hxxps://drive[.]google[.]com/drive/folders/1tU8BLicMwxVnasT6f6sUJgJIYPbGTmyV?usp=drive_link

Analysis

max time kernel
427s
max time network
436s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
03/04/2025, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1tU8BLicMwxVnasT6f6sUJgJIYPbGTmyV?usp=drive_link

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
131	3104	chrome.exe

Executes dropped EXE 4 IoCs

pid	Process
6120	jre-8u441-windows-x64.exe
5684	jre-8u441-windows-x64.exe
2900	jre-8u441-windows-x64.exe
4084	jre-8u441-windows-x64.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com
5	drive.google.com

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\jre-8u441-windows-x64.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2732	772	WerFault.exe	131

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133881409213431614"	chrome.exe

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache	Music.UI.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings	Music.UI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	Music.UI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheVersion = "1"	Music.UI.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\History	Music.UI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\MuiCache	Music.UI.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	Music.UI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheVersion = "1"	Music.UI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	Music.UI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	Music.UI.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\Content	Music.UI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200"	Music.UI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	Music.UI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheVersion = "1"	Music.UI.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	Music.UI.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.zunemusic_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	Music.UI.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\aquamarine (1).jar:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\jre-8u441-windows-x64.exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
2744	EXCEL.EXE
2096	WINWORD.EXE
2096	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
1700	chrome.exe
1700	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe
Token: SeShutdownPrivilege	5892	chrome.exe
Token: SeCreatePagefilePrivilege	5892	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe
5892	chrome.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
5684	jre-8u441-windows-x64.exe
5684	jre-8u441-windows-x64.exe
5684	jre-8u441-windows-x64.exe
4084	jre-8u441-windows-x64.exe
5144	Music.UI.exe
2744	EXCEL.EXE
2744	EXCEL.EXE
2744	EXCEL.EXE
2744	EXCEL.EXE
2744	EXCEL.EXE
2744	EXCEL.EXE
2744	EXCEL.EXE
2744	EXCEL.EXE
2744	EXCEL.EXE
2744	EXCEL.EXE
2744	EXCEL.EXE
2744	EXCEL.EXE
2096	WINWORD.EXE
2096	WINWORD.EXE
2096	WINWORD.EXE
2096	WINWORD.EXE
2096	WINWORD.EXE
2096	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5892 wrote to memory of 5608	5892	chrome.exe	78
PID 5892 wrote to memory of 5608	5892	chrome.exe	78
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 5616	5892	chrome.exe	79
PID 5892 wrote to memory of 3104	5892	chrome.exe	80
PID 5892 wrote to memory of 3104	5892	chrome.exe	80
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81
PID 5892 wrote to memory of 2692	5892	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1tU8BLicMwxVnasT6f6sUJgJIYPbGTmyV?usp=drive_link
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd82dfdcf8,0x7ffd82dfdd04,0x7ffd82dfdd10
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1952,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1468,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2224 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2328,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2500 /prefetch:13
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3232,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4236,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4252 /prefetch:9
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4656,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5524,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5432 /prefetch:14
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4948 /prefetch:14
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5616,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5576 /prefetch:14
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5624,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3484 /prefetch:14
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4368,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5020 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4344,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3088 /prefetch:14
  2⤵
  - NTFS ADS
  PID:3904
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\aquamarine (1).jar"
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5776,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5896,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6088,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3492,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6072 /prefetch:14
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4780,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6304,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6636,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6712,i,349782875163165474,7398784570062937893,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6436 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2716

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3500

C:\Users\Admin\Downloads\jre-8u441-windows-x64.exe
"C:\Users\Admin\Downloads\jre-8u441-windows-x64.exe"
1⤵
- Executes dropped EXE
PID:6120
- C:\Users\Admin\AppData\Local\Temp\jds240956937.tmp\jre-8u441-windows-x64.exe
  "C:\Users\Admin\AppData\Local\Temp\jds240956937.tmp\jre-8u441-windows-x64.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5684

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\aquamarine (1).jar"
1⤵
PID:6056

C:\Users\Admin\Downloads\jre-8u441-windows-x64.exe
"C:\Users\Admin\Downloads\jre-8u441-windows-x64.exe"
1⤵
- Executes dropped EXE
PID:2900
- C:\Users\Admin\AppData\Local\Temp\jds240991093.tmp\jre-8u441-windows-x64.exe
  "C:\Users\Admin\AppData\Local\Temp\jds240991093.tmp\jre-8u441-windows-x64.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4084

