7f1f0afb813260a6a2ddc92a22f74df38becfedd467759e6da406139d90e0929

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 13:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SlackSetup.exe
Size

123.4MB
MD5

8a247c636ace3a2ebbab51b9fb693175
SHA1

dc72cb66a79f29313370f33adcc8f3934239ed54
SHA256

7f1f0afb813260a6a2ddc92a22f74df38becfedd467759e6da406139d90e0929
SHA512

37b91d97199b713669a55f003f5e2ed6dece193c7204b7c41a4cd3242f3eaf6c33ca1e559e715c5d415a052952468d9ead0cad69edfcef6c43851138ea96ef08
SSDEEP

3145728:YI09YaQ5PCAhIAiWvroMEmdSUXEvYpKi5jL+G5c:X0WFCA0MDRHAi5jL+Q

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com.squirrel.slack.slack = "\"C:\\Users\\Admin\\AppData\\Local\\slack\\slack.exe\" --process-start-args --startup"	slack.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com.squirrel.slack.slack = "\"C:\\Users\\Admin\\AppData\\Local\\slack\\slack.exe\" --process-start-args --startup"	slack.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation	slack.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation	slack.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation	slack.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	slack.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	slack.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 12 IoCs

pid	Process
1836	Update.exe
3188	Squirrel.exe
4736	slack.exe
3332	update.exe
4784	slack.exe
4528	slack.exe
2108	slack.exe
4368	slack.exe
1416	slack.exe
4728	slack.exe
4024	slack.exe
116	slack.exe

Loads dropped DLL 33 IoCs

pid	Process
4736	slack.exe
4736	slack.exe
4736	slack.exe
4736	slack.exe
4784	slack.exe
4528	slack.exe
4784	slack.exe
4784	slack.exe
4784	slack.exe
4784	slack.exe
4784	slack.exe
4784	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
4368	slack.exe
1416	slack.exe
4728	slack.exe
1416	slack.exe
1416	slack.exe
1416	slack.exe
1416	slack.exe
1416	slack.exe
1416	slack.exe
2108	slack.exe
2108	slack.exe
4024	slack.exe
116	slack.exe
116	slack.exe
116	slack.exe
116	slack.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	slack.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	slack.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	slack.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	slack.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	slack.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	slack.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	slack.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\slack\URL Protocol	slack.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\slack\ = "URL:slack"	slack.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\slack\shell\open\command	slack.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\slack\shell	slack.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\slack\shell\open	slack.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\slack\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\slack\\app-4.36.140\\slack.exe\" \"%1\""	slack.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\slack	slack.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
116	slack.exe
116	slack.exe
116	slack.exe
116	slack.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4736	slack.exe
Token: SeCreatePagefilePrivilege	4736	slack.exe
Token: SeDebugPrivilege	1836	Update.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe
Token: SeCreatePagefilePrivilege	2108	slack.exe
Token: SeShutdownPrivilege	2108	slack.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
1836	Update.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe
2108	slack.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 1836	4708	SlackSetup.exe	85
PID 4708 wrote to memory of 1836	4708	SlackSetup.exe	85
PID 4708 wrote to memory of 1836	4708	SlackSetup.exe	85
PID 1836 wrote to memory of 3188	1836	Update.exe	86
PID 1836 wrote to memory of 3188	1836	Update.exe	86
PID 1836 wrote to memory of 3188	1836	Update.exe	86
PID 1836 wrote to memory of 4736	1836	Update.exe	87
PID 1836 wrote to memory of 4736	1836	Update.exe	87
PID 4736 wrote to memory of 3332	4736	slack.exe	90
PID 4736 wrote to memory of 3332	4736	slack.exe	90
PID 4736 wrote to memory of 3332	4736	slack.exe	90
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4784	4736	slack.exe	91
PID 4736 wrote to memory of 4528	4736	slack.exe	92
PID 4736 wrote to memory of 4528	4736	slack.exe	92
PID 1836 wrote to memory of 2108	1836	Update.exe	95
PID 1836 wrote to memory of 2108	1836	Update.exe	95
PID 2108 wrote to memory of 4368	2108	slack.exe	97
PID 2108 wrote to memory of 4368	2108	slack.exe	97
PID 2108 wrote to memory of 1416	2108	slack.exe	98
PID 2108 wrote to memory of 1416	2108	slack.exe	98
PID 2108 wrote to memory of 1416	2108	slack.exe	98
PID 2108 wrote to memory of 1416	2108	slack.exe	98
PID 2108 wrote to memory of 1416	2108	slack.exe	98
PID 2108 wrote to memory of 1416	2108	slack.exe	98

