Analysis
-
max time kernel
195s -
max time network
301s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
29/05/2024, 08:21
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/doenerium6969/doenerium-fixed
Resource
win10-20240404-en
General
-
Target
https://github.com/doenerium6969/doenerium-fixed
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
flow ioc 25 camo.githubusercontent.com 26 camo.githubusercontent.com 27 camo.githubusercontent.com 20 camo.githubusercontent.com 22 camo.githubusercontent.com 23 camo.githubusercontent.com 24 camo.githubusercontent.com -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614444838014038" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 13 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings chrome.exe Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" PaintStudio.View.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content PaintStudio.View.exe Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix PaintStudio.View.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings PaintStudio.View.exe Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1" PaintStudio.View.exe Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" PaintStudio.View.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache PaintStudio.View.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache PaintStudio.View.exe Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200" PaintStudio.View.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies PaintStudio.View.exe Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" PaintStudio.View.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History PaintStudio.View.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4860 PaintStudio.View.exe -
Suspicious behavior: EnumeratesProcesses 23 IoCs
pid Process 2448 chrome.exe 2448 chrome.exe 3132 chrome.exe 3132 chrome.exe 1952 mspaint.exe 1952 mspaint.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe 4860 PaintStudio.View.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2448 chrome.exe 2448 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe -
Suspicious use of AdjustPrivilegeToken 49 IoCs
description pid Process Token: SeShutdownPrivilege 2448 chrome.exe Token: SeCreatePagefilePrivilege 2448 chrome.exe Token: SeShutdownPrivilege 2448 chrome.exe Token: SeCreatePagefilePrivilege 2448 chrome.exe Token: SeShutdownPrivilege 2448 chrome.exe Token: SeCreatePagefilePrivilege 2448 chrome.exe Token: SeShutdownPrivilege 2448 chrome.exe Token: SeCreatePagefilePrivilege 2448 chrome.exe Token: SeShutdownPrivilege 2448 chrome.exe Token: SeCreatePagefilePrivilege 2448 chrome.exe Token: SeShutdownPrivilege 2448 chrome.exe Token: SeCreatePagefilePrivilege 2448 chrome.exe Token: SeShutdownPrivilege 2448 chrome.exe Token: SeCreatePagefilePrivilege 2448 chrome.exe Token: SeShutdownPrivilege 2448 chrome.exe Token: SeCreatePagefilePrivilege 2448 chrome.exe Token: SeShutdownPrivilege 2448 chrome.exe Token: SeCreatePagefilePrivilege 2448 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeShutdownPrivilege 3132 chrome.exe Token: SeCreatePagefilePrivilege 3132 chrome.exe Token: SeDebugPrivilege 4860 PaintStudio.View.exe Token: SeDebugPrivilege 4860 PaintStudio.View.exe Token: SeDebugPrivilege 4860 PaintStudio.View.exe -