C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Music.UI.exe
"C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5144

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5860

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\NewRegister.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "C:\Users\Admin\Desktop\RegisterHide.dotx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:772
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3608
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    PID:2692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 1184
  2⤵
  - Program crash
  PID:2732

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:1300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 772 -ip 772
1⤵
PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
471B

MD5
b4dbdb65e5f24a38e5e0704b0b85f67d

SHA1
9aa8103768b2fceff977f795c6e324f775b074b3

SHA256
51a3472f174081d9d735b83bae1eea856854ac2aac33eb6286364ffc9c0ced31

SHA512
215229cfa7109437d49d554cfbab733ace46ac55a9677891be264362c61e0ec8f08a0aa4d64a5c3fe16494285d1bdcf6940d454ab2d2632258f5f1f1095885c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
5c16bfecff1ec5a0e99aa4ea12491a65

SHA1
9e65f07dd2bf66735622ad5dc8147cdf55549b90

SHA256
67f37586f0ace975bfc7d062cd44b1c54974236750454490d072b458389c1a9f

SHA512
42c97c21cc1d9eccca444499f48521dda3391d10e817e451f9e5b760ddb90b994667d365420880a8afebc18606f441463fd507ff6b124e4c39e9b61068cfd1f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ff87cdcca258067caaee3a7029601b99

SHA1
468ef951d5afe3417bcd54a2fed94d5d90c92a41

SHA256
7c47c1333858afd42dcbf847291a4c4730961e1e02d2c52ac3bc3f14508008fe

SHA512
f613e3247f475f8abab5ac8c9ef9d24e1572456114fd2acb1c38fbb1b9004726c94252fdd34c66cf22fccdf2a2261e27ddb4c5e7d3dcf1a56e44d692a884036c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
354KB

MD5
c200720e720ff77d680b522d50a7f9a5

SHA1
1dc570727e0d46c9e0c1eabf648e37d5838040ac

SHA256
940cce903aafa38b3f60c53286d7c579959aa9bc6a8247e6baa867b8e867284d

SHA512
2ae38d58b09825afc52bc3b4ecc9d8b4cb2cdd4d28a5fd880c52a080b00da6aa3dbc5c3b9bf18f6c31c4fb0d07740a2010dcc0aacd6c236f09e56f8fc144422e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
153KB

MD5
707dc76be58a7dac764cfedc7dca6811

SHA1
131cb7c8f2ca14fc7ae8a289f37a587aa5dc4f5e

SHA256
a627c73f2aaedf18f48196c7f39e919e44b23aae0e5dd4ebdb3b27ea8fdd27d9

SHA512
1734877012b98d782a108bfbbed044f5c04cf9cd18f8a34ff83c067e05834028aadbca9ef719115d5f7e3338d8a67896d1008ae4eb50506dc2cf99fe2ab80ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
24KB

MD5
877928733df84e0dd896324e75007380

SHA1
4441cf24e47d2c5f2b91f2ed6c839c6eb43488aa

SHA256
6b1e0693f04c2344f783d9543aff9546e8dfa826a09cb28e1724e7c50d2a2b92

SHA512
429c20ed03d1a91c9e2c1088d920f6506658eea0155d1f2a0791261af87db301f584dcc06868761d14ce66c6eda2359fa24a29ebef5e459ca6323e243810013e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
41KB

MD5
7b047883a795c3597d61673baf809333

SHA1
dee8515eabcb645beebfc1df5f0023e85e64aa56

SHA256
9927f22f06445511e6b3c4ecb55dd47fc411f982f5add76fac9a6f12e0a84c22

SHA512
b262e1ead1c864456773643d10d5f79af8a5a836b4790a35e698da24ffc838522b45be24d76785242cf250aef2d222efcfa356d5eb33e8c670dbdc47f310a607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
472KB

MD5
76dfdc38c4844079af7ecf5ee627a29d

SHA1
ab7821b94d6730511a69ba595fb0bb04f7c97f28

SHA256
0c7704ed950fb9e3ed65d779f38a420a554afa39c09f2c19494bdb47d3f9bf14

SHA512
d28890a15382a246a1ba0b49b2c084d48869f58c405cae2a9b64f380f36cb64758d449f4f425fad5b444bcb293c1a7b1834e09a02e710ab91beeba74f7030f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
32KB