C:\Users\Admin\AppData\Local\Temp\SlackSetup.exe
"C:\Users\Admin\AppData\Local\Temp\SlackSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1836
- - C:\Users\Admin\AppData\Local\slack\app-4.36.140\Squirrel.exe
    "C:\Users\Admin\AppData\Local\slack\app-4.36.140\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:3188
- - C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe
    "C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe" --squirrel-install 4.36.140
    3⤵
    - Adds Run key to start application
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4736
  - - C:\Users\Admin\AppData\Local\slack\update.exe
      C:\Users\Admin\AppData\Local\slack\update.exe --createShortcut slack.exe -l Desktop,StartMenu
      4⤵
      Executes dropped EXE
      PID:3332
  - - C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe
      "C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe" --type=gpu-process --enable-logging --user-data-dir="C:\Users\Admin\AppData\Roaming\Slack" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --enable-logging --log-file="C:\Users\Admin\AppData\Roaming\Slack\logs\default\electron_debug.log" --mojo-platform-channel-handle=1812 --field-trial-handle=1816,i,14481650072051730664,14321031900294630886,262144 --enable-features=kWebSQLAccess --disable-features=AllowAggressiveThrottlingWithWebSocket,CalculateNativeWinOcclusion,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,LogJsConsoleMessages,RequestInitiatorSiteLockEnfocement,SpareRendererForSitePerProcess,WebRTCPipeWireCapturer,WebRtcHideLocalIpsWithMdns,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4784
  - - C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe
      "C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-logging --user-data-dir="C:\Users\Admin\AppData\Roaming\Slack" --enable-logging --log-file="C:\Users\Admin\AppData\Roaming\Slack\logs\default\electron_debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1816,i,14481650072051730664,14321031900294630886,262144 --enable-features=kWebSQLAccess --disable-features=AllowAggressiveThrottlingWithWebSocket,CalculateNativeWinOcclusion,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,LogJsConsoleMessages,RequestInitiatorSiteLockEnfocement,SpareRendererForSitePerProcess,WebRTCPipeWireCapturer,WebRtcHideLocalIpsWithMdns,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4528
- - C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe
    "C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe" --squirrel-firstrun
    3⤵
    - Adds Run key to start application
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe
      C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Slack /prefetch:7 --no-upload-gzip --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Slack\Crashpad --url=https://slack.com/apps/sentryproxy/api/5277886/minidump/?sentry_key=fd30fe469dbf4aec9db40548e5acf91e --annotation=_productName=Slack --annotation=_version=4.36.140 --annotation=plat=Win64 --annotation=prod=Electron "--annotation=sentry___initialScope={\"release\":\"[email protected]\",\"environment\":\"production\",\"user\":{\"id\":\"ab426c23-bb80-4d9d-b8d8-2ac8776552a3\"},\"tags\":{\"uuid\":\"ab426c23-bb80-4d9d-b8d8-2ac8776552a3\"}}" --annotation=ver=28.2.0 --initial-client-data=0x45c,0x454,0x424,0x470,0x448,0x7ff668f62648,0x7ff668f62654,0x7ff668f62660
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4368
  - - C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe
      "C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe" --type=gpu-process --enable-logging --user-data-dir="C:\Users\Admin\AppData\Roaming\Slack" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --enable-logging --log-file="C:\Users\Admin\AppData\Roaming\Slack\logs\default\electron_debug.log" --mojo-platform-channel-handle=1744 --field-trial-handle=1748,i,6576772913785784909,12196433026533605472,262144 --enable-features=kWebSQLAccess --disable-features=AllowAggressiveThrottlingWithWebSocket,CalculateNativeWinOcclusion,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,LogJsConsoleMessages,RequestInitiatorSiteLockEnfocement,SpareRendererForSitePerProcess,WebRTCPipeWireCapturer,WebRtcHideLocalIpsWithMdns,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1416
  - - C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe
      "C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-logging --user-data-dir="C:\Users\Admin\AppData\Roaming\Slack" --standard-schemes=app,slack-webapp-dev --enable-sandbox --secure-schemes=app,slack-webapp-dev --bypasscsp-schemes=slack-webapp-dev --cors-schemes=slack-webapp-dev --fetch-schemes=slack-webapp-dev --service-worker-schemes=slack-webapp-dev --enable-logging --log-file="C:\Users\Admin\AppData\Roaming\Slack\logs\default\electron_debug.log" --mojo-platform-channel-handle=1956 --field-trial-handle=1748,i,6576772913785784909,12196433026533605472,262144 --enable-features=kWebSQLAccess --disable-features=AllowAggressiveThrottlingWithWebSocket,CalculateNativeWinOcclusion,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,LogJsConsoleMessages,RequestInitiatorSiteLockEnfocement,SpareRendererForSitePerProcess,WebRTCPipeWireCapturer,WebRtcHideLocalIpsWithMdns,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4728
  - - C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe
      "C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Slack" --standard-schemes=app,slack-webapp-dev --enable-sandbox --secure-schemes=app,slack-webapp-dev --bypasscsp-schemes=slack-webapp-dev --cors-schemes=slack-webapp-dev --fetch-schemes=slack-webapp-dev --service-worker-schemes=slack-webapp-dev --app-user-model-id=com.squirrel.slack.slack --app-path="C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources\app.asar" --enable-sandbox --enable-blink-features=ExperimentalJSProfiler --disable-blink-features --first-renderer-process --autoplay-policy=no-user-gesture-required --enable-logging --force-color-profile=srgb --log-file="C:\Users\Admin\AppData\Roaming\Slack\logs\default\electron_debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3004 --field-trial-handle=1748,i,6576772913785784909,12196433026533605472,262144 --enable-features=kWebSQLAccess --disable-features=AllowAggressiveThrottlingWithWebSocket,CalculateNativeWinOcclusion,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,LogJsConsoleMessages,RequestInitiatorSiteLockEnfocement,SpareRendererForSitePerProcess,WebRTCPipeWireCapturer,WebRtcHideLocalIpsWithMdns,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --window-type=main /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:4024
  - - C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe
      "C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --enable-logging --user-data-dir="C:\Users\Admin\AppData\Roaming\Slack" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --enable-logging --log-file="C:\Users\Admin\AppData\Roaming\Slack\logs\default\electron_debug.log" --mojo-platform-channel-handle=2540 --field-trial-handle=1748,i,6576772913785784909,12196433026533605472,262144 --enable-features=kWebSQLAccess --disable-features=AllowAggressiveThrottlingWithWebSocket,CalculateNativeWinOcclusion,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,LogJsConsoleMessages,RequestInitiatorSiteLockEnfocement,SpareRendererForSitePerProcess,WebRTCPipeWireCapturer,WebRtcHideLocalIpsWithMdns,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      Drops file in System32 directory
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Update.exe.log

Filesize
1KB

MD5
6eb96c16eb677b6a8c1df381a0497a1a

SHA1
d4596baadc2d4bee89d57e1718ab30c0b7d563ec

SHA256
e96331392d474ca0fbc51036c7d55aa3a37aae6b074d50ebd106a277b0cb4097

SHA512
3d472d56ceb73a3df3f65eff6af088b3a81ab553153cbda925091500a6543cf83e84872f2bc81f218deddecd8f3c9868d784c2fe08ece95f915138becaecfb0b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
79B