Suspicious use of FindShellTrayWindow 61 IoCs
pid Process 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 2448 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe 3132 chrome.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1952 mspaint.exe 4860 PaintStudio.View.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2448 wrote to memory of 1404 2448 chrome.exe 74 PID 2448 wrote to memory of 1404 2448 chrome.exe 74 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 1728 2448 chrome.exe 76 PID 2448 wrote to memory of 2920 2448 chrome.exe 77 PID 2448 wrote to memory of 2920 2448 chrome.exe 77 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78 PID 2448 wrote to memory of 2376 2448 chrome.exe 78
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/doenerium6969/doenerium-fixed1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff887b89758,0x7ff887b89768,0x7ff887b897782⤵PID:1404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1756,i,3846892654945730472,8552427793700538393,131072 /prefetch:22⤵PID:1728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1756,i,3846892654945730472,8552427793700538393,131072 /prefetch:82⤵PID:2920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1756,i,3846892654945730472,8552427793700538393,131072 /prefetch:82⤵PID:2376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1756,i,3846892654945730472,8552427793700538393,131072 /prefetch:12⤵PID:3576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1756,i,3846892654945730472,8552427793700538393,131072 /prefetch:12⤵PID:5052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3780 --field-trial-handle=1756,i,3846892654945730472,8552427793700538393,131072 /prefetch:82⤵PID:2516
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1756,i,3846892654945730472,8552427793700538393,131072 /prefetch:82⤵PID:364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1756,i,3846892654945730472,8552427793700538393,131072 /prefetch:82⤵PID:68
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3588
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2756
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\doenerium-fixed-main\install.bat" "1⤵PID:1308
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\doenerium-fixed-main\install.bat" "1⤵PID:4608
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\doenerium-fixed-main\fix.bat" "1⤵PID:3304
-
C:\Windows\System32\NOTEPAD.EXE"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\doenerium-fixed-main\install.bat1⤵PID:2752
-
C:\Windows\System32\NOTEPAD.EXE"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\doenerium-fixed-main\build.bat1⤵PID:3128
-
C:\Windows\System32\NOTEPAD.EXE"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\doenerium-fixed-main\setup.bat1⤵PID:4892
