0539cb677684ec9500dead2e136fc1dd4969b7d5c4ec84bc18a5d6ef203b1484

Resubmissions

13-07-2024 04:59

240713-fmvdwawhnj 8

Analysis

max time kernel
1199s
max time network
1160s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
13-07-2024 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiscordRaid.exe
Size

759KB
MD5

5d107f8802ed9f61529ceb75e483799a
SHA1

053ac3383e366bdc68a36cccc550a31157367ede
SHA256

03f387d690e4bbad551cfa48b7c28a32a6016a7922018c328bb67e423636ea7a
SHA512

37590c8fb84f7444b3464856984e062768d3da1838f1104f685e10aec202d4f59f79f62100f9dedc4c67a45cccefc5db6c79b703567b5ba241380cdf73ad417b
SSDEEP

12288:DyuTmlOIq76xb35zdtKTKKpKKYp5bu9TlLfUTdwq1ndPER:DygEMWx35JvbuhZUTdPPO

Score

8^/10

persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Checks SCSI registry key(s) 3 TTPs 58 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653209611540383"	chrome.exe

Modifies registry class 34 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHost = 6801000088020000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1075"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c2006020004002c0010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133650184078330251"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1075"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1042"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1042"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1075"	SearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e8070700420061007200510065007600690072000a0041006200670020006600760074006100720071002000760061000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000002750bfb722d2da0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1042"	SearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-126710838-2490174220-686410903-1000\{F31CBACA-8C9B-4139-A993-B25F15A5A002}	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2268	chrome.exe
2268	chrome.exe
388	explorer.exe
388	explorer.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
388	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1132	DiscordRaid.exe
Token: SeShutdownPrivilege	388	explorer.exe
Token: SeCreatePagefilePrivilege	388	explorer.exe
Token: SeShutdownPrivilege	388	explorer.exe
Token: SeCreatePagefilePrivilege	388	explorer.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	388	explorer.exe
Token: SeCreatePagefilePrivilege	388	explorer.exe
Token: SeShutdownPrivilege	388	explorer.exe
Token: SeCreatePagefilePrivilege	388	explorer.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	2268	chrome.exe
Token: SeCreatePagefilePrivilege	2268	chrome.exe
Token: SeShutdownPrivilege	388	explorer.exe
Token: SeCreatePagefilePrivilege	388	explorer.exe
Token: SeShutdownPrivilege	388	explorer.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
388	explorer.exe
388	explorer.exe
388	explorer.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
388	explorer.exe
2268	chrome.exe
388	explorer.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
2268	chrome.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe
388	explorer.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
388	explorer.exe
2088	SearchHost.exe
3740	StartMenuExperienceHost.exe
388	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 4532	2268	chrome.exe	85
PID 2268 wrote to memory of 4532	2268	chrome.exe	85
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3536	2268	chrome.exe	87
PID 2268 wrote to memory of 3384	2268	chrome.exe	88
PID 2268 wrote to memory of 3384	2268	chrome.exe	88
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89
PID 2268 wrote to memory of 4944	2268	chrome.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\DiscordRaid.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordRaid.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc48eccc40,0x7ffc48eccc4c,0x7ffc48eccc58
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,17276106208991563154,17863759996158677852,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,17276106208991563154,17863759996158677852,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,17276106208991563154,17863759996158677852,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2968,i,17276106208991563154,17863759996158677852,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3000,i,17276106208991563154,17863759996158677852,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,17276106208991563154,17863759996158677852,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4636,i,17276106208991563154,17863759996158677852,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4980,i,17276106208991563154,17863759996158677852,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4952,i,17276106208991563154,17863759996158677852,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2920

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\30b612369992432dbb3df42fa57b8bc2 /t 3404 /p 3332
1⤵
PID:4572

C:\Windows\explorer.exe
explorer.exe
1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:388

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1628

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
282c315460f11f0bc6a4b4ca71118309

