dfca2f1a842aea69a2b0a22ca66fa7852f86259e3da4f576f8ae7fa16f1e9134

Analysis

max time kernel
69s
max time network
110s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
08-07-2024 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Scratch 3.29.1 Setup.exe
Size

161.2MB
MD5

fd5de3f67801377c5d9d3233e5f65b9e
SHA1

4c3e659a18c146a1fd0a53f42a75b1d284d594b8
SHA256

dfca2f1a842aea69a2b0a22ca66fa7852f86259e3da4f576f8ae7fa16f1e9134
SHA512

541d467f2a7293d5afe082b4df1e82dbc22ef51c1bfb21cac4b00c220e9b0831e2254bf16e380f0e3d5bccc8b74e7e4cc9e186e8860eb8baf158e5170e650f97
SSDEEP

3145728:XX47lWjPiPPVCCz3CfRrf7+QyaDm38mvffOrgoIzlbb4PKrAXnQ:H477P/CFCaDm3H3fzvb4VXnQ

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

Scratch 3.29.1 Setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\2d208a34e74fdce9dab9d4c585dcfa2b.png	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\3158299771b3d34ed2c50a00fbab715e.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\c8d90320d2966c08af8cdd1c6a7a93b5.png	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\c9847be305920807c5597d81576dd0c4.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\db6cd6b145bb6d8dc299475af7423d6e.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\c3566ec797b483acde28f790994cc409.wav	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\cad2bc57729942ed9b605145fc9ea65d.wav	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\11f13be7e53b2e9116d59344c5efc66a.wav	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\ac99ef62e3e018b8db550bb2a187cbe9.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\c2d5519e8a0f2214ff757117038c28dc.png	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\0377a7476136e5e8c780c64a4828922d.wav	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\684ffae7bc3a65e35e9f0aaf7a579dd5.wav	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\7b4822ccca655db47de0880bab0e7bd9.wav	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\0f920b99ac49421cf28e55c8d863bdc5.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\2672323e34d6dc82fda8fc3b057fa5aa.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\5883bdefba451aaeac8d77c798d41eb0.png	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\84208d9a3718ec3c9fc5a32a792fa1d0.png	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\975585ca9461f0730a285fc96df73425.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\a7e48fc790511fbd46b30b1cdcdc98fc.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\d0096aa9ecc28c0729a99b0349399371.wav	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\d02f77994789f528f0aaa7f211690151.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\locales\el.pak	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\b92de59d992a655c1b542223a784cda6.wav	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\cd0d0e7dad415b2ffa2ba7a61860eaf8.wav	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\cd8fa8390b0efdd281882533fbfcfcfb.wav	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\9cc77167419f228503dd57fddaa5b2a6.wav	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\d485f5620d2dde69a6aa1cda7c897d12.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\fbc629c3b062423e8c09cfacfb1e65f8.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\da734693dfa6a9a7eccdc7f9a0ca9840.wav	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\64b59074f24d0e2405a509a45c0dadba.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\7a0c31c0087f342867d4754f8dc57541.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\aa4eae20c750900e4f63e6ede4083d81.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\df943c9894ee4b9df8c5893ce30c2a5f.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\188325c56b79ff3cd58497c970ba87a6.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\c9847be305920807c5597d81576dd0c4.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\d0a55aae1decb57152b454c9a5226757.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\ef9973bcff6d4cbc558e946028ec7d23.png	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\51248e76be2aa7a0f0ed77bc94af1b3a.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\67d425b11544caa0fe9228f355c6485b.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\db3f436fcb6fb28828a4c932b60feb5e.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\78b0be9c9c2f664158b886bc7e794095.wav	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\d27ed8d953fe8f03c00f4d733d31d2cc.wav	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\0b98a63dcc55251072a95a6c6bf7f6f2.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\2daca5f43efc2d29fb089879448142e9.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\0b1d2eaf22d62ef88de80ccde5578fba.png	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\9e2f75d3a09f3f10d554ba8380c3ae52.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\ca241a938a2c44a0de6b91230012ff39.png	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\eec286b1cfea3f219a5b486931abedd2.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\locales\am.pak	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\35cd78a8a71546a16c530d0b2d7d5a7f.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\693b428f3797561a11ad0ddbd897b5df.wav	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\ac99ef62e3e018b8db550bb2a187cbe9.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\ca694053020e42704bcf1fc01a70f1c3.wav	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\ca70c69ef1f797d353581a3f76116ae3.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\deef1eaa96d550ae6fc11524a1935024.svg	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\0cb908dbc38635cc595e6060afc1b682.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\4a85e4e6232f12abf9802bec4aa419b3.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\afa34381db44e699d61f774911aab448.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\b67db6ed07f882e52a9ef4dbb76f5f64.wav	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\c4044a3badea77ced4f2db69aff866ed.png	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\f60f99278455c843b7833fb7615428dd.png	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\f903049308e2171178d889f5c4a7d466.svg	Scratch 3.29.1 Setup.exe
File opened for modification	C:\Program Files (x86)\Scratch 3\resources\static\assets\c04ebf21e5e19342fa1535e4efcdb43b.wav	Scratch 3.29.1 Setup.exe
File created	C:\Program Files (x86)\Scratch 3\resources\static\assets\25a6ede51a96d4e55de2ffb81ae96f8c.png	Scratch 3.29.1 Setup.exe

