discordrat | hxxps://gofile[.]io/d/pxIl3M

Analysis

max time kernel
542s
max time network
539s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/pxIl3M

Score

10^/10

discordrat discovery persistence privilege_escalation rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIyNDM5MzY1NTY0OTgyOTA5NA.GLVltM.9-X6yy-7ZGGdKffSTpZWhm1mqv9NFjOTLSFleQ
server_id
1233115002940948571

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 4 IoCs

pid	Process
2992	winrar-x64-701.exe
100	7z2407-x64.exe
3704	7zFM.exe
392	LST_Cheat.exe

Loads dropped DLL 1 IoCs

pid	Process
3704	7zFM.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File opened for modification	C:\Windows\system32\taskschd.msc	mmc.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2407-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133656335380818450"	chrome.exe

Modifies registry class 23 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000_Classes\Local Settings	taskmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
372	chrome.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3704	7zFM.exe
4192	taskmgr.exe
4748	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe
4192	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1860	OpenWith.exe
2992	winrar-x64-701.exe
2992	winrar-x64-701.exe
2992	winrar-x64-701.exe
100	7z2407-x64.exe
4748	mmc.exe
4748	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 2728	4160	chrome.exe	83
PID 4160 wrote to memory of 2728	4160	chrome.exe	83
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 848	4160	chrome.exe	84
PID 4160 wrote to memory of 3736	4160	chrome.exe	85
PID 4160 wrote to memory of 3736	4160	chrome.exe	85
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86
PID 4160 wrote to memory of 2356	4160	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/pxIl3M
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff98490cc40,0x7ff98490cc4c,0x7ff98490cc58
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3384,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3360 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4788,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4764,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1112 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4408,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5084,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5316,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5272,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=2148,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5284,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5540,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5708,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5736,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5648,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:4276
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5788,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5844,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5964,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5512,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4452,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3288 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5900,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5292,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5456,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5536,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5616,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5776,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5784,i,8054482893664129465,16984349850427196435,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4320

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1560

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2256

C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:100

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\LST_CHEAT.rar"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:3704

C:\Users\Admin\Desktop\LST_CHEAT\LST_Cheat.exe
"C:\Users\Admin\Desktop\LST_CHEAT\LST_Cheat.exe"
1⤵
- Executes dropped EXE
PID:392

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:4192

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
0009bd5e13766d11a23289734b383cbe

SHA1
913784502be52ce33078d75b97a1c1396414cf44

SHA256
3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129

SHA512
d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
960KB

MD5
79e8ca28aef2f3b1f1484430702b24e1

SHA1
76087153a547ce3f03f5b9de217c9b4b11d12f22

SHA256
5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7

SHA512
b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d00cc5215aa338c96af099f6978b33e9

SHA1
ee070300b889127d6f55c0e441795834ffd6c5aa

SHA256
d80a17afda22a243c630057c280b3626ab7f6b94c283ff8dd90813644290541b

SHA512
4b0cb2ed13aeb98d566d7246634bbd14bec20c10e06a946c44760ec10bcbf54fe80b5777e11beef823fc811c4a9d0ebdde78dc68652980d8c7523dd32df5d961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
57KB

MD5
0684cbc9f0ffd6c0b6b3e76530b30422

SHA1
0fed768f3472e0bf433f9617a46fe401fdbafae5

SHA256
8fd53bbdc081c8c87a87cfd2b74179d83ada13585ab45848574404e15b903924

SHA512
5a30ccb6b74690db035c23eeb542c4cf03594647b04a3e55a063a97d7f9b1b2e66fcce45d35e465d77496d95d324b5439b19a818a920f1b2b133508f40692fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
52KB

MD5
2a25d25d7674d2ed47a1967fbc40bac0

SHA1
349f094ebd4aed11186f2c004b7afe3519571536

SHA256
3002a5aec41b4ca90749f4ab59a5e07aa8fb31dc955fe2b8e629db4427278b35

SHA512
2cfd2ecd5b42f30427e3cff51ef9a741f49b68db5c5d17c6f9b05a7007113bb1e7a071381e9ced783f6e30079f32c65fd6735a177f330f9fb72a6c9347b09e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
33KB

MD5
bd2a7d3944f0756e7bf4f71d45e91137

SHA1
a09cef4cd8fd1fac5ac5a20c29f744436f25e227

SHA256
a753d3d4d9acc09e00ea4c120515e5894b29ef0c6e36404b4bfa3a53bc41033f

SHA512
e4901b565ccfdb6a3d60bfa5c3de7f9e456f36e3f707cf594a185ecc65f9bb54ee0ae74d77a21504741af71b8614b08a15d23e0b0d683c67512e96d9293c32f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
59KB