SHA1
826865e0a914d910c0d7e2fa6d0335fb69a506e4

SHA256
a138ea141002fe395430ead9c4f26eae8d1e394e36d500be9452a6dc2f421fff

SHA512
d3d25f5022daf01651088ebfc75467949031eeb7418eccc59b688295281e0b7a09893f9bd3013cc43d5cb2bdb167f22d3f4e71ba99bd73949aa2a263ceda47a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7c9565807cd60f157160e24af4ecb955

SHA1
59e806ec8f2973c1903120a356bb006ad62427c5

SHA256
0cdbbf900b9c153fbcc48dfb51ab9414af9483b587f08fedd9e39d92fa9d8832

SHA512
26164c18114f3c99d75399e07c8c2745ae6c8c008132f4f32fb69dc20334e7fb635014c53bf1855559ed0f3b845c56f3e0e94eaee80f691199221e90f9f6d7a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b6d9dccd49f35a947c499cb5885b2ea2

SHA1
52e5ff37a6395ac7313abe7862f127e7a797e138

SHA256
3a4e81d659af852778f84a19ff1eeb095c9543fc83bab9d3b48dd91f0229dcb6

SHA512
a606215c24916e5b5a5dca90436a8ce60ca9a652148c4cac00d63b34eb2cf986db68bdd1253f1f6dd997be3c43e4cad15e3458a78e8713b488d0d7c49e51cfd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fa52d312408f72b93506009b895dbfa5

SHA1
b3b1c6cdd02076c9f696d2118dd303a26fd4f92d

SHA256
6de71ddc72bb0bcadff90876d8e0bfb3ce734a6b3be4ffa8280bafdb31ddc5c6

SHA512
b30f762f3e5f98db46e650c50af8c329208f852c9a195c0eb1bf5db71a2e5811865d48209824657b2d790ab6a7cb248c5268ff6bfdb7ed110672d48bbb5f8207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
45ef53ae78bd250baa33dd943ea9f69c

SHA1
0ece53966decf14379b34cde57e0e07d403c39cf

SHA256
83603d652f8fdf71055f2271015ccd1bd716d306e199620113063aabee24f426

SHA512
d49d405fbf261ac16f59f41df70d4ebe2f0ccfa58ba61cc0d7069a7ad9143bf61faee2ab2d98bada1ad93f7ebe70b6940b05e82700ac0858b7d85790e4959803

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
44df0b051debc20185712ddeac95400b

SHA1
121cef1495ac206a4a41f80bd38a2e42ae1cf8f8

SHA256
aa035171933cfb189a8e1624ea642462eaed3d24d0aae04745b647d8e5282e82

SHA512
40e7def8910447de63d3b74978c8bc0e210dacaed50e0c40e96805e31002437759e9c57a6a63ccf15200ab78fe127999a0a7cd0ae7b8946ab88f24fd06995686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
835145c389f28eee93f4f58a4b2aeb71

SHA1
e5f4d7388ba2b46e5e76569b31711503dca6f550

SHA256
15ee45f5582dc927d4d07cf865ad3261ac5500c0899e95442f99f8c2899551c3

SHA512
d66923ebc011453ec3907b6509ca165d3d3bde226b150e09b586814c6b32bb9de025368ef3ab67ed7e1afcd1e99437926369c7df1a37a014078516b2dfa7657d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0318d864b12108c64d32dbce16e54068

SHA1
314097ec239fdcc8044877f6735d047f54bb4d2e

SHA256
69726ae7722300840b520e755cad06354280080b45c3799931f556d8bc21106f

SHA512
fe744db70d4cc01c055484ec86702fe8eedef4fac61f56c5c2be519f5b2778a05ee178e39a30b6316418dd68f52c8643adf74daa6b5ca2dc1ec0220e48c35f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cf8961c78f028b9bf3c9bb14afce07be