MD5
8cc35d6a9e325c70c216f6f2594f6eb6

SHA1
0d9ff5c1c3899d05a3227d81d6c8a22a1d676258

SHA256
17ba7b2fbe61cfec4c50a4990c7cab900ddbc77a0f8fbd62960e406e938f2e2c

SHA512
0d628e31958b4fc2eb9195feb6a5a7008eed2cc71ce12279eb6055f47500e4609a2948112cdb0822bcbd15b98ee963371124b9430ff399f1c8dba29e04bac878

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
9095ac71915ee2f2a68aebf76e88b4ea

SHA1
f548e928afecaba5b0c654ffd8bdc995d51671a3

SHA256
ecbe400c4afc4aee1f5b7e4ad02560f8a719c917711ed710e939caa3d3763649

SHA512
d7fff40aa71057282e516dd7b21b1f68087f95ac53601a785b5ac82c9bb3c582df3005fe89f1a99b9ddd1cb6b30682def75a0f004877343c74085bf8a45f2cea

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
191KB

MD5
0b6b63cdaeae40f461aadfdef1d526bc

SHA1
b7cccd3328769552e9e8e0860ba933e9f6eb562f

SHA256
a23577728f09e8f4b24d7b03d2cb3611428d6acd2efb72db28289c7901e42fd8

SHA512
a07b77ad039762f5235348189767955a1ae5c37ba6a9697161855afab966d3e75e73337ae0853499a09b2bef74a5d8cfc00cf2525e165cc77ee82497bc6bb223

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\slack-4.36.140-full.nupkg

Filesize
4.0MB

MD5
742584cf6229a9c1ef0c4f82554592a3

SHA1
3d410946dc8a6f80dd8f705bce6421261e88e4fe

SHA256
8cebc28d0d1527e2134b535f157fb9bae2de3ed8a535aee25abd76db2ebd60da

SHA512
613ef83d46d672690f03af30c1bacee6ba78443929c739327ce7f6e6073391c7858a12c56a2a3521e5a8817d2c7975a8f145352f5d70cbda51e3df1b1c8171c1

Download Submit
C:\Users\Admin\AppData\Local\slack\Update.exe

Filesize
290KB

MD5
9e0d40cb25a001c378001745e5eeb237

SHA1
7949e87267ff73da31812cc402e5bedfd6bcb497

SHA256
2cc0a19aa6501a5594f42acbe73b24095433a77984211f0bf3e399684254c921

SHA512
66960ab1c1312c5d4591d3b06e47453521101c9008ffe766cbc804b6d599c86e27800244700cda3bbb1e317203dbfdfc6856296d7b6b67b12395e50b6cc61bb4

Download Submit
C:\Users\Admin\AppData\Local\slack\Update.exe

Filesize
383KB

MD5
1c89142b38256e7ad3a41dcb22a788ab

SHA1
852948bfcf6cd50e166b61473888a155509306fe

SHA256
32163de954b28a2fbf7d2ec4645ffce9cfc025e3682f7946bba024d1659189cb

SHA512
298c7b25041f4a42ce755db59b419451a1fd5e9f9d11573c9f1822039cec9ae38d2ef25a06ba468375c35ff61b3c03a575de178223006e46da9870cf7cee55b2

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\D3DCompiler_47.dll

Filesize
159KB

MD5
0d9af913488be54a55c488aa9087d08a

SHA1
52f7e2c18520f2f41bccf00a1279226ccc498f74

SHA256
36830c6c42c1e5ef3eff22840e2d841001c8ed84ed99104bad5cc5d698a6c63a

SHA512
8e26a7dd8558b2de894e9dfb2346048fe503e961653abe40153548552c0bb206119425699079c58d197982b4f09b12dceea5bd96031cb0113013e57c4440ef77

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\d3dcompiler_47.dll

Filesize
118KB

MD5
0120d03d81e9d4fc709e87e53244ac15

SHA1
9158ad2493c4b9d2c20961de6452b7f9f8969faa

SHA256
88357747c1fb249622a49b33272f69a31369f4171bd68066cf7485bcfaf79d2f

SHA512
8441d82644531b32e916a8cf50a53ee6e007e37b491ede82c52e2ff291f12e9e58f2f64479ff753f831afbc63366a2d47bd0c46b14296bea27ec3601b1f00dd4

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\dxcompiler.dll

Filesize
159KB

MD5
1ab5ced76506d1dbdff7a16b6488933a

SHA1
9a54f89ae97db80040cef73471809277e4383c11

SHA256
cfc2070273b7d9475d76debedc52e276ef755e3803580ffee17c15ab49d245ed

SHA512
59a98df81ee748fadddd1654e7876cdf748575c6c893136ce872de73b9bda14dbd1d4dfe6b263edc7dc7bb359f2f1be32305bd228fd2e60f0a43e4b1208ab87f

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\dxcompiler.dll

Filesize
88KB

MD5
3be4b3cc7706741576f3e624529e9c90

SHA1
63dacc5372361425d7ff7320180bff7a2423a04d

SHA256
0bd2a728104788c4b0881550d0fd66dadbb849d204051fd57cf03b4b8a1e6730

SHA512
17b9d572ee4e3bb66ed7f9e31a272c9815c981edf168764fb1cd52af731754bc35de32158fedf8761550e47bc347e58396c1360414e814ad1e83cccf21b47ae9

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\dxil.dll

Filesize
190KB

MD5
ea16851b9e0f02066ad84461f1109c1e

SHA1
49978ec160b39df3148dfddc7b64a47897069abf

SHA256
1b0e9c2a50919d887656a2fc8432e340fd22347e928861ce6f31148395632feb

SHA512
62f1f08c44be4718b6b9a2c3d5aa8218de6943149fc7af5aabd76a16a464edf4b82297782700eab9a26362ec9de27add06a4ce4aedeab2f939f857731a453498

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\dxil.dll

Filesize
27KB

MD5
1f6c4c34fe77e20a4a819d7cac8d244a

SHA1
dbcf604d514fdacbd9d0c376a774acb740385dc7

SHA256
1405230ccdcaa1babf855086e437d5ba4e54c65e408d94d3891d5571f000e723

SHA512
48582821415762d934654b42d5546b814ae3f24031299a5f2204a8a316abce933405d7ce35e1f36d6a89ef173eec6974c840aefa68f7848fa1aa6fdf7aaf144d