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\doenerium-fixed-main\setup.bat" "1⤵PID:4316
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\doenerium-fixed-main\setup.bat" "1⤵PID:4328
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\doenerium-fixed-main\setup.bat" "1⤵PID:3740
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\doenerium-fixed-main\setup.bat" "1⤵PID:4076
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\doenerium-fixed-main\setup.bat" "1⤵PID:1696
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\doenerium-fixed-main\setup.bat" "1⤵PID:4480
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\doenerium-fixed-main\setup.bat" "1⤵PID:3636
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3132 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff887b89758,0x7ff887b89768,0x7ff887b897782⤵PID:4048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:22⤵PID:4296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:82⤵PID:4428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:82⤵PID:3448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:12⤵PID:200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:12⤵PID:312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:12⤵PID:512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:82⤵PID:1620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:82⤵PID:4732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:82⤵PID:2824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:82⤵PID:4276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:82⤵PID:4076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:82⤵PID:4680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:82⤵PID:884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5364 --field-trial-handle=1740,i,13916822936171667228,9700129391536146191,131072 /prefetch:12⤵PID:4324
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3104
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\doenerium-fixed-main\screenshots\1.png" /ForceBootstrapPaint3D1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1952
-
C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca1⤵
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD5c64929d71f8769929406b672778db163
SHA19dcbf05f8029ec6263ec43b6958a54626adb62d1
SHA256b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a
SHA5129ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2e23b444-33ba-4731-bfe3-a296fceb19aa.tmp
Filesize6KB
MD51de387b89e0cab399e6f37030355e73b
SHA165279c2082deb934779f9e7ad05d8e23f0c5059e
SHA2562aeb5554cb3b7d0b37b3238a18f12406bab7f27a09b7f99ef726875a33c330d0
SHA5128ca78145546b358e1c660e609c01fe0b359dfcabb47fff125e8599750ed642f00f0ef43b77a479b7cbb894adf885657f78aa3d498b89e27e4d9e9b6676dc64fe
-
Filesize
44KB
MD5c689529c19bde63fd748831964e9ecf9
SHA127157ce8ec1f86cc25ef593bd88fa2d90ed125e0
SHA256b3379b7298ffbd6353497416f0e1a85a40a355f05a657ebc95f79a134ea7d820
