC\vlc.exe
                              "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\CopySet.MOD"
                              1⤵
                              • Suspicious behavior: AddClipboardFormatListener
                              • Suspicious behavior: GetForegroundWindowSpam
                              • Suspicious use of SendNotifyMessage
                              • Suspicious use of SetWindowsHookEx
                              PID:2548
                            • C:\Users\Admin\Downloads\Astro Audio Extracter for vm\Astro Audio Extracter for vm\quickbms\quickbms.exe
                              "C:\Users\Admin\Downloads\Astro Audio Extracter for vm\Astro Audio Extracter for vm\quickbms\quickbms.exe"
                              1⤵
                              • System Location Discovery: System Language Discovery
                              • Modifies registry class
                              • Suspicious behavior: GetForegroundWindowSpam
                              • Suspicious use of SetWindowsHookEx
                              PID:444

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                              Filesize

                              64KB

                              MD5

                              b5ad5caaaee00cb8cf445427975ae66c

                              SHA1

                              dcde6527290a326e048f9c3a85280d3fa71e1e22

                              SHA256

                              b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                              SHA512

                              92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                            • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                              Filesize

                              4B

                              MD5

                              f49655f856acb8884cc0ace29216f511

                              SHA1

                              cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                              SHA256

                              7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                              SHA512

                              599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                            • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                              Filesize

                              1008B

                              MD5

                              d222b77a61527f2c177b0869e7babc24

                              SHA1

                              3f23acb984307a4aeba41ebbb70439c97ad1f268

                              SHA256

                              80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                              SHA512

                              d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                              Filesize

                              649B

                              MD5

                              dad065346070135a2e09a9c558c734fb

                              SHA1

                              5660ae4ef131c45f87886db61e6df05ebe5a8412

                              SHA256

                              563b1b936909803e635231cb04395494e5557c191a0ba129b50237b022dab513

                              SHA512

                              b746d9cc8c92433c82cbc5cff55deec979d4b8bec70a5e457eede6864764bfa177f1c4a97c3b2aaa60b3717b59bd9f05746b690ef45921ff7e83afcbad8fc8b9

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              408B

                              MD5

                              65d70e396e118139d1ec017e63d1a30e

                              SHA1

                              860351e82ae04adbea77b40ed37e705c13828cf7

                              SHA256

                              ac5a6f0d75e80bae44a06f685554c7da01258ed5d98c56a9de9aa2b0f8746153

                              SHA512

                              a3f2e07d0e3588706dbafe7555d580ad926bbad21bb23de1ab52b820a5aca6dd78a5e0250f7834441efbedaff4231d4d32e3f3c97f265dbd4cb7585bfadb20fb

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              5KB

                              MD5

                              6a5d999f3f90de77081aae3da8d54cf9

                              SHA1

                              af255de798bb089ac74457cc9263581df85ea38a

                              SHA256

                              13be1eb189c960b59c5abca92a932450b2107c1988c54b0706cdad700d9d055a

                              SHA512

                              739587b1b3f23357f4f029a3289ada113dc3d46165e94ee2bb671179e32d039c7e3b425080752cb71f7fc46cfc56ce5550868600c4ddd98b5b968e25e8344200

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              6KB

                              MD5

                              f59c9fc80f24432a7209da05bcf21aab

                              SHA1

                              5e32e8b5511da0d5ce7f3cda9785fb130ec690df

                              SHA256

                              c2e7c81cbaca96f662de844b9f8276acf9b802c5881caaa6bfabb616814e590e

                              SHA512

                              6d111fdbfb2f451e5c0ad017e2e7bb969a5c70ebf54f2900e948516c380a36c283cedf566e2da11a20ff6088615eaa065d786ea94cc0e0f1e24d59dc826f0b3f

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                              Filesize

                              6KB

                              MD5

                              c103fe79564dd4f2fdcede8e08725c05

                              SHA1

                              d65a34347ffe0520594011ec7cc58b7d9ec19ce4

                              SHA256

                              c9e5193417f75744a3abe480875e32da74adfeefc62519ede24db698817596bd

                              SHA512

                              5af8d2ad1f086e1062958bc8d27adc518bec9b881c64fc21400293907d4232432b8753d3c7efb5406613eec5d1ad6dd726f64c29b47750fd436934abb2f177cc

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                              Filesize

                              2B

                              MD5

                              d751713988987e9331980363e24189ce

                              SHA1

                              97d170e1550eee4afc0af065b78cda302a97674c

                              SHA256

                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                              SHA512

                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              01a193a737abf751998ed9db292eeb67

                              SHA1

                              95822c102838e7c659e71cc80a5de00d33402d34

                              SHA256

                              279656b014a964d40621130e57300722c01370c8f63eccf57a0e6f4ad58e0e49

                              SHA512

                              8e0acdef1b3e3b89a6dac8175783e16bf9e4154768a036e2e13d1417efc2a1b2583436233a85b0c3f3ed0e3df1bf0ca2890f699edc4fa15721e46efaefa4c813