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\ffmpeg.dll

Filesize
1.1MB

MD5
acee3eec8d98ddad78bbbd9228c26fec

SHA1
5fb848840101a280a06f2af926a0b494cd47421e

SHA256
9f74b2a16a0bb7794478c582541b904207476ae07f942bc53333655d7ba5f398

SHA512
317e5c261b4d2607d82adad9cf2d8ce70907d062b41493db402c5800ddd21d5fcb3a9fc5d5ea250798ecede14c324c0c168f01291121a6a4f2094db84ff96af8

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\ffmpeg.dll

Filesize
1.4MB

MD5
b2a204342bba4d8430bdcef8d5cb66bb

SHA1
72ebab71bfc80dc50a38329e5f7d46875952a014

SHA256
f4d0220c6b4c65766b90ac62e72cb011613235964cdfe4b175b8650dd1802449

SHA512
f70158a69a81a9c61b71c706573f7beb9effca65f251b3ac86945bff76bbe2b43924e465a1b660184f9f938246efeccf2f27112b8bb8c0584ad6fe6d6e71e55d

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\ffmpeg.dll

Filesize
128KB

MD5
72ea430615f625b407b00c52751bd83e

SHA1
c51374ed59d6c29a8cfd3b97df75740cfcf67ba3

SHA256
703cf5855982540e083dda57afe497927575d9201153d01a004a5e7c345e2987

SHA512
11893b95be050f1fe4a7f46e9c82e7a91f3d4413ac09435f43789d7e2edd09d14e54ae048f2566c3f9fbeeb0414be7fc334f9183c11cedf7df0de0c9f5b07418

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\ffmpeg.dll

Filesize
232KB

MD5
88664e6238ec5a35b7d9f8234c4dadb5

SHA1
b30e00392340b81ef5a42d5dbc07d266be551480

SHA256
96c5f30591d38170d53828228ec5ffe68d172b626f9a930d633d272c64fc864a

SHA512
839b12488bf471cc513afd908cc05c3e8ae17a7e758acea950ebd257ca9747d5ae4099955633302dddb127ac5649626eb54022aded19260b92be8dc5fc867bee

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\ffmpeg.dll

Filesize
124KB

MD5
e75b27ef29a67ae3a9921b792879da45

SHA1
3e98beb06463dcb70d52bbc899f6c2d952ff8ca3

SHA256
1ab4662ae009a36d61c454828cd04b8d4a1247bcb65b66fde9635456d391b8f6

SHA512
1f7627ee95d842d6b7b7319b8da82882290dc31bf089dfbaf979fff58880922006a8009a88e6cfa27bd7da3b8b3a1b725f3bfde76dd2ee25ba9f41a1e1b8507d

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\ffmpeg.dll

Filesize
410KB

MD5
097116e0ee41426dab4c73e3960f0b8e

SHA1
6d666b5fe23e089735b8f41603cf48d5210d230e

SHA256
75361d599dfcca51230f9734a7d903b45dfdc21d1f8b5c307f2db0fd3be7b6c4

SHA512
e5a6970ad535d747220eb935051d1b07ca99cff23868e6d990a78ccd36d492247a1f19b77b7ff66990d2e1b15308706701c1eecd00ddaa6a89e266a49204a81f

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\ffmpeg.dll

Filesize
317KB

MD5
3a6835ca55dd50c64e7643b0c56bd62c

SHA1
e3047541a7fbfccee4fd7d112b5007d21c6364c4

SHA256
9db3983b10a7fc8bd23ae3775f3fb277c6b6e5e2fb8ff8c0beb4c298859753a9

SHA512
8050dccb507e46f5373092f9a53ff9b78922f8558c7d06c5803ae36c9bd969ed591f688f9cc9b6260e7cd2ce9f24be7d3684afca2afebf8f9f71ffcce25f4ba3

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\icudtl.dat

Filesize
1.3MB

MD5
af43b3ac734eff108ea4383436182f25

SHA1
1c6e1845743f09acd7bd73bf9cb02cac9c8eff7c

SHA256
de84d7b345d17284bf52c4816c43b0660a3273edee3f53a956bbf199334cb035

SHA512
a053748e19ac69034e974a0d39891f4256d5a8a1d0c36e74a922e0932b6988969b9ab3afac7fddb02bc68ae55b07920a85a453d8d1b002d798c1cb3e7f31e3eb

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\libEGL.dll

Filesize
102KB

MD5
3d5a6c71c1f4cba6723de3750012a126

SHA1
4912784c52399f006e21a16d2211c95b61e7489d

SHA256
8b13f65e124602314e5f170af141f199e35c7f9c15cd00c193d1b9cd4c8feaa0

SHA512
767df0c11aaa002d1f2a282445746b4eeb14930a932a11c495ad99dd8c66be13c0f5edb3df0162640696337e1cbcc2101a73cb405a80d3beef58d30c285a28d8

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\libGLESv2.dll

Filesize
157KB

MD5
620ba308cc3bce33b8a18eaa9593e4e5

SHA1
11b1b25ee6fc69969cd589254a48e79171cf03ab

SHA256
237461ed0a24ccc67622dec0a90c53a83c165f1b52aeb874063faccc36136c10

SHA512
09b87112649761dd61bb20ffef620bcc44894a4193edd1ea05bf413273cb8486153d407a8a107c5e60a27b5008b14db25ac7acf40af01d1fbb76f1b6e1ea757b

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\libegl.dll

Filesize
154KB

MD5
fecf37928ffcc29478b3cb29cb92a3a0

SHA1
f886c19ed81016bb2ee4bbbef6add2842d544133

SHA256
6e0b1eb554f68016788e2ce8e56fec539653ea58d09ffbdb2f84cb6317c4c67a

SHA512
f469ecd5511ea7714ad57f78cdbd3c56760c821e9bd45406c6f0398d5e4b0ad980291e16e2d24895b42b7a5e7a9b6f0936607c8d6e01e052e84e21143d918618