SHA51224242457abaed87363b8db9ebef08674861c343e610e6c69d1f630b16bf0eac8868944c255c97e4518095a9e2574afb042ba349a2fd357d4873afda2d26f1b38
-
Filesize
264KB
MD50b5d490a9a2e1e18310c2872b425efe9
SHA1f607277a3d82a89d9a47bca029c416c9c2ff3259
SHA256c06732f1bf72b0787fe35a42941948980c0d1c3a6429df32a4675117d5d9c7f8
SHA5127cba753dd7482b28fe20f50ba0bebd5039c2d3c2a8b62abf706e64d35e6e40132c7460b6607ff2eccf43ecbaece27bff5be90652538b15ed3d277ca317510398
-
Filesize
1.0MB
MD5354c135393c9f9fe3195734eaa4c9db7
SHA137ffa8322a4d6f0172dba60d0e0a709d48f3cf52
SHA2561229c128656bd1b7ce3b1b4629706322c8027d01c3d3df9ddbec137fd3ddf8c0
SHA512399c2f74da11741e2f7728932de2e9b307e7078994adea61a4f740c33264b1a0d6cba63fd861e256b39a1f6042dda7679ec698b66fbd4933c6e31e24e7a4873f
-
Filesize
4.0MB
MD509a4b234ee3547169ef0b63f16f2e278
SHA11ee3f80d6a1b851ce9227ae263a4a2425a5be3b3
SHA256c14072d77e6c8ddb3d16d9b24b76bc09fcd9607845ff8f1a29734cd3ba86fd17
SHA5121cdef1967a87dcb7be85911af74e69b18c69a5b8ebb3f6a62d51e1fa6863da7710136cc577475ad9621afc18a86caa504e3acbedf0f58450ba5dbb1001948081
-
Filesize
1KB
MD53910c5d93678746065cd687627be4820
SHA1ce2ff670fe060bdd729642b841f4aabac1ee1df7
SHA2568f6fc5dd012a13cdb51a9ae97b71deb2de3fb1ec17b59fede35ab720e29fd04f
SHA51246b31b2a72bb56ff6ef71387bbdb87282caea9ab531b045707617761971dd80176b09947d99fcc2daf93f5af0ee841a0fe6e5f9169e2b371ce87f13af9d49e19
-
Filesize
2KB
MD5f970596f783e7abbe34a53f745e4e8f7
SHA10c47821c0cd9a3fae7be49af9d9d1aad106bfe52
SHA256ae6cbd22afef41df386f68e6a89688924462c6abbb7e7847b720e8f40ed2c8ea
SHA5123c9ee820a8bbdeb0507ba855e9e14e0c58c918ede646fa7b9a583be11bf6256400f94c9ac90939d0d05e0dc6e415ca93622ea85611c5d7dbc640f3450e82f109
-
Filesize
317B
MD522597d0a7589bb53c1749f325713f7ae
SHA1825ee183a68dde9b2eca17518f8ad97ce636156b
SHA256d7f9e6da230fb7bec659db214fc31fb9c3ac39f33b70dc660eb3460384ec0f09
SHA5126ea23921f763bac4c24ad3587e23fef674df8c67bca75e2c1aa9d416b2188d0295e56c6ae1855bf02b87c473212b09b79671af3031a5048f919fecbe2228e880
-
Filesize
20KB
MD51a538e6e8808593e8b1b2a7bfb502e75
SHA1bb8dc80030de5a4328eace548705b38154ab8fe8
SHA256fed5fd98603ea39883def22f4ed20d59dd2a4e6b2d740224c79ecd620a4714d7
SHA51298340a5ad67223448498386971636cc3da270253001b29b9e23f0c7250e1bcc62272935f68b2353c7f75fe28033ed8e0b4b623fb7976f447d444089bf8951ac8
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
148KB
MD58a91c258da1a287f418fe9edce4d7139
SHA13f912a33cca95495c3a60f0a151e58cbed93ea8d
SHA256cc94f5cbf94f03732bdbef2cb3eba0eeda02df62b265c96a2ab612e93249d257
SHA512a327fbebc30941444875b684bbad0a97a8bb0aed784df8378ecad7d3a9386ef687b92b1ffc607a788766a61786e0aa8c64986362cd38961bcaa5c22044f97123
-
Filesize
13KB
MD55d9bf818f3b476eada94a2125820234a
SHA17e872883d7b58991cf5f593be49a8c0fc9429998
SHA25679489fb59120fe1e6fda9adae9abe238e5a78df54974c176b23d7837e0a2cf79
SHA51212a39cbcbf87496803a660fc3c74c54e29cc5a0ca79ed151081c61bcee618e49e8306af4c933d1efe01fb2d4e5dc8a6c5f58e42d3c837587010c805bfcd95f89
-
Filesize
329B
MD5a50e3b99572f303cd907a5c3c4802a37
SHA15d3bd275bcbce0cec08f9e4f047a65c29c8e6710
SHA256f950ee69d63c33140bdab8ffd6368210608333c58bfa9c5baae3722fa2607d97