Executes dropped EXE 7 IoCs

Processes:

Scratch 3.exeScratch 3.exeScratch 3.exeScratch 3.exeScratch 3.exeScratch 3.exeScratch 3.exe

pid process

2968 Scratch 3.exe
4628 Scratch 3.exe
4372 Scratch 3.exe
4040 Scratch 3.exe
3024 Scratch 3.exe
2872 Scratch 3.exe
3480 Scratch 3.exe

pid	process
2968	Scratch 3.exe
4628	Scratch 3.exe
4372	Scratch 3.exe
4040	Scratch 3.exe
3024	Scratch 3.exe
2872	Scratch 3.exe
3480	Scratch 3.exe

Loads dropped DLL 21 IoCs

Processes:

Scratch 3.29.1 Setup.exeScratch 3.exeScratch 3.exeScratch 3.exeScratch 3.exeScratch 3.exeScratch 3.exeScratch 3.exe

pid	process
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2968	Scratch 3.exe
4628	Scratch 3.exe
4372	Scratch 3.exe
4628	Scratch 3.exe
4628	Scratch 3.exe
4628	Scratch 3.exe
4040	Scratch 3.exe
3024	Scratch 3.exe
2872	Scratch 3.exe
3480	Scratch 3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Scratch 3.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	Scratch 3.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Scratch 3.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	Scratch 3.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

Scratch 3.29.1 Setup.exeScratch 3.exeScratch 3.exeScratch 3.exeScratch 3.exe

pid	process
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
2356	Scratch 3.29.1 Setup.exe
4372	Scratch 3.exe
4372	Scratch 3.exe
4040	Scratch 3.exe
4040	Scratch 3.exe
3024	Scratch 3.exe
3024	Scratch 3.exe
2872	Scratch 3.exe
2872	Scratch 3.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

Scratch 3.29.1 Setup.exeAUDIODG.EXE

description pid process

Token: SeSecurityPrivilege 2356 Scratch 3.29.1 Setup.exe
Token: 33 1996 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 1996 AUDIODG.EXE

description	pid	process
Token: SeSecurityPrivilege	2356	Scratch 3.29.1 Setup.exe
Token: 33	1996	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1996	AUDIODG.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Scratch 3.exe

description	pid	process	target process
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4628	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4372	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4372	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4372	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4040	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4040	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 4040	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3024	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3024	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3024	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 2872	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 2872	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 2872	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3480	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3480	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3480	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3480	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3480	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3480	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3480	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3480	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3480	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3480	2968	Scratch 3.exe	Scratch 3.exe
PID 2968 wrote to memory of 3480	2968	Scratch 3.exe	Scratch 3.exe

C:\Users\Admin\AppData\Local\Temp\Scratch 3.29.1 Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Scratch 3.29.1 Setup.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2356

C:\Program Files (x86)\Scratch 3\Scratch 3.exe
"C:\Program Files (x86)\Scratch 3\Scratch 3.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2968

C:\Program Files (x86)\Scratch 3\Scratch 3.exe
"C:\Program Files (x86)\Scratch 3\Scratch 3.exe" --type=gpu-process --field-trial-handle=1556,10188023129894657821,625739420014285717,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4628

C:\Program Files (x86)\Scratch 3\Scratch 3.exe
"C:\Program Files (x86)\Scratch 3\Scratch 3.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,10188023129894657821,625739420014285717,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --host-resolver-rules="MAP device-manager.scratch.mit.edu 127.0.0.1" --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --mojo-platform-channel-handle=2272 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4372

C:\Program Files (x86)\Scratch 3\Scratch 3.exe
"C:\Program Files (x86)\Scratch 3\Scratch 3.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --app-path="C:\Program Files (x86)\Scratch 3\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1556,10188023129894657821,625739420014285717,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4040

C:\Program Files (x86)\Scratch 3\Scratch 3.exe
"C:\Program Files (x86)\Scratch 3\Scratch 3.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --app-path="C:\Program Files (x86)\Scratch 3\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1556,10188023129894657821,625739420014285717,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3024

C:\Program Files (x86)\Scratch 3\Scratch 3.exe
"C:\Program Files (x86)\Scratch 3\Scratch 3.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --app-path="C:\Program Files (x86)\Scratch 3\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1556,10188023129894657821,625739420014285717,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2872