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\libglesv2.dll

Filesize
192KB

MD5
07854e494b1733dcae52474a121570a0

SHA1
eb638849ee4a396dacefef46c151affb077a12c8

SHA256
0fb1164b40af368ae25f29851b011a6f621f9bf88dca9ac34848585f0fd38c4c

SHA512
94e5c4a4a91f37aa7670c7f8d4e3d7a76e34f2daf7ead0d7cfc08ed1346620fbc91f8f3afb2ef35973bbbc9e2680c2c0c6e901b1be8db7398ed989af965ff2ef

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources.pak

Filesize
704KB

MD5
8e3910997663fce8fb73fae2615a9b89

SHA1
604b3d4c17f296311ae58ace701b41ac6206e7bc

SHA256
78ad30251679dc2eda307c39700305f00601847314bbd31e297bf590d2fd8d26

SHA512
5f480a0a90ba5be6f11b7a5b6c0df91cffb10b764976833a8ce2c927a2d8685baf6f66fe02d3d8b9921cc110ba2c171734b3a5133f34f87cf7a3fe288482aa49

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources\VisualElementsManifest.xml

Filesize
314B

MD5
45934ca33f6cfd00f2ddc238159eb860

SHA1
c4aa971d0f7112a5919d5bef017f800b72007849

SHA256
e6ebadf81e8321f97516d59358dca7454b3a277c9211e699a7215e5d42c8af9f

SHA512
ba540cf2dd82ba5ff7311b1d9de214d0e905dc0f85cbe976780aa031e1b0ec20cf0363135a11e87ce91b4f7f3f7327d26361fb581d4052b81a9f768f5f4443c3

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources\app.asar

Filesize
500KB

MD5
7e3f4606a714216d2978e52bdb0e696a

SHA1
6bfe6fca537b4e2bb2b9e329495d5dea4aa6b732

SHA256
99205b5e132144feb8dcff5ba14dd18594abfc18bda2e618a3cca65e9c3ec064

SHA512
39c5543b6195e034872d08226597d3953d61cc34574131eb88bd71ff5ba5183c5ad77e682784bc78fbb6c7f6c1a873ce36eda0b2df9c58a941dd945ea22205bd

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources\app.asar.unpacked\dist\resources\slack-taskbar-rest.ico

Filesize
11KB

MD5
ffbe7e3f32354e068f94b863820c35de

SHA1
f5acb7376feb2421b7faffd2b23f3c091345664f

SHA256
6678f55e545c2181ba1cfb5427eab880662d028d1614e2de263cb9e8dd3b7ab5

SHA512
cfa640cb259ce5f4a7ecc4695b8fe6cc2d8282b46533ac8be9a0d40f35b927a59315b8fd1c1473b7c04339a6380557975f2ec3ce840c9cfa705d4528078b1d2d

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources\app.asar.unpacked\node_modules\@tinyspeck\slack-desktop-utils\lib\binding\napi-v8-win32-x64\slackdesktoputils.node

Filesize
215KB

MD5
5fa353003de624fe950577aa751dd398

SHA1
0fa34703bfc129d7449832866ae2da6318cdce79

SHA256
08706a774bc520984f7765498a961c284ac35d8cc819910c5c2d342e5b342936

SHA512
8eb1c984a8e0dc78c4ea9750254b2598dc64d2a08e3c584c0c8d6fe78fb31bd32f549a8b3264d8f743bbdcca33e9eab60ecc66a711f7cb87038732a1c9aee216

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources\app.asar.unpacked\node_modules\electron-native-auth\build\Release\electron_native_auth.node

Filesize
121KB

MD5
ec1a4812ca0ea8aaa636d6d6e5b4dde3

SHA1
dc174aee3bb86223dcad0d98858b3632e31d30ff

SHA256
3f79fbb6b22caeb4d4efa12e3fd0b80f83d1673e551cffbee8aa032352df7dc7

SHA512
de3056576083862a94da176d7340f9c717591db5d28b5bbb9d78b190be7e99429b094d61c20b49937a49e2e001ebcaffd04396be9f68bd3fd688eb425fb06920

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources\app.asar.unpacked\node_modules\electron-native-auth\build\Release\electron_native_auth.node

Filesize
34KB

MD5
45ea108f91a10803ca310e25149cf2fd

SHA1
c4f32773064ade1059362fc2cc9455d964456f69

SHA256
986e023affbe6fd015943b4542d79f6ed02fef8e68d0f0b09ba27f8bb02edb9b

SHA512
9a120e9f491f1daec18d372ea652ab3ac4eae0f2327869efd346df589d6d7b58b3e3039c5085de6622987c3f1db126fffbd03f1c226bcc55370db689bc30562e

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources\app.asar.unpacked\node_modules\file-handler-info\build\Release\file_handler_info.node

Filesize
118KB

MD5
c48c856110d71a3902fe53d6891c8aa4

SHA1
d96d1519b02d7de4f7aeec05ee79373b59fd27ca

SHA256
96e93ba0f8670adbabd984e54c4d58b212d0937b16188e422af963f3722c027d

SHA512
fa95bd84b1f3f801ea4a9944c8c670ee86bb875a3242232f5b44e16a050f07b3ed4e9c1558f96ca96cec9c3c9563c5481d454f9fbbb00d1193386505abce3830

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.node

Filesize
570KB

MD5
6caffc2d04fd1a4fe63e39aed07ababc

SHA1
359b04358d9f032d3292555574eb9c253d6725c2

SHA256
d27cbee869b81ff56f68506170b4490b3c8f1e0a56d69312aab5ffccfcb84090

SHA512
28adb6b4dfa4832cac74173fd2e4368cdafe16acc77db2221475b44b766696d6dcaf5702347a9ed49a33c00cf0e29b17028dc7f071abf1c75f4fb8ef113bfc74

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.node

Filesize
623KB

MD5
07a3617961246219fc97a3b18df8ea28

SHA1
2e8c71c6ac4f56472bde7bd1cac60bdf343ee499

SHA256
5df27efbbc7e7dda258766a0f525d00899ed40be83f7260121d3d6ed90a4b3d3

SHA512
c8b7fb942707086fd734a2e4b8d7f3d439813b01958bd9c1b2faa88661c6bb03c4cd0942f94fa8dc11f2e70322cedfe443cd3e61808dd77c6b326f63a1189211