MD5
ce6866d84038bc0f401c99dc2a59de60

SHA1
3186fe022e47c4ef96d0f3d1f73b1ad640b0e996

SHA256
0298f80d00f4254ce2e91982105f47ca2a7ad043329ac6e901ecdebf3ae1dbf7

SHA512
057c50f53500c636473c450244c8ac93925ba4965b98b11701f8b5475c5dba367a3ada64c7450620296639a573b7724a6abee2a5f367496d579b84d96a2b96bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
63KB

MD5
00a34503c5efdf7f4815c3bb9cc9cd68

SHA1
a85d51a8bfe01bc2c26bf0cbeae56c057788e452

SHA256
95ac4bfd07bbab1602f31faf2b3a3ae4064bf191917b229440a6cc722af24764

SHA512
c52764de41844701a47d0eec201649f20813a51a7b68feae77b47fe32bc90771c809682de3b12a94f37c2d41c8adca5a3707ad50618b402cc49b2f78d23c4259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5fdb2825f3a16d5cfb3ea21c99f4f8f3

SHA1
1da5a3c9a73ebd6217b5f72708c785b4e09d48c7

SHA256
32d6ef57fe86eda0004eef12614f0aa71d8bd8f418c2c79b7f4a0a79f2972f5f

SHA512
9a840900e3070e6b1710553681805e7d0224d8621c13e674339b62d5f914bbacc288c78203f8a7acdd07ce3b586b3a8781fd51b6f950831cace37e6594c04320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
71ad9aa8e62d92509dc1d37d61957eec

SHA1
d9c8db5b4b8e62b057a539a452954820d87d097d

SHA256
048d3f3398fe0d1e4403938db67a2805a5c9edcfc6dddeea31b3dc87ac877597

SHA512
15b4a13b050a804060e3970c8d299e021290466adec3cee3d108339c395ded259b2424566828e985a15dac712c1a796a0a4b73a1073958795866ae18abf40e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c3ec6b8722a3cb2700f85f1bde242b19

SHA1
6babd2f118862b8ea94d7388b2b6c725cf7e894e

SHA256
b7f12406e89f319864e0cead4642ff88085e9b3c1c22b69e115b8df03f062099

SHA512
2c90ad0a1ef5c2bbe4aab26bfb70b62fb926767e9066930dccaf99dba3fb8b4b153f7b2d422b3d912dfa17f4c4c02cc553e4f98c6e156daa0db8116d702cf761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7c91d5b71c06a092a38e5d1779381011

SHA1
42bf3f65cd76214bd2ea26338dbd47323a9a96dc

SHA256
86c61643be8730a675df09620c5f24be4b25134192c6c353df109d400e6d4daa

SHA512
89cf53e5a74c4a38113f95bb2f4513de481c42323f57a995647a81ea5b59016ce5c12e49afe1f7793dba4222ee9bc727ad19435b5062242a8ca339f04d3d9f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
198284847a592ac28fdf420d6174eb5e

SHA1
a5e5d039989f28ba097b5eb00a0cf4c8972adfcf

SHA256
2e25a4cb8a47f2e5cbd33537537fa235813e25395ec0ed51ae63a57244a9e9a8

SHA512
6a448ed1299f8ca104e9ba726e3390b774dc5d3eedc09002556b8a273cd312e840694b15e21e8a059dd6f594cb27e1cc2191867bfe71325d3fd8d4b841597f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
0a6ba44caa4ca7af3878255702e865ac

SHA1
09f1300b51d2208c54d5fd1eefa320b73cd0661a

SHA256
974cae98f2baa2b90de3eb5c485eff4dd159bc4ed0dbe8da9ea7e5ea8b70bef5

SHA512
3db16d5a8d43bbdeee49a4c04c611ca9f674ac5ef1163e7d8923f765749b395a325065bb6f4643ea1456a8739ab1eeef8e80d2b7a8200c9d1217da2b34ea7394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8beeda5900819dcf80b3778c59942ab0

SHA1
50acb42cdc08aa4efc9f80cbf6701e2b15449b7a

SHA256
b175e2936635d2c0ea2a13f09682525993d1907eaf10ad1f796ab68f2191ea7c

SHA512
e7b72921f889813aa3669962a3614bb085644455b3358b778f857a2860cce710118ae8598566316d0177e950330dd81ce875a17cf3f0dc0f028bbe30e5e97fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
cb6822cc7e3c2576729ca94eae8e282d