SHA512d7f7336ebff1e0babeec67f68c185007467f24822f0a43e2f286a71566ac7721d1e4e871e20968a63b671fe4375af4319d410591985ab4f0c08090ced1a19724
-
Filesize
20KB
MD543702d9ae5b30cf65d42dc2670809932
SHA1c333b4bf8ef103ca05b536ec891167e679168e91
SHA256d424105b663485b0d1f31221fc8e4a7340a3310e5af1ef92ca7a551aed891341
SHA512ac7531c652f6af4b863fd0a3de0074f5e5ed9582d532f58ef354319e7ee00352a7d0f5b2a3d0354c40793fb1c13b2dfa31c1869b569264e6a1eb727905415ed1
-
Filesize
1KB
MD5e929bb64e87f995d2b2a6d17eb19626a
SHA1bd1ed1cb71c75e46f5ca910bd820ecc118da1746
SHA25609aca54832c54e956539a9fbdcfb943923ace9af541adf94c2f02dadae330c75
SHA51224f733aa0d8d213becc8085a97984b15c6082e365ecc17011c0920ac24342737eb331956540b340b30f0f1673f1584d4ade445b3a8ed7fc22a79e8c1eadf2861
-
Filesize
2KB
MD52cda42b3b0f46d575a4f606a96ad7e47
SHA1cb307607497895247a82cd7c4bcfd6f2df314140
SHA2569b73b720ffa26680e60bdb7742ec95553087d39127dae8d6efd03f52e639f345
SHA5121bcbaa9921727b4fdadff522b69869e6e03030e4e254e8f958afb32e67e7e6f6445caf1f2675c84d8b95c09872a3f35ab8ebf36cf846ac8dc2c254dcc3659a20
-
Filesize
1KB
MD51ffcf807f42add750ae6186bd2aff378
SHA16def88c23c7a582c781fc82374f8bf2a1e289453
SHA25639fadc2ac9f3b0073518cfa219e2fd61853758a1bff814037416d4a034cc9a73
SHA5124652213c2ee66a3350e19a15f577bfef727b21f6163004d3c74b7539c370ae85caac22c4d55e7c601af5f71b9b9c78a73fb5a799198c359221771a8726e3aec0
-
Filesize
1KB
MD5732c2eb39915a43e65b1866390435cc8
SHA146110b91bc556690b30a8b19c90ac9efa8937212
SHA2561e029f31a0b465b2b5ca5fbf5584811047e597e7d02317e1f827819d5307012e
SHA512dc540e29ea6383016f495d70ca24477fd501417d67e365d4ef447e9612096ab32bb64caf79af88d9bf04bc1318e4898f229ec4c4949d7fec1138b001dc6d6be2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b39543be-0ab4-4337-932f-2e4c4f8a337c.tmp
Filesize1KB
MD5b009577332fcfd0b0c4e1bf5c3bc0058
SHA1bc22e8496223e4b1cd9b5f21c7d73f94325797f8
SHA256c037a994291652ea318a612b2154fb15a0d011bd1c22198050b57f8fc799da5f
SHA5120797aab039b4032c52f93d16aae34994b25edfb64b5cbd36d8aed1b9e145681341c603258f857f27d0d6caabcbb40d15a309aa46d2c412dcd7186e10901080f4
-
Filesize
6KB
MD5eb187f3bcb8c6833e3dddb3e0bcf60d6
SHA19f12b0a5e264c6a5538df82799cbca8940707fd6
SHA256b5acc9c3d4e72a1e2a4385cc17a3dcfc8732cfb9cb5bbe8bcbab74f1594083a7
SHA512d03bbff609bfea28518586099a58b6fa87aeaa7edd279e81508a22a527b9df22fd383d10c3f196e74d33a58963d6203b31692e82e5f299dd6225063ed3e0bd89
-
Filesize
7KB
MD5dec071afc947c525ef42923c7af671f2
SHA146300b0c0a55a0a7467a74283b94f02251435557
SHA25685c3e118c92a0283345455640ed5b269783757607bf3f66dae215af033ce1e7d
SHA5121a1f88be19b864285e4e810b3861bc3f6bd13e1fc0cc73e569f471a85f502a6d5df338b5010e211153d5e521dabd55796579ed636f05f72ddc6523a281576d78
-
Filesize
12KB
MD5094c437466cc17a1dc1f1ea4c80d5eb1
SHA1941bff3674812c7ce4780520fe7af97d692a93a0
SHA2561ad125a1a814fc9e3c4bb6da74809723cbbe93786bdc3a63e0a529fa538ccb8a
SHA51292dd473789c61418eb0ea3144baf7126efc86a7ddc718850b34d3a320a3779971e0a33aa373e9a9278a657d5069229dc32607b5c70a52ca47eac06e29587c753
-
Filesize
453B
MD53917be26217f3a3d1aef7abc0bd05f1a