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\resources\slack.VisualElementsManifest.xml

Filesize
407B

MD5
2dfc1af2d9f2076c684290694066888a

SHA1
fb9964fa3699923df80d0a7154c1f0a97d71e5b9

SHA256
224b411233eb9f6be116655e8631e2fab51157310cdbabf41f065434f9cdde80

SHA512
267171490b8d3b9afbfb491f63d88d058daa3999957047dfc8e03d5a29803ae9ae05484a8daaa005f9aa916502607e37eb2225650ae2745ed699f7e2dad39e43

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe

Filesize
1.2MB

MD5
c88bbbf4740ca0ec42800b7c820af657

SHA1
465082b8bb5a4f476edcb10c658df9ec4891ff26

SHA256
613c73b3c062a0e7e4f01e0b3ab5b3ea5b06d9ae7047eeb4896d1f46a870f6fa

SHA512
6d790bf1345b9633c145ce088f1d1b32fa4dfc1d65c98addfa9095fa4ce07fcc03a18cd1a9a341ceb64d8065c6ae4c62dd9ec46237941da8fd532c5dae72a947

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe

Filesize
1.2MB

MD5
b1e4335241b239b84200d881f2749a31

SHA1
3d5d046203f5601eabb379e2b1d5622a9b4b6e66

SHA256
844c0eeab13840fab136d61b1de9d4dac593f38ed3fe086bdccc3c0dadf1278a

SHA512
947f504579671eb3a173579c0788abc3fdc36f953d38e6a166250d1e8833b113d5c476b95668788a720215e0c5ac2a552261b2ca65ffc2f83c8b3e33ffde5b0a

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe

Filesize
104KB

MD5
5338572433a5e36a76915b8fbd05dd3a

SHA1
bd1778c72d51fbc2d0b501cde46aaff9a84bc961

SHA256
b32e9b04a66b7ae0dcb255cd087a066cf71ad2c455b92a89310d23cea956e7cb

SHA512
db679c509e054c20838de795404ff845b1c6d01be7b88d498ef615ad71baf25b7df2f958fa83450f4a5020348eb1f5f07bd6110941f766afe26faa1ea5f6e1e6

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe

Filesize
54KB

MD5
2baef1b5f78993f8679369665a70c00e

SHA1
28830cd65e3798d44d3987fdfd94f0186df902fe

SHA256
fecb266e6aaedb5dd3234cc9a4d3c4dc3f34a7c941ca58d97549ef17b50896b1

SHA512
a576ffddda3844022e258fb5d2d93ee27770a6db46f5d266854f8e047f398222f610f2690b2083b97de8511431c9e307c8b7e6080856a29cb19dff0b971c887b

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe

Filesize
107KB

MD5
73b3c1873e7f16a243995217a84d52ac

SHA1
4bf2d4314cbefff26a23ce05c02cedce4537db52

SHA256
bd3990ff0be972b5be15a96c389dda158103cc520d73914a4f1b2c43901b91a6

SHA512
ed9156a2b0a89a4d05206f79572f1228c38bc174ab913fe7d013a3f21bd3dcafb8a3bf11682dd4fdefcf56da561f36c51940826ede7cf7184916555ee5cd0d4e

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe

Filesize
221KB

MD5
ea85977eca591cde12b4e8b44b72f704

SHA1
bcc2012392a489b852ea2c7016bfcb0c6b39cec7

SHA256
6c270ba3b6dc18375986b85c34a508deb52ae88a790e8de50cb9056e6c0cd130

SHA512
3ed753eede2d2e8e1910b80a32a9a20f32c20027b03f5bb1fb92e755e09373dabcd7c380d8bf3cc3ae351650756b7814ed4a65eca990ff731054902c4eb73de5

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe

Filesize
454KB

MD5
8f6784777c0a76a89a36d02d97537fd7

SHA1
1411d61dbb33c4dc7a04da259ae8bd2ad614a128

SHA256
7d5e275333b37f1ee0f070551c20c39e13ddb19dd976d1a0b0dbb7fe4f632423

SHA512
df0cae6aa243bde30a386ed58401dcbb382ba1cc45f5f7eb0d2ade3207d65ef73ee2c58d1232c93ada13a9fe8e7e82e706b01bded4eab62de070a44b395d1faa

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\slack.exe

Filesize
602KB

MD5
6102ef9efc34fe2dbb2bd621c1c0e50d

SHA1
e4021dfad1fe565ded58bf38bf3aebb45b2129e3

SHA256
89a63da5e60aa59f163798bd606c3c87befac0ca9ed07b51b3244fa5c10d8bab

SHA512
36e9b53c9b707844061b53d1410a0d84eec69f55f408720b9003c5389f693dd76bfc2b4a112b275d78065d1e44fff0bc53af8abe7e55983abc6f9e27fae8317e

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\squirrel.exe

Filesize
1.5MB

MD5
0e482680dd3f716957dcda6f4d0e7d49

SHA1
49b31bfa0b6a9fbcf344fc297ce389612623e3ac

SHA256
a7a519210cfc7256bac6680ec6ef4704672acc003d8a76ee712d67421440c088

SHA512
74a6438c0c45fb87a54988d45c58ba41459cd3d82d0382f5efc69d5aed15fac722e2f7693fc4209cfc1f71bd3f09401821cc0900c3b9e408fbea1398baa68441

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\v8_context_snapshot.bin

Filesize
627KB

MD5
1298438062b63727469ebc621c92a94a

SHA1
bcd438988949e8a91dc2943cd93a0170f9b651f6

SHA256
f8eea7a9aac13273777adb2dcc1058372c0dfa01fa2366bdbc087a359f19c8df

SHA512
8c31825da1e6fe81320b9dbbc7ecccab812dc40fb1dda7c5fc23374edf6fbfa54861b92de79f25937a0b853843861106b16c81f38d280c3a4bf1a606948e407e