SHA1
cb2f3ec9f4be22eada66b3283111f4c32c885333

SHA256
c8e623a6957d350f9f8773d0ce2e2080a35a9cd7b0e100f8a24a43b0008d1a57

SHA512
ecdb76fce0c5a3bfea3b1f0b7073c01ae5cc55771968e7f28974194d95e1abb649f155c8556fdf3cefe73ee1b5aa171d3006126237885a7389939eb4922d15f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
526307c0791b830e416c7a55875347f4

SHA1
4fdb3652d7d68869e5156b228d27818a69e7d01d

SHA256
01f1ba4dd5b6255aa525601bff099e8621cb36b7529df8ad163e92a0ea3bbcfc

SHA512
313704b29052adfb168a25636543ccb12f231d302a606d68cc64218c9a2d43ec4912b8a25ff7d6d625cbf257b96f575c3194c2b966a2192f4c8b638d00da69c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
13e5dc968e7d017fa87eba89bda4e8c7

SHA1
d92262b765685828bbb0c17b854493096290bceb

SHA256
7587be7891424697f07cf91ac1eb8f7cb9b341bd92386bb97dac1c568ffa76a7

SHA512
0e10edcac403a61718b837ed97713b00cf6d1869aea287aadaa2b71e92c65623ebe420c362b040fb30da4e8ebcbf1b76e2b84512c594522e73d58708834ac217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
151824eac1213becd04a94b60756fbbf

SHA1
a37186b6d6ab458407c9e0604b53443ee757d443

SHA256
3b0ab33e0e9fe28a34884e64c2ef3e56fee128b7a5fe18a4574ca00a826c81ac

SHA512
61b862706deb84f59f2800e33f6af8ffb2684915250208f8971fc67e1861c5875c6609e3dee07b9bfa87a5e3da687b7e8996f3094618d2709d7f2f28d5cce3de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5ebd5909e1fdadae2d88656bdba1d497

SHA1
d3222877ddde850709bdcc4ee775e9aedefadabc

SHA256
ac930f11ffc110818faa60a2f98df714a48144f1f666580b991a7b556f4a7324

SHA512
75efd3b8eba2018e189b6d2e3abe1c9e2f036b1c618398f7243af447f4235858f729cf5017f17e4ae1adc888a88e8983ed04a3a129e2557a755e4ce656427949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
58ce01d249a6172fa8ffd3333f2128fb

SHA1
87ede8769b056e5657749cea25544c9e57e89ca6

SHA256
19bcbe90e1c4c9b971afd3e421845d7891ba41a90ee893634ccce00e01e2e225

SHA512
d79db69eb1bd9d73927ecb754e289a00f6c536e3251c226e467c19b2574afb339a379dee1ac720c00400097e2fbebac3d3d1d061b06c5f67f8cf68d9af930a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
111085165741b6f3c59ac33bdc1a1163

SHA1
2c8bc59492b1e3c11ccecc8ab80ae95936de57fa

SHA256
8dd35bc6653afadbcff9701a66db4036af25e006e4ae6f6f280c53179fc5637b

SHA512
955ed3c44a88de0e8ff1b51aac016fc33212f9df1ada0d607c8b28df7271a5bb7f091322b0e5afbf5f65acdd86e7bb5d29552e8baefcb0c0f7337e09ade264d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
057952d9e35a30effbca1dce1736232a

SHA1
55c907239596c34c857b80592b97e1d0e0231f89

SHA256
2d801d7c1ec09392a6213435c641b247863446484dd5c54b693a1dfe2f4614fd

SHA512
8914a65c040806008a97a4b9f0785bb835c2ed05a01cf2733d9cdc2f8e96a082738068a51efdf3687c62d44d6cdbf304b44b21704e6931211325a4dbcb4d4efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4131433ec2953608f366ae2890b9213c

SHA1
a570928e222410bade62f8da501a7369a21de3ec

SHA256
15be2418ea5b2e892c94a317f025598dd2a9a9257ba7e3099ada6c32c31334b8

SHA512
c716cd079b372e09993a7e669a2ae75ad3ac0cd81633d9eff0e6639603bd50f4dfe87a7223cd8b5d83c935b8aaa5037577849e9de07d4960e82f7140ee98b489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a9c62e2e8301ad98a4d89038c2f4f7bd

SHA1
4c21c1680cc680a6f32e602f6e6a3593af45e8e6

SHA256
e516a01b99d340ae5a6302ccfb5df7cef2749d347b3922ae1397afd16b3ad16a

SHA512
3729b16f59c693f47f31760adbe53fcbeef8fd7f96ba7549a7eb02648817b5761b0337ca1e8b7a36ef872262b675deec4b42ee3109d42116a0fe8fc536dd028d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
42f1365fee1c5ad0ee6cb30d089f96df