C:\Program Files (x86)\Scratch 3\Scratch 3.exe
"C:\Program Files (x86)\Scratch 3\Scratch 3.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1556,10188023129894657821,625739420014285717,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --host-resolver-rules="MAP device-manager.scratch.mit.edu 127.0.0.1" --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --mojo-platform-channel-handle=3364 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004B8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Scratch 3\chrome_100_percent.pak

Filesize
138KB

MD5
0fd0a948532d8c353c7227ae69ed7800

SHA1
c6679bfb70a212b6bc570cbdf3685946f8f9464c

SHA256
69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf

SHA512
0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

Download Submit
C:\Program Files (x86)\Scratch 3\chrome_200_percent.pak

Filesize
202KB

MD5
1014a2ee8ee705c5a1a56cda9a8e72ee

SHA1
5492561fb293955f30e95a5f3413a14bca512c30

SHA256
ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57

SHA512
ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

Download Submit
C:\Program Files (x86)\Scratch 3\d3dcompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Program Files (x86)\Scratch 3\ffmpeg.dll

Filesize
2.4MB

MD5
8a622da2741db6fb78d739cee3c935c1

SHA1
eb6b61ee94702ef5ff80c05b785be7efe5a72df7

SHA256
669dcce2f75aa398993fee03dbd9d6f2c3790b1ecfeb8bc0bfb1bf9e43a304da

SHA512
8dc6c48c4900a03e5d3f0f168f2b1de86b7db352195d98ff17eb1b96a34ee9f4d84869c2b231384011bd2b04e3a5b0e571fc5dd34a3a8b4b798e1dd1fe99ec8d

Download Submit
C:\Program Files (x86)\Scratch 3\icudtl.dat

Filesize
9.7MB

MD5
224ba45e00bbbb237b34f0facbb550bf

SHA1
1b0f81da88149d9c610a8edf55f8f12a87ca67de

SHA256
8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc

SHA512
c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

Download Submit
C:\Program Files (x86)\Scratch 3\libEGL.dll

Filesize
349KB

MD5
8bebd9d7a89cff012ef4d6382532f0d3

SHA1
224070195e2cbfe684d6f505574c75004771d618

SHA256
dc2c4ab947a3f766f554e156157ab6522aaa430d3b40dc4612074debcd728833

SHA512
daf6dc7116d8ea38ff352fe92e217d6b327d2b75bee77a1bb998cb8655749d2670e91beb63821862ddffb94bf512a666effaf11fef7a2347b078436d01e66d79

Download Submit
C:\Program Files (x86)\Scratch 3\libglesv2.dll

Filesize
6.5MB

MD5
d7b0d5753bac1c455d119410270ecf43

SHA1
b7e90b3e355f701afbdf733468720b469f3f2a50

SHA256
a6a1967b8c258bf0738bb3b14c0c5a4320550ea21486003f6229b4c3ec007502

SHA512
e21576032eda439cbda6724bcf882fd402ea4f2812e3bb31833724ed5c98017ca36c4f908e5d9b4b406ddb9bf52c4d24a8901f776d76a688892a6303af0cf610

Download Submit
C:\Program Files (x86)\Scratch 3\locales\en-US.pak

Filesize
95KB

MD5
214e2b52108bbde227209a00664d30a5

SHA1
e2ac97090a3935c8aa7aa466e87b67216284b150

SHA256
1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab

SHA512
9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

Download Submit
C:\Program Files (x86)\Scratch 3\resources.pak

Filesize
5.6MB

MD5
1f46000d6ae1277ee4e97bfe4f457a89

SHA1
6597e91194f785e117b15dd8e6538fef75d9b7db

SHA256
6251353228a758cd9e747492a38b302acb9f16c80b234c6e5a79b23d0b369f92

SHA512
1049b09e600157226ec232c610d150a7a414c99623cc4e3ae112543c39315a7c2d56e47932714a1280420df2dbbfafd3ba50961e79a8b01b73d3c20234155323

Download Submit
C:\Program Files (x86)\Scratch 3\resources\static\assets\c6f8179ff3e8f8ab08b01d50343eefc4.svg

Filesize
21KB

MD5
c6f8179ff3e8f8ab08b01d50343eefc4

SHA1
b4dc64eb7e69c9ce93bcb61fb8f81f59b5fc1376

SHA256
e6f850105704c243cc1fc2b5642d7142ab9d2109493b70157f8238819fa46f14

SHA512
2b1fed15b2cc9cfc06c9ba2577ba3c301aac0923dca67cb09ebeaf42c384ce085af82923a4756fe1f82ffb5694db2cbc86c56799ef5e94baf142259cd71f9d3e