MD5
8059387ef05542a44b41f25113c702d8

SHA1
41052d8398a83825f7e6ce50d9ddfa7996010ce0

SHA256
d4a4a13ef3ddbf0b890d031eb4e7d6e204901df8d3b0e2d3a3264e2192e87f4a

SHA512
6b41b023197483f81d12961acef44b844a66b206da353f49b7d33a1bd2526a5f7c644d82147524c977d51af8b8d2046b7bbbe8ad297f75d3e408591bdeade11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
28KB

MD5
483ab3a2ab827c9b71a8a93200718999

SHA1
b0402303d9c7dc323c4e1dc47a2d142d226c5fc6

SHA256
8c9f87ae2babb76be38cb063fc7b46b80154dcf075fad8615538d36420f795d6

SHA512
753b03a9f6e364a5c5b5b4d0b7591879dc8d8920159e57c00e7acabe8e296bf3e72b4dad00dcdb65f6d439fb5b7a2446284c041ec1f89e8be3f6126d0d6bae3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
63KB

MD5
40e2700158046f1da51998cb0f71f8a2

SHA1
a2c0279f8f0b7f47b48c5acd893b409953b17dd7

SHA256
e907cf9d28785252f7764442205fc066eb73f9472cede3391c4ef9ad69d486b7

SHA512
45ac1742a105dba14112a3110af5069eb19be7351f6ac412fbe49fa20e26fa19e4ef582d7c8057806ed85c53dcfba8ca4e65558f71e79e0c57833fedaa036325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
128KB

MD5
206ec5e9b3235c1461896b1393b8c4c1

SHA1
a73871a45d5d476ab8b34d1a03234d6a11e28386

SHA256
4aac9570328bbf9cbd99202be54898c70e532c7ccfcb748af6c65520021fea10

SHA512
3ed18cf22b56263208637f458d55db8f89cea5f4061664077c80c5f6478019ad615563391244e5f029b67a1cb9d599747c4c60895fdde76a0f224efb215153c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6cc573e02fbc7c1a_0

Filesize
19KB

MD5
49cc99940370dc4b4e0348893e14b1f7

SHA1
332f5d2325425fed0a4dcacb918accecdc44cf1c

SHA256
9e4c646c9e152c95cb627ab1a285fccb8bba0948a555ee891855c42c4d166cc8

SHA512
1e842f450dd7ad0867bc4a15d6227f9b174d126cd0eb9fd4c8e369979b0c8e4e584b1624b065b49f81418cd8b1b6892383043c8026e302d0a19353069af2b861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\78ab860c2c61b8d8_0

Filesize
280B

MD5
18594e76584983732c1d6c5af62ffa06

SHA1
8407c85e08400074f3b9307a2c979f1059f3b7a0

SHA256
e3543034925dfdb3cff972640f3948aa47bc98bf13d5d0e015c574ecff892a82

SHA512
95b07c28b224d7881b72ca7b6f5f0f6dda0738127f3cc6fce37ef0d310cbabea2efce45ba8bf5f94155c04e84097b2a8542b454a3610c5121f9ad4fbcc6df6d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7e2a37b1689969f2_0

Filesize
365KB

MD5
b6948e253c24c969dcc319c70a689b42

SHA1
09184dec88305c058b70b64e3f4e598ccdc9f487

SHA256
4d3670c9f79ea26d9b9e1b4b97c9a366ab0d2411d67e25290e54561f54a52096

SHA512
0a88bb03be0a51bedb109174269e86ab4ffdf0618d3945999949da6b90dd7132a479667b33af81dd63a37db755f4fda68de8b29adc820110420060071d9bf84e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec5ea768045d5c65_0

Filesize
289B

MD5
e189402d2bfc42e4285ee4b08f48a07b

SHA1
bfb6bce931133c511f1808059d1568233859574a

SHA256
7a0027f0499052110be9a49bb57d26e2080f29ebb192651b2785ba4c8e28eb9a

SHA512
6ffbb9188077efee45394a23fbeb7d02e25038e966791239d62283aeb471122b493c2205474536980fc0088bd8850f585aa4f9267bae68e18b489ce9696f1ada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
1e3b460286a62690e2754814e309406e