SHA1
fc5edf6ee33bc586d876da7c1c4869274a939c53

SHA256
79e0687faac3d78fc4f2d437b02c101a9b6d5d8b2ef357c467b365a69a51cdf4

SHA512
eadc805b1881f8c50ea99ddbf730764e04a9274cb2e739ad6fa9db8cb997a0e5a871751544672d826f17bed36cc6f9cb0a5de6c2b6cebed5bf6e8959be474fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
fe46edc91ad83af976fdc0cf58fe3ec5

SHA1
46afbae0819fa345aee4b4222e69d94ec6dceca9

SHA256
d141a17b77f9368b276e08737c60fb71fc5640a7e638cde52d755ad72c837c78

SHA512
c648034561cdbec30c15630edb1a6e6d2774fa01ee8d112cbf9a4ee8219f4980fd58b915f8ecb99613b5787a4758cd3c3af2d7be271cf1210094e37912ba8589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
886b6699e14529b2825d1bd9e0e25544

SHA1
23aa49ed9d1c0934d080b0bc465e43d2b5328f41

SHA256
033dc47d1b62a5902dc63bb32155550012a1a972381baf3d488b498f5653137f

SHA512
a7ea2323c9b05a49d057448b5bae3bfe3eb36c145ad886260d587a4283c67f38491fd7a9842974af8f04e30fb7523f92ddf3dacb36f81dd28157153d6cbae2ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ec8f0894190f5fb3b9e5d64d6269f65f

SHA1
a00d0fc477571a5d496d699116fa62b0e87a1cdf

SHA256
f6212e43a5a8a8fa5bd04c81aaf698c670cad2bbb94d3b63e60a1aa6489bec55

SHA512
7aef60ea338c20a193523e1ed0388d61d57f50d89eccfbee2e6630ff904a2020338e7f693387de503ea973cf49059e333e8fbdd08b10b4ea69e86440c1c48b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b58b1ef9194348365214b511dac7594c

SHA1
82ca6c32408c1706ceb733695dae1550376781cd

SHA256
6956b01b5c6863a116badc25840440a6d4a762961c8e77bb7339f06340ddf4fc

SHA512
ecf3cab4e3bb07cb5c16071a938aa1cc19af9997212518a10864bd4d883ed2a40562def389bfbe76166fc8d7014553538c81e12750cd6fbfdaf3af25bca12831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4e80cbe8fe553cb01c3b1521105ebd2b

SHA1
98e59f00d320fffaa935059c7fe2b4edad9738be

SHA256
1f54ee2a4d06583e8de5a3db5c1ef296023a656ab9b1728c1b5d48682f90b19e

SHA512
5f3a3b458697697e2b1c3e0f475c3f472b1f7ab5cf6b7053c6d79b87728c5a0bf9516cff2bb57ace7551a3e26fb450fe7278ec2c9a7d5406a5fe6426e348e233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58247b.TMP

Filesize
48B

MD5
1d002571f5ccfb8bf37f0d95f824c372

SHA1
d580a55e182cf3527e511c18c998b7850db49b60

SHA256
4607e6244948c5ce1a8a3cd678cef7c0d7e977cb0baf9f88853d6f661fc57f1b

SHA512
3ee4fda42bfcc0bf89ddc627daecf24c287a37c7e7baf90e4f0530f81d9207cad078723a5c3283f3996037cdce0122869c3c2ba61c5455b586e82fa430b556c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
31f019c88b89d425e8f7688465a6da68

SHA1
278ac86ff7d6946c7ef8d433e36ea656f8d8bc97

SHA256
b3131ee77f01835dcbef09210e61d245156561c2c7ea5dfd998d1a9ab467a900

SHA512
5942b628e194d94a73e0a2044927b54ea93f1e9d0cc715c7c16e177404bdd12838711a72a9cd56c28c2c3b32f093109981cf77bd2b1ebdfa2c40320309a8d2fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
0f7b077a7068300df120c60227abb815

SHA1
a6a2f73ae3f4055ae106c5e18fa84d522e2a21b7

SHA256
fed521280ce51defb0fd26c21c0499f02740735b1e19da1de0b2c1ac533a8818

SHA512
4a09a04108b7e448d4118679c1361c036e4b995db22d6fcdbc133f461548a15ac78ee3b896138d0181b4c65c692a4d038bff8db9a16f7994bd8fdce23293c940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
10d1dfbac78eed544ed08b0e4d2ac881