SHA1
1ce79243b6c577459bf7e4fd3a2ca7e0b53849c9

SHA256
685840c21fdeaeca416413af793a0e81531e5a4fb296d71f3ffd12f1fdfbd9ac

SHA512
ddbdb5e93689d16c48e62adfbb68572233d02237ccb1907f9e67aeaad5d94d682e60c43ad2c0202a91002429f7d2f27525c554e80c997c436ed3cf7fe94ac4d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a1d3f87b244cb8e24afa903399647b33

SHA1
10649ff5e35fdbaee16d2df11208402cef099e68

SHA256
49c7f59d9fa9a6a15eb1dd0a5ab62513d6edeeda09a83f7ffed74d61b259cc0c

SHA512
815b7c596210d514d62da16e9cd0a6b1980996fe30d41e6eca0f6bdad7e4f248c3d3a4f15fe4b290a783ff8b335b4232b26ead97ad2799d3f62948ac587066b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a2e0717c8f1974886c3ba6481d33d85e

SHA1
9a6c46f8087ddff31ed1883b842875762e3ec903

SHA256
30ab909f34b1ce773032fdf93281f8f722c9c9404d135f29b8bde4da981d67f6

SHA512
e4277b440a939f5b99b7fb9bf389dc9c94f32f46d563e001b42ad31c66b738f6b5acef1f4aa46bea0401d828902675140daceb17cf5aecba566647430aefa413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
874a522b954a8fda76ff7ac7ce30910b

SHA1
68962c43e313332e288d08d2381de7b4c8cd6097

SHA256
963a9fd42f652d70e35baadf58d88c0e055edd04914ae64eabd6dc21103ac0b8

SHA512
8409f42b97926b03d2746b5f6d101239636183586372474903dda15e16ca51d5dbe791cf10f162918b0ad907c4a5acafbca62e52d290698802f59fff96e57196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0c08a31c673fe29786d498ddce0699d8

SHA1
bda4aafcc0c0eb11fc2d5dacfcb52bc328d6b95e

SHA256
909b9c5eea7e2150cae0127d6d75bf7b642b59f0f27b867c75eb2570f7dee379

SHA512
d0b4c0e13837aa7ffaa58b83855bee8f243bd2e421fb55e78b9dbdc19e06f347c142718afe96fa9a310f2900185c5460e839c17a7db8bc634fcbfd3e2206cf7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bb1a57ff01548e341d88224a96db8178

SHA1
cd50bfb7099865faa3c0be3d0072b7bfc643ffe2

SHA256
b8cb2351c0c44ff6b573555ce5a2f96165db59264094fe671bf483d9965f03b9

SHA512
c0fa7438bdf218110fa6decfbf3881c03818a40b73f7d2b0b694d7c00dbc3163ffb73af17fc824a2ea33874d782d2e1e91dda7bbd174e0bf71ab5a8a0beb7a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2dbb6ce54b0e702b7d7148916260770c

SHA1
4cb41187f45be61291a459c7edc6579704d0c3a4

SHA256
e6059770d4a4022a8e8cc29b4d3075f3e36889962598f11d2429960556bc5fbf

SHA512
5d3854a75353de4dad7224cf845c87b3e0fab5ff3095250dd6b1f7e6ce34dac113e4108a691fd8f1c6289615432b94ebb21c63122ea4ead40b53233445c6c441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e0f40e884317941ce64e84fbc0583f38

SHA1
050aacc2b47d6263ed5811f7531862f7dfb88958

SHA256
cb9ce406219cd3018943d75062a3211fa186d819aca48830eef8a6d297a6e1cb

SHA512
bd5de974f45cabda95a9411c0b15a6b02df071e1917512be9ae6e9a07b428476d359929aeb9fb8302939ea5c090cfb685af4771ae10628337eb35b961a167d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
71dfc0d9b7b21336f6304d334d58e4be