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              10KB

                              MD5

                              1066930b23ab3a71a4fad45cffdd03f9

                              SHA1

                              addc55f4081d14d3e73dc1e584b96c5d69050537

                              SHA256

                              b9465571fda708c011e108b128e52a9e0e48e60ce6fdfbfe8d1bc04a4c469a8d

                              SHA512

                              8843ddfd452a34e4e11885a1d2507346a2ba6ce7b1921de30c08416c35e0e738752be9d88d23edd2d0dc8dc9cc4e2cfb7121859669a69bf722f801b846011579

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              10KB

                              MD5

                              54455761cdf558eba9a86698c4bce947

                              SHA1

                              e1bf94818aacbf1af07307b6cc2838cc9743ac8d

                              SHA256

                              b2028f412463ccdb0ad8a99aff3f4e8db536ae5ecf6b232d8fd4e9f30d00e1b2

                              SHA512

                              aa5efab3d4cf6aeed2d294c74f287aa7ca093c921b6817074e921cc297d1810f6a5bec646c27b79d37fe0df2049380937c795c3c74a97ec50be9b300878db70b

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              10KB

                              MD5

                              eaec70f3052cadbefa24debfcfbfe3ed

                              SHA1

                              ae500ab496966e3fd01af0ce339aa08745733686

                              SHA256

                              2dc9294a0ebeaebb7e0cfe17e0c9208fe30ff7679e3cb3720ee10028c8cbdf52

                              SHA512

                              6f7967c186e8da3ee0c0e6b46859ec147a2cd2e59b476b13cca693978ef76350d758e4ac858b4502fc848428ba9a50a202ca9bb421079fbd1e01442bd6c809ad

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              a923d0c017719e46a65d597a32037483

                              SHA1

                              64b5916e712baaae2ca7151e7698b63a625bf32a

                              SHA256

                              c5e176ccdc56a0054d2b383d258069d0eadf2bfc3b204c38f159c1f9ca3c8405

                              SHA512

                              d42725fc964ce1618fc894ede2e7ae72166c30850842e1a7b2d363081e45379ca916ba90de03afd5e0867fffe6fb6d7eb534bcc99bbbad81e0aedca109e1875c

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              10KB

                              MD5

                              864d39f15f748bc011fc5e97988805ee

                              SHA1

                              ce4b53f26389554a064f77e117485a81eacf4841

                              SHA256

                              0d65e27f0296aee1b27d1ae2abaf3d77b71f68d6df9adae2e03e79a7b6b2af59

                              SHA512

                              9d8b179492f936fa102d7b09004601ffd1a4c2da9f91842d48cbae37a4708cbccadcf272ea49a75c69540ab1b0f25a5cbf3ce2aecff7ba2d6b180fa0eb10f583

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              10KB

                              MD5

                              ecd9d78a08a4751ea989b397d9d35e8d

                              SHA1

                              eb141be6dc900fa84c3dd673a5babe98596870ef

                              SHA256

                              7a5aa75443676a4d67730aa8950d2461a7cd9a61aa571cb5c7d695ac8d6328f5

                              SHA512

                              1d9f4d376ba4ccf6fac90e8044e41dcf854646c6abb89208745d694467c86e14972c3d133698435bce8c53b727455d305044cf77e2361ae3f709979ef0d83328

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              9KB

                              MD5

                              93b897b8d527c750dca9854d999053e8

                              SHA1

                              f48e0f0b1b8b7db255cff2e1aa4c1fdd61f672ad

                              SHA256

                              ad585360b17cbfd24a0ad7248cb4789322096cc9aa648381f6cebba7707cf5c6

                              SHA512

                              1c52c15156a7cea12d95c8e5ebdc7094adba982218dda7d7ecfe9f4281d7cd6ea3a94139c18ad8fe1fb13073a43255d50cb25400c67b8543541faa340ccb884a

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              10KB

                              MD5

                              0034dbacea9b1763b4dd8471d9d529db

                              SHA1

                              9c6a16def8137c9642c9bbff8d2ba782dad32be7

                              SHA256

                              b3b1951457243ab086547e8b7061c86611144d07c65b1981f9a33388f37b3f21

                              SHA512

                              4c7bdd1b0fb9577bceb86f4b779d19f3fcc163ff3de41e802b3d66a0b3564ac3b47b3f8a78903bd7c97b262422f84e83bbfc402f1f6b345aa25aa6f31d130534

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              13KB

                              MD5

                              46dd3e4b1c008c4407f9716768190b19

                              SHA1

                              e64e0ba964c26c1b575d64571f6333c45fcc8833

                              SHA256

                              94b70f353b59d2905715f6df11b778f28886fc827b834a3e5a60452c9251000a

                              SHA512

                              dca75d0556776b153f9900d145a11b3ac48edbed11eccf2946df26354ea48e49ca9e92c88d9b7fcca0daf21ed3c318219aff0e2ae8643c6a3a67492b38b467e0