SHA1
49f8646b8aaf2d280e526f624697df5f22dc3d05

SHA256
f05cf7f3377e1527650bc71e838625032b5a56de52db81f81328680e00b59e6a

SHA512
db2ce15daa8169bf59557e72e6b7ad1b1718aef5b7170feccc13b09750dfb3c68efb3490668eb5294fae865ed0fcfe3b8a508b28f5176253bac993993fb0d356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
6a0ae2c24ebad409e4e42303fcd4d308

SHA1
101d5bde5dadcb03874b57071865fe0de38dd609

SHA256
68ea898f80bd32afb7288c5d064cc72ef62df60d6a85d829d65a8470a35142f0

SHA512
7417d0640e0f7e4337cd7acd92c0f1d4b6df0f0e1b454cd61643ebdc45fa263c5356657c038a6d63e071959dbb328bf68482b9c1d106e22e54c5066439099e8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
e8925608269eaf383f6b62196f28a45a

SHA1
10376d783fc54e65d39c198f5c71448d995eae0b

SHA256
cf6688fa7c04add90db67f4192d3ac6635d77764d3e9c690f2cec46276a4d191

SHA512
f2632179006ad5dfda5cf6a0c3602056a9ec517d7e8dccd4e9bb0067938a9b086a182106b5b73fb53d35c4547240e6ca8bfde7b7979c380b895ace4b1b5ba1ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
763eabe2924b559bb3148ff3df6a3048

SHA1
565338bea3dc46d78b5d62ce1379ac079b55e4d5

SHA256
87c1eea47de11c6b35a8217f9322ef10e1e08dbc93a83b9e51f4c18bacf536ae

SHA512
447b5723f5105bff53693fdefd65356aa703c06f71c89f704c3d7392ba49da5059186d4bcd97b66e928762ba56f68f8d2b007959a50fe84bb9bc1360248a19fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
384KB

MD5
742eb779df63679bb801aea060efada1

SHA1
26ac7cc514ccbf111bca0777391a44630ba8dd4d

SHA256
e4b062ef525dac0e131ea2bf6f8c76171155c1c99cf7e9618fd48c4711c55c45

SHA512
137c53d6646f500ad68f02e9dd170b858dd070849802d9d1739f589f34cfd4b36953cf6d8a365fe1a031867f96cdd5cfc635700f959202113b8f8c27c829df29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
d3eedc3694a8235024dae6abc126459b

SHA1
ff928e40b763e0bb5b724274b6cecfd2ad5fc869

SHA256
83db88030d7649eef059dcf1fc66c6f45574b8d04f9237144c031184a59ff126

SHA512
ccdd59ce566da3223cbaff33322dea6ee5134e2ef17b90d44d3583899f64629144fe938f0b69e30d5a6b0b63371bca3d09a9778cea23b942875095cfe2ac354c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\64133BDD-ED2B-4A0D-9FB9-B50FE191B015

Filesize
178KB

MD5
dc3fd2665e619c4773f6aaa603fca57f

SHA1
21e3c93fb88010b2a55c26fcdee211986a12b526

SHA256
fe4ad794a8cc3cfa244d65c7a78c37a31c5e5972d767d96f16038a3a9f9614ef

SHA512
0634fd4e7eabc04c91c8a5d35452984dfd7ac5e499e04388dc0bb779e623a07e9dbdbcf03e70bf92cadd11e8c5a2b593de40b4d43a321364c9c68e58be109749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
12KB

MD5
b19c38e90cc9e76b723319a94da05761

SHA1
b01c3002699b4ba69f4d37e3612131ecc3d5d980

SHA256
ec18c7c249363f43a0cd849c3f430362ba157f8da5f37bcc9c348b3097d62167

SHA512
efa815799b022aae9e33d77b10b313e6229243094da710d7792da8c13950491b3f8f90990998a1b23da84e9d2f2888f1ec9542a182d257aa3c89350d9b9d8f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
5433eab10c6b5c6d55b7cbd302426a39