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\vk_swiftshader.dll

Filesize
78KB

MD5
2f5597c3e835822953ffb725a7bf1fb6

SHA1
7cba9cb8f4ec3e38175ddc20b696757a26cbb0d8

SHA256
c4fc7e25ef9d19e354d0a7a1b2f95e6fb04272374366a86efe93514563ca66f4

SHA512
0f92daa14e6c2630af0d7d1bfaddc37d5f40ab9405e596885184dabbb3b95671ab0f1840d6692dba2cbb21d757ed1dc95013b706156ca44d5a6ff7f04e2af21e

Download Submit
C:\Users\Admin\AppData\Local\slack\app-4.36.140\vk_swiftshader.dll

Filesize
56KB

MD5
883aed71f1c144ed83d6d16061e01283

SHA1
a83b021ad0b41f1bf746b265b2b6b11ffbf71b2d

SHA256
123e02ccadb9dd278460d016970fcb09dd7e794639873927a3e362c899b0fa7f

SHA512
5a47324146646b4fff2862b08fe81bca9eed5a82558018500fde3c1576d005f9b2b63c9c57d341080588f78acf8dce1ed15a30adb0fc5659617f82055b41761b

Download Submit
C:\Users\Admin\AppData\Local\slack\packages\slack-4.36.140-full.nupkg

Filesize
69KB

MD5
d64f42e37cbe569255ec05a6db2c8050

SHA1
0d4277d1842f7dcdddd3068b3468f070120ceb67

SHA256
1c27900bd3691a776bb5fa3ce592f008609d454d3eba1d20e39c8057aad0f2a7

SHA512
c44a39cb833ea68febf203688e4fb3a59e44a0271e09dc69821eaff127fd977817db47ae125b439418d2797548083501a8f1d272b129b965e4248bbd0576f891

Download Submit
C:\Users\Admin\AppData\Local\slack\slack.exe

Filesize
245KB

MD5
4f750e1271c6e57a3a078955ebc5705d

SHA1
0b304a92d51d0dc3813c60b4d94406aea05e9782

SHA256
d4ef7d911ebbd109a6c12b678e3e39bed19c7bf4e362a82957f6509bf6846798

SHA512
d31c29f10ee9741f626bd646b5f419261a9ec6428499adeabe21c154cffc2c95054117688604eeee1a1725331356af7f54caba4ef264a47a305188d278e0403b

Download Submit
C:\Users\Admin\AppData\Local\slack\update.exe

Filesize
678KB

MD5
148959b25b6280957bcb962b0a0c36c8

SHA1
5e7a1ea0b8a2372c0af469a696dd72324a7ac191

SHA256
e1e6404ebdfbd5d5cae5bc63937888c7d1f284fa46d94c008fd80838b2c2624a

SHA512
587c89c9b246dc0769de7f39d08115b429b119d7f58b4e0304d55a528ab4695771888ae9f17c0c287e5ed2bbd5615082562bb3895100f272c006f26fd1b91198

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
7567abcd52c37e628d3a448c16204f49

SHA1
116548309728c0eb6f0912a47f29d8c81711928d

SHA256
69f55973987cabc742922f1fe9fbc79df1e4a139b05d6b2740a34b482080a714

SHA512
818613326d3c8f3c62763f8463d03e004a6a6cfbc117de49bdfb31046f1e257077caff6e232ca59d361a6dff522e5b7dedbe649e8b4bd4f1f16c4e2a076e48a1

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5c31c7974abfc88377de6a43b89059ee

SHA1
91b4abd1bf9b15b0cfdebe130b4c45c821d5fe3b

SHA256
c971ff240b894c44d621ef059952d9cc84dc6d0706b9c415aeec66dbda911db4

SHA512
b78c88a1d9296b5cf8805ef6d53c81259b8fc32f201fa49126cbe7f8d37edc92bc9c947ae1e073967a6ce726434201191e300c37e4fce5edee6eb229045a2ad5

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\Local State

Filesize
434B

MD5
578e77f796409aa6110189f3dfc26f88

SHA1
45340a38a12f09be9c9f4683db5aee690cbc9dd1

SHA256
4710b4cb4d97cd67bbcd6ede303f521a9def40af1ca7de5bd7054a572a73084d

SHA512
14276a25c66a593c135652223ebc2af45b729272e08e6f4d8fe0b00151d8fcf3a919cb0c11fd3c7d308f97df580290b7a049faad7dfdc5e5113e9c01b3e68332

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\Network\Network Persistent State

Filesize
582B

MD5
fe76095fffaea5052efadae549d69371

SHA1
41a8fd443e588d4a839c1a9fecba01a8e1e825c7

SHA256
cf38d1241c2ac43abb82abd4d142d312f529b1465de37742c36c1dc660340cdd

SHA512
c66c4a1eec0a15745d720de4344bb76037975aeaa446a53bc7d84f97d1a26a4472b12a332077d87053d4b27b2b895518ff3c7e662938af32d547d6c821c8c9ea

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\Network\Network Persistent State

Filesize
613B

MD5
95f6f1fdba7246094f8ba4fcedb93b1d

SHA1
454923b9051e0dd8394e894f6aeab2d55c1e3111

SHA256
cda961aa53c2c8411f443f2a82d62f1fcbdb8c8fcead1888a8ddccd2d769ff09

SHA512
e94aaa9b02e6049d4e9904bdffdbf41685ccf72bbec7819aa6b264d94a9df049b70b7b368ad2641fca6f691535ecb81437bb642d4040aa92e3d8f8a3767efd8d

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\Network\Network Persistent State~RFe588cf9.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\Network\TransportSecurity

Filesize
518B

MD5
11ff0e34e6bc55e5ec0d9a8b21186f53

SHA1
7420356ebfbec946d63c5b589fc10eb09d88a3fd

SHA256
b08e32b534d6d3d6f12222a4ab27248ae84f98e3a4b0b02bc59c006d903a7c5e

SHA512
96befd93529e676e55180fc048a15fd8ba2ef2e558a74170f88bcef50b3f58f883dc94be252fc8138554d43e11518bd1780d5fa595b9eb2e5dcf1a7954ed5cec