SHA1
e59c2add30ada31590e6aa124d8bce955391b4e5

SHA256
e2829444f7f6ce09162643af45b60d59c4219b5684df15971c183f2e4a6215b1

SHA512
f42e8f41bb2a7e3b06e81a36358bd1b221b01886ebdd59d4f0556ff0b0cc13e1f5f8285b05eb415ba5d692a2101704f25476d076fa7dd07ed3e127edceba5598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d876777229e579a5798794d9325fc90b

SHA1
f0ca43b99af6369f34fbbf5323e43a341d8115d9

SHA256
0af821f368e0e94d82290e9dc296a3309fc47424cfb64b2731f30a5557516205

SHA512
392c86713574d8eb9175bdc539137c6e8eda863629fc163c34695a295adc7f42dbeabfda0f24c4f738af896829ab1ab8ac29a4aa6851453da96cfe7a15153c95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8317a252a72b037c47450615db55317e

SHA1
ffd5ff6a99c033b69ac010ebb017cd19b1090d35

SHA256
d6cb5837e3b6d9516b56c48a3607aac648240198272f353040b4ad9f78625656

SHA512
b7dfcfc0482641eacb25976885671176282cd8ac63edc8891b03279664c53ee3032e6eddac52971c0ce0717814751489f741301f9af611cf70f5312e358618db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c28b8fc121a78f44879c73f387db7bb7

SHA1
d95dba5de02f58badc8832d8e6713bd6f47ebc90

SHA256
6d74498acd310de03d75588eee247a17933f2705eee6d4e8907fc3e13af2b775

SHA512
f77a6718783cc0000bdfd51327270d82b263ca5e69fecfa1509be97486b9c4e7bc088072f9435fe32efc868ba8037ce465fb404212feb1daae60938a375cb250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1ba7b924df0c32cad6f56d1d11d28f69

SHA1
3c443e37eca30f0f74f272144066220edba7f457

SHA256
7ea7b542a859f6a1d5bc47fecc60d633f951d360062c3da7dc238526cc3891bd

SHA512
07bad52e435de46a02c96188dac9eb5cc311e131962c260fdd8679c5ad4d235388477be31d28e8ce2afcd83fb20b23a694c6cc2498d2ab68e8a3c2db603fa38e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5ba23f401dfdeb634a2234f2c90b2a79

SHA1
9724afd72ded1954478d171fc6b468002e3df43a

SHA256
7de074b528cc7a91358db844f145c321ab5276fb9cb887990d1f951c763640ce

SHA512
f1ae17e46f71b3ab8668e32e795acfe94dd763cdc7a0073c01fcca1fd194d38f65ee4f229f627a6d3f9e3c340915a38dbab12a389ecaf9291314b92c5a8c319f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c4d62e0e4352e48150e8f339b3febbbe

SHA1
39436ca7284b2d0da9feaaaea756f50d3f3f63ce

SHA256
be4360488b291e14e63be6d8db5b8317c32ead94cca8b79a8e62a8a721bea67d

SHA512
f0214de1758357147c1c9e006afb491b2d79f6f16753e3780cac6280e235879eb4776f393b052d4675fea6cc2952441681fae957e1dcb0b96d06d5d2b7bf2006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ba7c6065229d0b6f643890388bbb4a4c

SHA1
e3437cfacb5fb08cae43bbc2178c6dd76e5d1694

SHA256
50c2901f1c189e8b39e7547cfa32eb2be9ebc61713d64dda485ca07973dc72a1

SHA512
959431d09e0bf7c26722a48d12b884bd8179faeb20dc6c6f5eb24ed60e76f55bb8863583546ec2cda39377309e47014989dc029b85600ca470371be8e0d05abe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
576a98f01675fca5cba87269c948ed30

SHA1
aa4ef3f7ce4e7be55a98288eeb7b96f48e253c97

SHA256
59377b91e5ccda411b6740c5187ef5827d3001bd8b8010b2836120bb0d40fb09

SHA512
6460b11793a8ac3c9c0955888e87ccd063705080068da883ab62fe9ff87e82ba6252439e7e593b3d2de9f066d8cd3493f68f747467bb5b8c4717c824d1db320e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a96406c9ac0ae3edeb1281401f6c394b