SHA1
c5b1604b3350dab290d081eecd5389a895c58de5

SHA256
23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

SHA512
207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1743667690.txt

Filesize
51KB

MD5
b28e7df12089565b07d3f3b7a50e7bd8

SHA1
6d28fac10bd162481cb001bdef8891c22b4cd3b2

SHA256
e774774fa2f695e9b2bb03d2cd88d23cb8b772c988ea87c1e415ad124d408924

SHA512
fe569d5bfac9ee45ab4293e9226d98e24cf2d1d7acc5a573911b9fec1fa2794fc61f1819be35f84ff16a65bbefe3e6f3982e9f8cca02f94466f853212cc55ea8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SavedNowPlayingQueue.json

Filesize
1KB

MD5
c42dd679bd7c2abcee0d890da461b39b

SHA1
08dbb7172eed4b6447722532f1368790e0516a65

SHA256
87a6af3d4078183fd10dcba00e8df9e6178fb3ec0f794c15939ed233924a4097

SHA512
a92232a9a05c428b024144c7a4525135a798040d6c728991f9689520fd5ce0fa52537b4c182f8a267ff52c0600a4736acce52777cc8104dc74e6406879fe030e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\backstack.json

Filesize
45B

MD5
674a522d4da661e10bf2faeb26211654

SHA1
53b554607f83d8c4af7a15a855c93933c1334efa

SHA256
493800fe0860fe9847458551d720bdbddfac2b45530cf39339e0ec34bf4dc169

SHA512
8e229a57a169948f0e0726a31e0602d99eed38894c9c707d7966ef91997b946b4fb010099a086b9c4d8c348355c6bf947f7172fcd100af7272c0c28a180daa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
202KB

MD5
4db6ecb39b18c3b4eb607e10ff2c76f8

SHA1
a52d1fc26a983a983cf7cacd691cf9f01d98b641

SHA256
c6089e6b5c32548507afc19825e24c2fcb386e2ef80466ec1c16f2428700dade

SHA512
55224e1c6ed1d9251b269df2f978644fe3b7621d27c6381eb367513967c7a7624360d489b59e2dd8341373fd046a839b5e45a9a019ed8c1aaa6d9661be626a4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
164KB

MD5
3687c7cbcd37bfed6f57a6bd9f06926b

SHA1
5004336ed59385b42cb9ab8b33d67c276e1ee300

SHA256
a6daab875ae66098673b2b3c7c14e5a737af9bf636cf0bf44453cb0bdaa6a73f

SHA512
f30bc7758a64ecb2688222b1f54baf52d88cb51cb7216fef33c162ff3db5c8eb129744886da1cbd3343ed103549d56841835dc640dcc5775b72b289ac0f516a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
186KB

MD5
e880010d663705ac8e06911bb8370dad

SHA1
7078f002d4da30ab32c1843c4db548a3f618edcc

SHA256
12279f84bf1cc3cae6fc55cfe34ccf35b435c911e310b5397df17489cc16329e

SHA512
fa29a9f2027d00b02eb644e6d78479a87eb544ce3a26f1ec8ffd5114fd70437c4cfd854a66542d48b2d6d46817cb73d99e36208aa196f96723213572cfd16446

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
186KB

MD5
234248f7b522f46771ef1d015f94b892

SHA1
fea0b6d51b2be93e3778e7b0a1d7fbc5dc5bd7bc

SHA256
04ed1758fb1b8517f2bc2d6832bbbb2258a1a0f2d502823f344df9cb74cba438

SHA512
d0dc1db115dc0b9f2dd016e09e267c6199a0f2204c8be4da7b2f2f84ce08042e786f37e5b4b55b8b31f11865e69bc573d39adfddcb7274732c40f5ee0917e97f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
e467e403371a4ef88a39802dec4fb1ab

SHA1
2380eb14638129476ae413542d4ab2adeaee6533

SHA256
dda9f1f66c7ed40733e73b16a81b69876ae29070f87c00d78e5e3a51d74ab504

SHA512
2b4265b2c6b23791721e4852ba4217782b9be9c58ac0be85bb3124f84a126b3523f9ed93763a79e4ced10b96f6c275730c0493f2738baf90286e0cdacaa23fd8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
285B

MD5
0fdab0db41397afe6bda27efe79dbeb5

SHA1
9e12b992b74a14dbeb0f506d0f76da05a6025fe4

SHA256
4ac3bf5f889de8fdc59cdce6db0156e1f42ac23a10d84460e24ab6a3f3780454

SHA512
9509495a25161390d81ff4c43da96208067a1aa5cbe896ffcd4ba863fe9611a9d2b573882dd4fd9fccc6f20d082f38349dd71963905aff972210bb5e74b982b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
a978ca87a375f0b60f920afe2bc3794d