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              12KB

                              MD5

                              7f41322b2a115a13e0ff921ba38b928c

                              SHA1

                              5a19cdecf772128167cf73eaecf805d06d37ee7f

                              SHA256

                              1a1d6b9189397562a449f7921c4e5d0eb822cdecf3f2c3436340f04f931d2059

                              SHA512

                              ce42167b58d6122bb43696a51d1d9792fbe00d566b519b97f52fde100a65e56e6778f0577ee40929875d349473b87ffa9b6d8fa53d0cb24736dfd2806f27ba84

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              10KB

                              MD5

                              e45f71c4fde4b7a0d88338bd0b2300bc

                              SHA1

                              febf4501756a11f4508406d7c330685d1a76153f

                              SHA256

                              3a637905691c1c381ebb8fab951871f8dd9e83696b440f1d40a25b490f3b324e

                              SHA512

                              c6b11a81911bc9478e44c96ecdd172d8c1dd7a253ab7d89409c8fcba328a436ee655b8ef35c834961f7001d879f208a9763001bd0c218b7192784642f071bc73

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              13KB

                              MD5

                              ec58ceecba9977a45980b84958612dc8

                              SHA1

                              786b2a0fa904f12e07d26924df998c5ead886d9d

                              SHA256

                              7ab98c9e8c2006798e963ae32c8d943bdd8181dea35e315687e61f850dc5a801

                              SHA512

                              4e1bbeb6c96e78143ed20bbb16231582ae8104f4c752bdb2d12b0bda26c7f83f16c8fb44e77e7dc39a6b6f3f62cdd1303ae44ca67fad254fce1f82b6f213e000

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              118KB

                              MD5

                              6a8b13b739451a5515df266f1a259866

                              SHA1

                              ec27da88e68112e2ad41e953cc8c9762bb61630e

                              SHA256

                              72ade336334d4a5d36fe4cbafbd53cfc88f1cd89e53f74279a52185d74f1daf8

                              SHA512

                              d08483ba70d2d3dfeb7e2655dadbd3d0e705af4b2781c7b5b95ae03044f7e3a9de09bb7682d657ada5499d0ef6720dce3acfe843c0bcbf9972cbd25f33ff3bb3

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                              Filesize

                              118KB

                              MD5

                              b91e2037ba1ba8da52b5cdf50366bd20

                              SHA1

                              c919c560864d40354d2e745f11fe2a761582293c

                              SHA256

                              6e4d6d59906ca00e0cd6dd7d3c5cdb77c23c87c0eb4b98d15a2d77c7914433de

                              SHA512

                              f60ae078d8c02efc7411e7592130598db1145acfa69963817e237c416a226c955969cccda6d683e7ceba73a92a73ffb3de2b8ba98804506363ccfb090e8974a7

                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

                              Filesize

                              28KB

                              MD5

                              7ce7b251d543857721b7302f55926e0c

                              SHA1

                              4bfe7ef4bae25ee560eeeb751dfdd41760c4bf19

                              SHA256

                              97e84e6f45c565dda6e57fe2c74992a4a95db8715bd48f9960c2905aeb9ea9ba

                              SHA512

                              1fc9c16d58452c3f44881d2bb3daed06528fd778c0e91b8f866c099458523c39f262dc4d68eac6c2a10b38c61afe7810335a6c60ecec5840ef2eac0c78ec20e9

                            • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

                              Filesize

                              74B

                              MD5

                              4aa14d45965e012e5193e6bb073c44e3

                              SHA1

                              43d2bf845e30e852b93d35d12b577313089f372e

                              SHA256

                              74da17c0efa7a336e40ef7082abdfd7340d304f03ccefdeb7d29645d27fdca1e

                              SHA512

                              2d3641bf9a0825bc1d9b9fe4f52189d041c9991b0fe73f3b5df1572d89c65ed60ec983c3a0c18c22edb20f2c863e47d0dc34d239c03d98ed235772bf52477d6b

                            • C:\Users\Admin\Downloads\Astro Audio Extracter for vm.zip:Zone.Identifier

                              Filesize

                              26B

                              MD5

                              fbccf14d504b7b2dbcb5a5bda75bd93b

                              SHA1

                              d59fc84cdd5217c6cf74785703655f78da6b582b

                              SHA256

                              eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                              SHA512

                              aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                            • memory/444-441-0x0000000000390000-0x0000000001390000-memory.dmp

                              Filesize

                              16.0MB

                            • memory/444-1309-0x0000000000390000-0x0000000001390000-memory.dmp

                              Filesize

                              16.0MB

                            • memory/2548-352-0x00007FFE4FCA0000-0x00007FFE4FCD4000-memory.dmp

                              Filesize

                              208KB

                            • memory/2548-351-0x00007FF72D900000-0x00007FF72D9F8000-memory.dmp

                              Filesize

                              992KB

                            • memory/2548-353-0x00007FFE3D7F0000-0x00007FFE3DAA6000-memory.dmp

                              Filesize

                              2.7MB

                            • memory/2548-354-0x00007FFE3BD70000-0x00007FFE3CE20000-memory.dmp

                              Filesize

                              16.7MB