SHA1
49f83e0927f09e02ebb59cf4cb4815fab8210c80

SHA256
067687e5affcc5c1fa65b772db4739cc63ad476915e697101af10c813cbd67e9

SHA512
1294600dd0cf0a40c4ec7685835a2591bc2406db9becf189fc4e7b821822623d00b63c82d5c774b400db97332f5947fcb65f4046c11cf7a024c329327f11b334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1b86952d3f3b44b387032cb9a48ac3db

SHA1
3caae83413f2a79c745a519aa04b98acc7fa9dc6

SHA256
aeacdfc9edfd75dfb9e1f9e7fc5b7fc5b5c947eaf4d82294cd566ac6428606a8

SHA512
afe9551d9bb9c29f37e9443d4ec2ab7e3d3fe030b48970d0026267f2c4d7cee5ce5ea8420072d90d1929822ae1f0a9ec537529ecc310e47d7cb308bf33cf0a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f35bab6a276b5c9bcf89569eb6139915

SHA1
03447a593b2175a7873d83f3786704337883cc5f

SHA256
abe1e48b45dab4dfe1a8b523c69fd807d7077621ca6edbb9f39d6cfa5d371a2c

SHA512
540ad898564b866b9ac56a249fc12c90dafcb94a4a238296a45265505f44632c5da9df0a4a123bf3b6a37ea17da662c558a0d249d9eeb1478605f6698a005f23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c90e353df09bcea6c73ebf39a0382815

SHA1
65c4418eb79d9ba0131cfafbbbf774c3afeffdf8

SHA256
9d85ae2a6b1472ad2e31cce265448d87b01db3ffc21438604bea16f3a514db81

SHA512
640699fcde404e1f0d52e5e98754e665128633d314c89869de5dd9b2074531b01bb8fcdc62c2d2146f66a6d708e0626d91612a3fee85d2dc20047ddf0968a589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
366321e001ff142282c7f5889d0ada22

SHA1
6f52b5469af70d575238b444e4e4672650339821

SHA256
60970e881babec7a3731dbdf9cefbcdc95eeb97bf44968cde3b67b2c6e6f0202

SHA512
04e0aefd28100d03dc4b60184a9b5c7b0788e77382ea7fc40970a2d8ca31b481059988715a34254d2dda12d3de426176bf9d5e767366936a9f141d23e9430b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
aa1b94d015f9de84d4a581aa57b79801

SHA1
5fe138f6f82213bdfdb87f7e94d3440ac394ac78

SHA256
f3b932a8ce96e8ca701e8b0b6a6310d87001ae131d86802590ad834c0b233183

SHA512
c85cf1b2230b742e99d129545c8f207910ce92dc0878f8c7613a5a33991b246342203876e573d8236603af116d375a0b1cfd28ab3ffb1fc85c6343e7269020d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
03f76641d50108c520c95cdf14dc788c

SHA1
d08b87bcb478165e1ac2d5b10b2c8e00c17860d8

SHA256
48af2849c36784a3a868a36fbfc836035e767588deee1fdc0462aac94bf366e4

SHA512
70a241e2020eadb13d7c35d14e8e97e955e0a92c5697cc748856f6e31aa0fed2517892f7c94587cbc20afc5a27b1774619b1ade9819882fedba3679cb79a8b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0c801680b140e9b0f8bbec0782d6024c

SHA1
654a1f7a22bacfaccd4aa0581252227e87c48923

SHA256
d2b7024e22e20af158dff647aaafa4a0672d128afc83027ec3aada7a80faca87

SHA512
825e1c5cff4ad49710a6e4eee19bcdcede267a0853916efee7cba402a327272d5ae0cc3bd5d3f780a239bbbe4d258b0f6feaf48cb52cd3e1f04e47c42f6d1f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7fa26860d937056553f234c16850bb73