SHA14a65f577ec5528970e6f684b1fb47b3238f3869b
SHA2561fe1131cb3c2750f91cef4e867f2b1bb54fb46239efb00dd54165bd2f58e32a4
SHA5121050a742a71fb322e630a10ac40dae65e791c753f87f2d4e811f6db067947fc1be71ba40fe18ddc646f10e5931b64f11b135a270e677d395a7fb4b5068e97eb1
-
Filesize
320B
MD53e331d5dc579df6b2ed6aa2b2ae7ec27
SHA181cf933b91f4a50ad329d9ad48cb7f300c752349
SHA25645618d3644d08e92c69bae6f7125f99f2ac1d8581563fa4eac6495d0194a6bcf
SHA51241e4c2ef882a68060f2b3849dc64ee5061ca9d0892afb12a6d2832d0269681295fb418b158242827c451e1ea7d94b9a7276ad1f8cdac6bc9a1069d572f034569
-
Filesize
8KB
MD584224c944098980378df4a1bc22c964f
SHA167dece44a0472660294b60d77cf07bf58f99ab74
SHA256bcabaf0df18d4feea69f32ec255c6e53cba11f382ab286897b7d4dab317dab3e
SHA512c36a1baa444181768f1107a48fcdcd25dc99d91cb8771625f55624c5c5e95b09d95d31edd30152a890c79ae643b8f64307885db2523fdb620402e7d1e6e65a7b
-
Filesize
2KB
MD51965e1fbb9bac574445b8dc8524ff216
SHA16bda31914e51f3ae07f381b9d040d895484b2d4f
SHA25604214deb6c26cfa031c6a4642b9f90b422fe14e012b18db6274f00f390b2ce9b
SHA5120ab2a56636f135404d3d61abc906cbadb862f9bba6de6dded7451cae95baf946b1ca573cd6f0b54cd14484a8ad62dc53ec201a2fd2d9097d324bf5fbb7ebf9b4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
Filesize112B
MD563f276a675bdc575820c3985a1dc1d0c
SHA17a5cdee22af117418c75d3cec1f0853dcc22be14
SHA256a673797553be70c55b67334dc52f3e977a96a41ff49dcb21a2ae7c298300707a
SHA51250d4ae4e2ec0925d7c767f5240688921c0a8dae59e85be51981552fed3ab839ad99c34085da3405f3d158a23e5cffd2400d548149b64602d28780a60828fd7e6
-
Filesize
348B
MD5ef13c3af85c794fe036c1ee5d94fed91
SHA13034fc7283976d05fa1152a7cd60cc92fdfe8483
SHA256d4c9e60f584e02269b7c1c7837ee9480c5371bb86566ac288a042aa71bbf9682
SHA5128b591edab4d24199b321f6d1cb6357d01ca7258e83748cd81b0d88a062858a025bc87d01dd1f9c1ffba3d82a569f98957fbb989c56708e00e2f03a42a512cdd0
-
Filesize
8KB
MD59079226d2b1b999d16a7e7ea4b7136e9
SHA15d85b3c13516105cafc722d320c6ecd30a414a61
SHA256b7064b22366097213c47a7b7f758378d927025442eff43b7dcfcbb0988a5f30b
SHA512e6ae8772a7b8ce3cafba9e36bab93283589c49aa2ef6d7363de58f7d263c72d96f1f14440eff9be0ffb4829829a04deb8b4e491b9136efa05eff65202b17aa7e
-
Filesize
321B
MD535b21509ac6c279f67bc4b08f045db99
SHA17ba167dbe56a1116034f0c3d3eab030c87ee2679
SHA2569323c645e90f8f3d239dc931cb882ad0cccf8661ea4f1e341dd7d5ca0983cd0c
SHA51205a59a992f8484f40593da9db3f7a6d901fb819e4cdaff5cd3bd454c633afeac08f269f0eb06106b5da3044059038699861169d4a10c5a9494ef035faffde530
-
Filesize
128KB
MD51ec347267124d1a859c5cda03659faaf
SHA1b29683af47d4d774a30b676f65eaaef23165a715
SHA256da2dfcf3cf40083e04c6b3e44cef5aa859714be719b2adb7881b88bb7199d50d
SHA512feeefe697e30444b4eb5cd7050c9552ac4bfbd11ce9718a553eb23f48c49fc32111c4fcc04252226faffeef5800aba98ac9fbe1853ee35201b58448d84863bf6
-
Filesize
2KB
MD5fbeaa191a052e2f1b845cb2286bbf907
SHA17ea5c81f05f81bc5311e37b69b14c0b61ab033ac
SHA2562205dfb9f488171606ec2dc4b8c69b5429d1deae3a3465a4ed492db166bcfc32
SHA51259f7007f6fc070ae6729a8d747459720ba3f1efe9b1033e7b117b0a4521245534b95914c9948f462b1f3673c710f8096649c6ae30975d2923b5b5026cdf7f481