SHA1
8b4b4357f864f5f626e4e51122170775d47fc8ed

SHA256
f3f2a0672743661e86e09b9041018a02addb263f3a3037499d070681bd73959e

SHA512
cdf610543687ab1d2a2a0e864dc7ec5499304583df831413dd7a49e41e6396c9a4ee256f6270b28fc1baf2956725788698e7eab52ba6a5e45b47b69fc4e44e72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
7a0a3410d7c5b98d2dc13bd536977e24

SHA1
27e9943d0ac9fc5775cb634e3011f1cbdb667767

SHA256
4311eb48452a8f2e19a32f7d9aa25dacaa05200815e0b959323731396c854b2b

SHA512
3efee050af4b59377c7e0313b15902af4fd0cc3178c3e20a36b5d625f906398d485f74574d1a99cd682fc73b930224aefa7637ec4906c1e044053b2934d15d5c

Download Submit
C:\Users\Admin\Downloads\aquamarine (1).jar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1600-564-0x0000021980000000-0x0000021980270000-memory.dmp

Filesize
2.4MB

Download
memory/1600-573-0x00000219FDC40000-0x00000219FDC41000-memory.dmp

Filesize
4KB

Download
memory/1600-576-0x0000021980000000-0x0000021980270000-memory.dmp

Filesize
2.4MB

Download
memory/2096-1297-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2096-1325-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2096-1324-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2096-1327-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2096-1326-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2096-1301-0x00007FFD4F4B0000-0x00007FFD4F4C0000-memory.dmp

Filesize
64KB

Download
memory/2096-1299-0x00007FFD4F4B0000-0x00007FFD4F4C0000-memory.dmp

Filesize
64KB

Download
memory/2096-1296-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2096-1295-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2096-1294-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2096-1298-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2744-1258-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2744-1290-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2744-1293-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2744-1292-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2744-1256-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2744-1259-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2744-1262-0x00007FFD4F4B0000-0x00007FFD4F4C0000-memory.dmp

Filesize
64KB

Download
memory/2744-1261-0x00007FFD4F4B0000-0x00007FFD4F4C0000-memory.dmp

Filesize
64KB

Download
memory/2744-1257-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2744-1260-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/2744-1291-0x00007FFD51CD0000-0x00007FFD51CE0000-memory.dmp

Filesize
64KB

Download
memory/5144-1225-0x0000023DD67D0000-0x0000023DD67D2000-memory.dmp

Filesize
8KB

Download
memory/5144-1229-0x0000023DD7650000-0x0000023DD7652000-memory.dmp

Filesize
8KB

Download
memory/5144-1224-0x0000023DD6A60000-0x0000023DD6A62000-memory.dmp

Filesize
8KB

Download
memory/5144-1223-0x0000023DD6A60000-0x0000023DD6A62000-memory.dmp

Filesize
8KB

Download
memory/5144-1227-0x0000023DD7640000-0x0000023DD7642000-memory.dmp

Filesize
8KB

Download
memory/5144-1228-0x0000023DD75F0000-0x0000023DD75F2000-memory.dmp

Filesize
8KB

Download
memory/5144-1244-0x0000023DDB600000-0x0000023DDB70C000-memory.dmp

Filesize
1.0MB

Download
memory/5144-1226-0x0000023DD75B0000-0x0000023DD75B2000-memory.dmp

Filesize
8KB

Download
memory/5144-1221-0x0000023DD5FC0000-0x0000023DD5FC2000-memory.dmp

Filesize
8KB

Download
memory/5144-1222-0x0000023DD6A40000-0x0000023DD6A42000-memory.dmp

Filesize
8KB

Download
memory/5144-1219-0x0000023DD5FC0000-0x0000023DD5FC2000-memory.dmp

Filesize
8KB

Download
memory/5144-1217-0x0000023DCCDC0000-0x0000023DCCDC1000-memory.dmp

Filesize
4KB

Download
memory/5144-1198-0x0000023DCCD20000-0x0000023DCCD30000-memory.dmp

Filesize
64KB

Download
memory/5144-1206-0x0000023DCD320000-0x0000023DCD330000-memory.dmp

Filesize
64KB

Download
memory/6056-971-0x0000023F35760000-0x0000023F35761000-memory.dmp

Filesize
4KB

Download
memory/6056-969-0x0000023F35760000-0x0000023F35761000-memory.dmp

Filesize
4KB

Download