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\Network\TransportSecurity

Filesize
522B

MD5
5d46edea319fadd877a84e81356749a9

SHA1
6f2f2db09aa2dfe512106003f97131ef142aac6b

SHA256
54bd36cddc0feef271cbf556bdb9c6557effbb275a540953a5a793a593c0483e

SHA512
97b6d6afd209d0845a23da75ebea14e41f0c50903874caaa970f5925eb97739639c86dd6c5e225815c82140706282932a487cac641704b7e55f1a62bdca8de94

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\Network\TransportSecurity~RFe582de1.TMP

Filesize
522B

MD5
1c7136508b7705d4f07477ca33af1ca9

SHA1
159fc64515ad16b8b436add6b9f9ad3e828f60d0

SHA256
f92ecfb19bae56466871e1aa7b4b649a11fdc9a332f3196ed149452a428744ef

SHA512
b4061cc844b85259cbfdccb45436323866410190162d9424ae30f247b221d58b5037b61a96d7cc53f698a0f7e11ff0d23eaf680edd94866c601291f8338a9e09

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\local-settings.json

Filesize
39B

MD5
7bfc3641e823cf3505b3753f6bc1b019

SHA1
ed86adde6366afed961644f7e1f4a22f588ac624

SHA256
dff6818b1484bef303f9940d7c92d8b49efc58dfad79eb23e2beb5be0c16c6b9

SHA512
5ea8f710cb000352533ff6de9d027c9d826047cd101e44a1f8af686a6d21480d0d0797a5152de70e4f70a0e47d01ab3f313e27baa20021c9c69e181e22d9e5a8

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\local-settings.json

Filesize
78B

MD5
933046780ee0156185851c1582a4a159

SHA1
a53b3a81c5ebdf30fa8b7d0d6a1cce150fc110b0

SHA256
88a953e6af0a729a7aade39dde2e6d1de4a058ac566f1fd31846ff56543cda8a

SHA512
692f412edc8bafac76c4052a93dcc71041e4a92e893e3cb875126e8931b8f17fd6511913e3152e8dbc097f197c1f6ad565a68d6cff738a5d9745c2b3a49efe0d

Download Submit
C:\Users\Admin\AppData\Roaming\Slack\logs\default\browser.log

Filesize
824B

MD5
344968244f4d20444d64f18f0bd19dad

SHA1
854cf9027d74246eb5c571edbaeaecf89ab936e3

SHA256
c669fd8563665762a94f238699aaae1fb0d162437aa6684904504ba8486e6f1b

SHA512
fcfba3df8ffbf567168fd055d2fdcfe3a62858af7c57f4ade61834d879e0bd7a8ef0c74e40500477c62173826516d67423d6a9ead5171461437ff78d0afc9234

Download Submit
memory/116-462-0x0000022D5D5A0000-0x0000022D5D5A1000-memory.dmp

Filesize
4KB

Download
memory/116-469-0x0000022D5D5A0000-0x0000022D5D5A1000-memory.dmp

Filesize
4KB

Download
memory/116-461-0x0000022D5D5A0000-0x0000022D5D5A1000-memory.dmp

Filesize
4KB

Download
memory/116-467-0x0000022D5D5A0000-0x0000022D5D5A1000-memory.dmp

Filesize
4KB

Download
memory/116-473-0x0000022D5D5A0000-0x0000022D5D5A1000-memory.dmp

Filesize
4KB

Download
memory/116-472-0x0000022D5D5A0000-0x0000022D5D5A1000-memory.dmp

Filesize
4KB

Download
memory/116-470-0x0000022D5D5A0000-0x0000022D5D5A1000-memory.dmp

Filesize
4KB

Download
memory/116-471-0x0000022D5D5A0000-0x0000022D5D5A1000-memory.dmp

Filesize
4KB

Download
memory/116-468-0x0000022D5D5A0000-0x0000022D5D5A1000-memory.dmp

Filesize
4KB

Download
memory/116-463-0x0000022D5D5A0000-0x0000022D5D5A1000-memory.dmp

Filesize
4KB

Download
memory/1836-9-0x0000000004D30000-0x0000000004D40000-memory.dmp

Filesize
64KB

Download
memory/1836-204-0x0000000014DE0000-0x0000000014DEE000-memory.dmp

Filesize
56KB

Download
memory/1836-275-0x0000000010CA0000-0x0000000010D32000-memory.dmp

Filesize
584KB

Download
memory/1836-8-0x0000000073C80000-0x0000000074430000-memory.dmp

Filesize
7.7MB

Download
memory/1836-203-0x0000000014E00000-0x0000000014E38000-memory.dmp

Filesize
224KB

Download
memory/1836-294-0x0000000073C80000-0x0000000074430000-memory.dmp

Filesize
7.7MB

Download
memory/1836-7-0x0000000000240000-0x00000000003B8000-memory.dmp

Filesize
1.5MB

Download
memory/3188-303-0x0000000073C80000-0x0000000074430000-memory.dmp

Filesize
7.7MB

Download
memory/3188-201-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

Filesize
64KB

Download
memory/3188-197-0x0000000000110000-0x0000000000292000-memory.dmp

Filesize
1.5MB

Download
memory/3188-200-0x0000000073C80000-0x0000000074430000-memory.dmp

Filesize
7.7MB

Download
memory/3332-240-0x0000000004BA0000-0x0000000004BC0000-memory.dmp

Filesize
128KB

Download
memory/3332-243-0x0000000004CB0000-0x0000000004CC0000-memory.dmp

Filesize
64KB

Download
memory/3332-266-0x0000000073C80000-0x0000000074430000-memory.dmp

Filesize
7.7MB

Download
memory/3332-238-0x0000000073C80000-0x0000000074430000-memory.dmp

Filesize
7.7MB

Download
memory/4024-364-0x00007FFBCC030000-0x00007FFBCC031000-memory.dmp

Filesize
4KB

Download
memory/4024-365-0x00007FFBCA6C0000-0x00007FFBCA6C1000-memory.dmp

Filesize
4KB

Download