-
Filesize
320B
MD5b26cf284034262a7ea5135542b0959a8
SHA1eba21b2b08d1ebab5af2cc452e95756b7fc68fa5
SHA2560c8dc03ad57f4e5358845cb7cf385cc30be7aab2c1f855eb41ee553e02638348
SHA512c6125667df54f9efb7a7952d9dc2db5c39ff4e74bfdff2ac20e7522d7a7b94d0321be78bd9c312689718c3eaa849c7a06a448849065a5d9fa37d768c0ec2bce7
-
Filesize
889B
MD5c4b9480e91644337546c467d8cbc3d3e
SHA1f61c6648e346e3061daf131f6410631f65b2f6a9
SHA2561ddd001fbc6c23f354f0dd92a6b3bc7a99444b7d3a8930f18130ffea2b94df76
SHA512000a88118ab3de60599e044b5b410f1ef3cbfc51ce7e1d49d87d9c9e5a904adfceb0776dac5f90f9f8618530877f9d058d04438a113e0f257c50ff6e775efa6f
-
Filesize
338B
MD5d02d3a09dd4c63458e9761f774bc2333
SHA1efdc35f71b4c764bc3f6ea834f9e1b7e32012d3f
SHA256974ef2de272eec3b84cb59adeaff68def8c758ee157c005ccbdd7fcec48695a2
SHA51203caedc82c2166b20149869eb30da721b4b7bd64d9a9eb98ce0888bcf0408f71cfe3f9ae371fec71ec2f5b009ed3304489e62142655026456d978effb10409b4
-
Filesize
44KB
MD5d31247d60361b8434d08ce6c713ae849
SHA15fcb582b3a0c8ae689d968f76dcaa871e6a649d7
SHA256f858d9adce0600b84333f957bf047055b053f2013010a192b7562287a4ecfc19
SHA51231ad87e04c7936ec3f764abf4c693acd0b55047a054c81899a15842f3954696edeadd2cc50c9c0a1084904092f0f2b4d784ea54bc20b989e2b053ef9f5acc30e
-
Filesize
264KB
MD56dbaf8dc0218fe2f25242dc13123fa00
SHA161fb7db70599e29a6e6c95f920856ac29fa86173
SHA2562c30e6b3dcf0290eb5ff6a39625935c0ffd835d6309f88b99faf7440b08c4984
SHA512a7c81386e6ed74707e5338b77cc209db6f0211d31d69131344d5c47ca3c1759325569c25255e5ff5f047d8d2b7496c55904c86d9ea516e1722a111ca94147ace
-
Filesize
4.0MB
MD5ac02a866e52f08ab2d9fd7f1c8b6def1
SHA16595b68bd2f234ea2f65ef94745e5aec7fb867e4
SHA256bf9574e1dda18a8b4c8cc70fbc6bb3b4efed429d3c2be4d666f662fdefe06d7f
SHA51251a6dcfb0b06072be78059f7a489464d5f38b33f8c2bb21392deafdc6035dba756eabf139c30d547b3dbd25b65500fff16a6f39b9f1118e2e1032838b718f661
-
Filesize
19KB
MD59776cb5c65e3fe76b219b84b0f3b4bd4
SHA1de3d833fe499f379ff0e1ce7cc88a97b9a68a3e7
SHA256f474b99ab1a3c5165b5d0b2c491b2dabce5b97c17d2451c3e3a25091f2b3b39a
SHA512ea412c5687ac0449a28bb95ceed7f463f1a072793df5a987c6c3d33d5ebe3e6e09486b79f7660184a760bc0febc0759a0749af988db0a9ef3223bd53c9652b83
-
Filesize
17KB
MD5a64d32d35f08881fc241e1a54b1d9c62
SHA12543fc5865e2d7458fc24d55e0743b9276598bcd
SHA256b22fa8fa318db9254464b589950eb3508cd35a798eea2588f03dfc13d663388a
SHA512cdcef8619607fe1d776fe7f1810cde7119b1e1c601e30c0324884027ecb1f1c243f07d7ab973630a9bc17eee4328fa2853cac86fbf369cf00922220cc8279563
-
Filesize
20KB
MD517f638eb36d922ef8061fdfc3e0f4f7d
SHA12175b3208b26e069bddb286cc0622d97e19e65ff
SHA25663fce204e1e854e0ae58828355ad32bddfc360f339fbd373f0450d730f64bedf
SHA5128889af15189e169701700272a9d4d1b2007f41d6c08259a7200df7e04bc50df8d0e8cb70a014892b2811ba1c6ca80ffecbc0960c3dd15ecf222515c2e767655d
-
Filesize
16KB
MD5ba7dff0949245e64b2bafea2800848a6
SHA1ef85a9796564b0cd90052f0145e1df12afdf5ce7
SHA2569c5f811e3fc9c4744b4394128bf57e581cb9f7b17203cefcf8a099b39ee8e9a0
SHA512bc301036228d59ce8bbeef49837c82146d3012f956a67751b1252efec9c675e5ac7fde7878a6e6218f21d3a6fe4cd4f4a2eb46c4847776cfcb87186e00252d4e