SHA1
ebe2b59b039585857bfcaa1ff7730a43e90329a1

SHA256
dcce82b1eb1e1f4aaee386998cecd132f0ef800a79872f85332623657e1dbf18

SHA512
310296b3bea3dcfa3ce2392fa7ab9cb962e082c49c89b7609b9bb26495a4d78fba2a86d14cd324aad9ddae63e32e6fc3accb1f724e81e0e7863ab0726291f861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6a5a7b2bc31a131f5ef0e67a45a20cba

SHA1
5d4d10c145ac3d8de06fcc5ffc0daee9ab4f9230

SHA256
73e993f2047b1ac1b335ffafbbfdb6008fe44751afbdec6754cd4e066636403e

SHA512
da7a96f182eb0c70c1f443f891f6003bdddcfb7faf4daa24ba33d207d011be3e7c930674b35503c3629a9e681a473cc3672741744ba64aba515039df45a40736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8216311fefbbadead954ba372fef088f

SHA1
d0ed858f92f0d991868a427e574e859d66714219

SHA256
54673fc130aad2687b78de5f00513d04f70c3e377e67f97c3930dc95d111115d

SHA512
e4d817bd5c676729ae156fdeefd77a6ea0bfb0b085838dd41b3790fef0a280f9b0ebcee80e19dee453c6866ee4c3d4ff55cca1c8a4c9ccbce505565ce9cd12a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
474d5c798ddbda655c44963e185a0300

SHA1
3d6adde1ee9bf5b49f9fb910338d8999405902cd

SHA256
1b2ba31f51bf122e34687bb6303362bc3e14bcb70aad09c8b48634bf48e2ca81

SHA512
7a25ce7b51a71b0131fdbccf183aadc9c3d7b988be63952139b62c57bc287583aeb9f34fcf7ee2cdfffc088102628a3da8b5c99676ca851858403e8313da1df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
41a58e030a8f6f0516da5f92066f4b96

SHA1
9923a54cf10b4dc566fdfafb62051a341d4bd8b2

SHA256
32b9302ce03782f4cd0507c7cc7f99ca177d95948c948c0decb4c9798a473ba3

SHA512
fb48f84090311e703cccbe9f198ccf99cb41e7312c0c468571e90220df86b352697203da32b349643169e15e2ab8e4e27f6aabe4846b4899d2c14fd508d68452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5c1badd311b6ad0016a1b136d297f402

SHA1
07b2bbed17420125d81f5935b3fafdcc86ac327d

SHA256
eb1f3cb2d49c25039b1af5dc46ac8585b7d709fac49b56691e912e4599784d0f

SHA512
58bccacf11e130fe89bd9114fbf9dabe68071c91dedef779e0834ab489e4bfd5f4fca8d9fa8ff643970cd11dd28d14f82f21161410b945f0df3b6bca2e61d120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
168f9e0efb3d7803de61e988eab5b039

SHA1
bd4100449e5392d3ae74780923dc71ae70204371

SHA256
510e3b2a2cabcc9c946042ea7466afa5ae0708aa01f6c7ee54e6157ad35ddd24

SHA512
c6e885b4f7c1bd9b8268ec2d912a298eb2ad34ac8d8c18ab6d8c73e3031e0ac70d0723591816b9250f98145a6f0f4ce9fa398284491ff5350a4ecf496f887fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3d5ab43632a85c0a103e59561e6d2e2a

SHA1
6739b943b811131392ad98a0fc396fd667e2ae6e

SHA256
11bfb85b09d18f88660b7cc481695bad541088514cd7a07b21fea3d6efc555e7

SHA512
7ccefcea5fe7faafac7456ce9694a8fae866e48c2c0250ca3cd66a66a24559d5723a3c3feeeaba6de387e7d6eeaa9f5886de2c284e673c29cef01c856be3e728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4c6fb4e0a092eac7545d0d5d9ec1149c