Download Submit
C:\Program Files (x86)\Scratch 3\v8_context_snapshot.bin

Filesize
160KB

MD5
f1d9b64be3546cf25d94d53724aa380b

SHA1
12f4b0df87f203ea61f4e0381a30b079eda14432

SHA256
3d47a03ccc914b327f30a80fdce2e623b1a58e831399136c01029eb280c0d3e4

SHA512
7f8ef927566ab9a920d13be9e59477798ec39efa0ec5d81ecf0b0c86fcf052d576b65a86b9bd9c9e70f4805b325fbf5cd4a83abc4ca234a081e12c9eafdef55f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5CC2.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5CC2.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5CC2.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5CC2.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5CC2.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5CC2.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5CC2.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\Network Persistent State

Filesize
393B

MD5
0c5945fa443fb3d8f7728320233195a4

SHA1
15c3b9bb8fb42d9ee79ed2eb2909a5d036e83e0e

SHA256
638e8f130420c9b17bfd265de638a3e04719843016050e64fd4a2712b648f8d7

SHA512
1641108a5f14432e560a0e937f23223ffc2050acb3807e4be653d27cbe8613d95c817c2942291c370cef53e4fe45a3dd32439d17539208f10a3b4367903b636e

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\Network Persistent State~RFe594973.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\telemetry.json

Filesize
1KB

MD5
5969ddb32b8bfd3c38d868ddafc19714

SHA1
7969bf1f6f0036f8ead3eb92bd00bea8625c703c

SHA256
4d0f0ccf746e73d3f9b6fb44419f407f77512a4809465a5726344da30a0cd823

SHA512
6ec8da862847d4733a0d51af7572afca4179b5ac04caf63df9228a6e82aa11444e1c37430c9d0c49c5b77f74aa35fac808732db559dbbb655ed7a4008ba7a3f0

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\telemetry.json

Filesize
55B

MD5
b011e61f8f7a7d10e9b5253dc3da6f37

SHA1
b20538059b3d4a09d6ed20dc788f86b96522b395

SHA256
282d1deb60b9dae171f1d4519414aecb4c0586cf2880b7baec33df5c8134a9e2

SHA512
7935eea9e5ae244716a6d7c34311611c91c5a17704ddddd668ec2b731c7291cbbcc7f5f470f174b4274597031c6b61b987f811f26de1ad2687a7bfc2a43b62b3

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\telemetry.json

Filesize
660B

MD5
1c7df4ef6d2a295fa889feac04957ca4

SHA1
6976a580c03f41b71ed8e3eeb8fd4766ebef0caf

SHA256
31fcff5cd7979e1ec29d3f3b166296e1f77f79b86b81d9f4a3411e16452e061a

SHA512
bd7cd1768ceae8df8fec2527144d4c5bc1735013ebca9caf4b658612223579282bd2f013d9038b283cdeba84074980f72d8037b25f82c47e58252635d38d5c85

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\telemetry.json.tmp-043118305850a82d

Filesize
1KB

MD5
7846df859a1b25bbd3e15cfcf5c78802

SHA1
a2404637e1f8728aafbfc1d9db8996de785b131d

SHA256
f90f8523a9b798540ea88a7618065508ae447dc79d89ca62024c6de45b77ad3b

SHA512
f777c85a1a4cc454f8ee271738733e59ed4dc480311fdd067c30a7f96d6e38767f7d1ce6e5828832c4d965681d605289bb7b3ff8eefcfd6ac2a29e46e8294082

Download Submit
C:\Users\Admin\AppData\Roaming\Scratch\telemetry.json.tmp-04311908386348b0

Filesize
1KB

MD5
38ff1b41244fa6ac85b3775515462469

SHA1
55a61157a5e21b0d8ba65f97886107ed810079ec

SHA256
89437ef18d41b86d57b4e3b971980b15cd24c37c661f90d87223e09086475915

SHA512
a4690bb85fc6245abf1da5412e28bfd7013cfce3fa51100de9dade3ec32a700357c4eae017b4479c6bc790ab0665c1aa433cc2d6298101f3a3efc6d08ee85aa2

Download Submit
C:\Users\Admin\AppData\Roaming\f6e2aaab-1a4f-4d0a-9285-a00c6abde140.tmp

Filesize
203B

MD5
e8377f10d88e295911cf28120408ff68

SHA1
47645c9663bf880a7185e58c37240393d7a77ffc

SHA256
424bece2c93d7f027ae30aee312f8d72058a4c7c121a62b2eec30a0574d809eb

SHA512
e45683db5b57c08cf50baab5d7123748787e89ec5b70ec6ecc344a152cdc047f64f18b56018699420c754ff52cc4ef1f2457c742a50b2006cf1adbf66c7bde1f

Download Submit