-
Filesize
18KB
MD5ed2b61fe38059d7d8afe7a1beb9d3b8e
SHA1cc2890cfa48124d393cd19b73f979c7bcda41339
SHA256b1d713eb4b96eade2ad7a2c9d7445c3efb8bed537aca8241947dba45192563de
SHA512df7634c85bd10a1014b704e54409a6b213eedbddb8523dccd445e3f8ecefb1230f4c6290ea840c28b7a7fe083a01c61246d142ce34eb3383737eb9b3e9aba886
-
Filesize
106B
MD5de9ef0c5bcc012a3a1131988dee272d8
SHA1fa9ccbdc969ac9e1474fce773234b28d50951cd8
SHA2563615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
SHA512cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724
-
Filesize
14B
MD59eae63c7a967fc314dd311d9f46a45b7
SHA1caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA2564288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8
-
Filesize
277KB
MD52514e9313e9e8df61e049a2e7ccdc77a
SHA17f7651bf4334ec1035d0045c8155f8d4fb67a83f
SHA256e478657f7bc79973aaf0e1672bea5655fa7470b5161af4cbb7a097c4489a119d
SHA5126a2e18b9798104369d6fd3c1e786e8135762f6e15346ce6bd76b97d10d776b6623344198fd58f53c712d136a156aa28c9371a0518d9a6c770ec205c60cbd08c4
-
Filesize
136KB
MD56dfd5f213d277435fedaec9889984773
SHA14acf61dcdd0c5cced40157576e43b5f678b79166
SHA256543e69ad0730287f50a1a6d0f98baf66204edb8ff4683f6ace8dcef6a0e5a333
SHA512ba993f7761b12eb2c08d5eec92ac392b6feaedc849ad27c9ccaac1dd5265d8f9bb568d72e8a6b40fac0bcc7e44c41c1ef13675b13dd0cb083bb56ae8c5124ddc
-
Filesize
277KB
MD57ed7fcecfba294f90e1cfb970050b537
SHA1a5c34c669b6a2c73b867999563fb06236ab0658e
SHA2565e4766d99cecd8941067d4534755701918b7fcceb1b8a760e11f9d2e3bd5c5df
SHA5120904d7a6b5ade74b4288075ac3ab9ed9e95b12b8e5c889b256d7f5742b6e6030ef69a24d3f1d0009cdc78296eae69ed49e9036454b087227ff7056ae7ded562b
-
Filesize
86B
MD5961e3604f228b0d10541ebf921500c86
SHA16e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472
-
Filesize
4B
MD5f2e9102f4177c268cf292773fe3c3e59
SHA103e8952afc74506f799625aa30748833476e434c
SHA25671a148476d02139f4db1ba6de4b8f4e94e133688f6d268066f55020514fae61b
SHA512daa0605d896a50bd0126a7805cf47de651e2615d4dcbb8440380b550202277393f592f0b9f1f82eb93efb4b9c11705e041b76affde148e5f2aba77456af84b79
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json
Filesize229B
MD5430ea5a2e2078a360d37381636eb1e59
SHA155a8d4c1fc60f6d87434173da6a8e6af2800d523
SHA256665237a68f784ebc3c3615fab92399b91473f0b64a10e0dc884d65af69ee2faf
SHA512edbeb4ec74e60a3341a76506a46c080a1fc71ad5299cd1c688cdbbc60cf6facfe2c94e061a3d2d5bf7ee205ac1334d6f0781e3e4dcd383a46e48427d4cce6b33
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json
Filesize2KB
MD5404a3ec24e3ebf45be65e77f75990825
SHA11e05647cf0a74cedfdeabfa3e8ee33b919780a61
SHA256cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2
SHA512a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5
-
Filesize
1.3MB
MD54d00748da35862747e574178ca73072f
SHA1cae0571ee744d98ba987dd01c03f5074683faee5
SHA2564cd1f379313a39a3947c35cd1d6dafa5bcaefab5ad2b55af8d76fdeb416cc7ad
SHA512f7f3190b8c19e91381be7853875d553c1d69e1b070b00e657a0ea2b24add04343f80ce6ae7c29641e4b2f346d94d2908edb23f4a6b4e88d8780aad8c7aa9b9a1