SHA1
a04031dd909c9e2797f1074c07e9a020398da7bc

SHA256
970a3785d055fa11ebf0b5ae92069fc9d41e913855ebf2ee622629513b815c9d

SHA512
5e0ad5bf797a1149a79325af25c7f055a20626932a4468fa85de40aaf83d5472f44f75ece5119cff6d30e1e2df7b052f2b7890cb77425c0358aeffb96d46e866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fd0d487b02169243aed09e9ddc738495

SHA1
ef878030a669c6a8e843275f411dd9b22b461f29

SHA256
43d40dc841a4de429f65ea4310ee3fe28f162539328ce7892b0ad674e74acd2f

SHA512
e436c7623cbef021bc9c2fdd45095649a60017fbc210d1fd9e556175b6742fbf4b9e358da65df4e482ae90c8525501ff880dbd330e5588633a7a8a9f23d04291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
66c21dbf602b5116ebce555a7a6e8781

SHA1
03278653b631f8d3d851d97e2cf2cd4849c12699

SHA256
74719fc35a55fbabde4c95ed2c4f677bb446b6a655880b8be79306425c8e9fbb

SHA512
8aa46ac0d06b61bc1d8cd95e3d8bd4a77438116f6dba1fc51a1cace100b307a4c8ac4ef1a983691b0a0a782e2b6d640e1ef9935fcc91ced7578e390d1061960a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
927f3e30e665781d38e7d8a8c318d44e

SHA1
649542ddb95229da531f6c91e3af196fa5ea400b

SHA256
8808ba1883d86ad807b86472ca007cd13a06777ba43b94047ea592f406063254

SHA512
e102a24498c8d9b55f8d2e2abf7979cd8b01d0abaa73082b29a2950044307bd0596a01a604f34e9ad0d8f6f372c35a68c687c2a4e490ff35df471427b41a78d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e1f5d05e6b126aba59a71f90699e55d0

SHA1
7f7338477ee18767dc170f339725cc852a3a9b01

SHA256
1c58d3b39c55e3921364ac54c9e8d3749cb1b69ee90e12be82920e858c093cf7

SHA512
0245b49737718de8b682de9b34e9be794573707b12f6dd071ac39a99ce6d9ab5f0cd54107746c4a4a560a7ff4a35590c5d3c8f181a1c68812bdb9308bcf3dbcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4f9b6c84a2f2df8718eee58a10336b40

SHA1
e9192f0995b04da8e00fc737727f444e85f45d77

SHA256
5d94177a597b69993e797fbca8fc169550c0f9221bd0a284f8da5579068ee8fa

SHA512
1b74afe1443cccaa632da1bec79ddc847da826642fa72ade0c8604c29c3c28b6ca6344f64896df3f33fd7dc683265707e2c3b0c6d1f3e558b84069e63248cb63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
e62fc0c96db4c2c416e397314f99cbbf

SHA1
0e659d2bd81d090402e1786a6e93cbdaa8b04e14

SHA256
94e631abe17d76d8f8aba9eaeade7befe6f76845c12445426d3df7eb5d440ef1

SHA512
14f96c3797e84a394d3a4f78251fe20aa06110b053a97b59814e8b8cb88eab128939e7df38153fbb1f026215cac85ec594450d75da689b87bd086fd6c8d3bb24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
4bbc117ec4efc8872e0e0783be9cb007

SHA1
d29c6187b2256d7aea397c3c4726d147ecf962dd

SHA256
d62b4aef632387442e6df975a9106135dbc6ea88dee1af3ab5e3214a9ae22023

SHA512
4e344e853cd63d09d83cf2af50279d051fc40b34852460c41869211526678f6f73fef10b662ea4ccd9ed7f688265085b71cc31ae7de900efddeb2ef6afd1b1c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
aa5da78a37f56d45689698f63b3b2baf

SHA1
47aa77161600b11753f5c857d7a6c9b126b75056

SHA256
3542b88310cea445ed827e484863f3dde4c0de748935086c7bebc6bff0938d73

SHA512
0e99e668e79565819ece331a412d849159a9d71d194a0df8ad548598033ea406b977a7bbc5fa5a3402b42d660c80021b1099c564d2eb1cdb6fd8c01ae298777c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
66372fef0c704a333860395e95e148b2

SHA1
1b60ac84baa1519f5958f3e414ef17abebc3dc80

SHA256
a0667d929ed1a09a1ea8ea0d440d7a8f42f492fc6b35d3b46b9fad78e8a5968d

SHA512
de5a38c0631f74e9aeca45fe0142251f754dad0400e55b948d70ee5d3563a771ee5ee332c5f82565ebb54512d97a7843ed663646baa37003390081eb8971e11e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\N5CFFSML\www.bing[1].xml

Filesize
2KB

MD5
7eb6dabc53adaad7053373ec0f788287

SHA1
c26a8034b27697a126908c68f7f801ade8c14840

SHA256
f395371772fb5b0fa401f497560d7da78616c0d2a0ef84946a1835dcb43b50ce

SHA512
7614059d27a3b6ad99526dc5054eb5c434eed346cf3df7329f1a98b8c572bdcab7d3e1a97d334057d0696a936da2a3352883cdd73565c0142072d62f1ab0cb60

Download Submit
memory/1132-7-0x00000000069F0000-0x0000000006A9A000-memory.dmp

Filesize
680KB

Download
memory/1132-1-0x0000000000330000-0x00000000003F4000-memory.dmp

Filesize
784KB

Download
memory/1132-0-0x000000007466E000-0x000000007466F000-memory.dmp

Filesize
4KB

Download
memory/1132-5-0x00000000052A0000-0x00000000052AA000-memory.dmp

Filesize
40KB

Download
memory/1132-15-0x0000000008CD0000-0x00000000091FC000-memory.dmp

Filesize
5.2MB

Download
memory/1132-4-0x00000000052F0000-0x0000000005382000-memory.dmp

Filesize
584KB

Download
memory/1132-8-0x0000000074660000-0x0000000074E11000-memory.dmp

Filesize
7.7MB

Download
memory/1132-3-0x0000000004E30000-0x0000000004E5C000-memory.dmp

Filesize
176KB

Download
memory/1132-9-0x000000007466E000-0x000000007466F000-memory.dmp

Filesize
4KB

Download
memory/1132-2-0x0000000005600000-0x0000000005BA6000-memory.dmp

Filesize
5.6MB

Download
memory/1132-10-0x0000000074660000-0x0000000074E11000-memory.dmp

Filesize
7.7MB

Download
memory/1132-6-0x0000000074660000-0x0000000074E11000-memory.dmp

Filesize
7.7MB

Download
memory/1132-11-0x0000000074660000-0x0000000074E11000-memory.dmp

Filesize
7.7MB

Download
memory/1132-12-0x0000000008570000-0x00000000085A4000-memory.dmp

Filesize
208KB

Download
memory/1132-13-0x0000000008660000-0x0000000008710000-memory.dmp

Filesize
704KB

Download
memory/1132-14-0x0000000008720000-0x0000000008796000-memory.dmp

Filesize
472KB

Download
memory/2088-296-0x000001BA358C0000-0x000001BA359C0000-memory.dmp

Filesize
1024KB

Download
memory/2088-126-0x000001BA003B0000-0x000001BA004B0000-memory.dmp

Filesize
1024KB

Download
memory/2088-172-0x000001BA32600000-0x000001BA32700000-memory.dmp

Filesize
1024KB

Download
memory/2088-175-0x000001BA33710000-0x000001BA33730000-memory.dmp

Filesize
128KB

Download
memory/2088-218-0x000001BA33C40000-0x000001BA33D40000-memory.dmp

Filesize
1024KB

Download
memory/2088-219-0x000001BA11970000-0x000001BA11990000-memory.dmp

Filesize
128KB

Download
memory/2088-220-0x000001BA33B00000-0x000001BA33B20000-memory.dmp

Filesize
128KB

Download