SHA1
9e0c4e072c010f1353e1c8d3c85b0a9dd7faaf4c

SHA256
df04d37c9b92b31750d295eff03b04d555dfe7160f4392cc7cbf1f0f32a8c245

SHA512
5f852fe9564ad6f9c5cc8b250ea6e6e85f1dfaffa66e745c9ae9b1870c736435f38edff7a5d21b5245e0d1b193fc1837fca48a13f260d77dfcb2301fd684b04e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ac1e2f1870be4f7493af41260ab170b8

SHA1
8033207bb1bef0b5ca943e9bdf4e70a68aefb1ed

SHA256
e86d7978fbbef3678c0cd9aa987d68086cc6d60d8e01f9bce43abd2553a67393

SHA512
b95b8641e38296b93b90708e7d20bb3f01c50b9337bec4feaf249e16ab4e09146e18002d9d7881ec7b85e3f0bee9e59b7adb1fd43e377423766a130452799d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c81618ef765d70021f88b22f842e193f

SHA1
ce36b77ee92ecf16cd0542102e7541d6167599c9

SHA256
4578722afbdb9fd57760333af1815f2fa05edc768b8af26c459e186c112254af

SHA512
7ddd9b7a0abbd1bbbb6b275b766e1c668dfb7f416f70174967510f46bdbf302888a4d911e99211478057b4d06b1442c2ae280c8053ccbd7a530d472a5e421f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
11b6c71655d33017d4463f84be3deaf4

SHA1
10704830be82d190e2b4c5c76bd4839d69f714dc

SHA256
f416ec5f8dba2d015b9b0884ed69aff48632ac7c247f408f6862888d8a2eeb0c

SHA512
165d6fa8cfdad91fb929f677a447ac47ec1addaff739a1193cbfce5e69e20ee0aeb534a1000e71ae72a085bc73db19e1e49df3b8f7345a890c7845a79a4d512b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
000d22a7767ff25e470e2422b40d4340

SHA1
834057122477e3d8b7b689bfebd72095b445cc5f

SHA256
a0487196027a08543d342130286d8cd3f8324ab4e3acb98aa683fc645d0f8df2

SHA512
a28fa95a7898cbfd97f27057eaf125b35137abbb9dbe1ee4c2ffd288c44ab63cff038687453b2bbcb53e87a85a8a3178e46e425bdfb9e71f7517f0d60bcfb6b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0ecb558e4f7c1b7c0b6f3ab466149f43

SHA1
ced57b1ee8a99a2f675d4bc64eec2c1e1d22e2d6

SHA256
7c4e5455c573bde552b5fab98603bdde7182e42f7fec51446c6726b4988bd234

SHA512
fa47cd5f9c4c0596ff7c8642ae472bae63e1abc18f56a24f4d3b36acd566abb37b04b40ed56ecb81967793db76d4922b8980c5f76f2890925908579f8d28ca27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
2af3c169cc224b216ef20912090a13be

SHA1
6d29b6b6a7656a038be1f70f9d605c7d9491a2d2

SHA256
5039a5b27b852be2584233875e59206d7b0278146dc36b9b5aab01fdad41f872

SHA512
5ba025b1db87230013222b1de514b2063074613e2bac42346f8e49e3a381088835284c6e1f3d614860d4d9a7f51d481e0856589d389c35d5172f3a577b5dfe8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
67c6432b49211efca25fcfe7102e2b21

SHA1
f29fdabeb343147c68d42ae482340ce30f195e59

SHA256
9f30d571b1e96cd6dc9d9cf24a7c825dd825846dcf8c0a22f4c179ac62974b7a

SHA512
1fc64e2c32b6bc366974e2df6a5dfddcfb9d6fd9de212796919daabec2add2675837cc15943b7e244590dfadaa21c1b70687f27d079a013b4dbd0dccd18dc655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
829a44ad18a9e14651e395c79202f54e

SHA1
66eb1ec70af0e69205fc6c68cbbc13ae86894940

SHA256
8c2335d1405f32d29f861180455178b095723becd23b6ee16326a51b35bce396

SHA512
8bc40f639eb45992e514086e18eee4737e11dd1d2d946237f66fb3984adbc234d2ce09e3b024eda1337640ec037f090f492a828474a8bb30f6bfebc1817424e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
314e50a16240f3c6fe5ccd472e99cc5d

SHA1
a5d576ae6453594ae15b62996dcfb8a8e2831778

SHA256
3432c69b38517d9d29c6d94eb5ee4cac761ff566a7eaf799d1f33170ed3c31a7

SHA512
132209302d689715320220be7d8f2f883336210ae4d127bd11b2a627b6e7d96aea9ebbc953d4da5536acb0fa1664e58f09a4672bf89907319899af5d28efa58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f90594950e8f6e9cc762ec9553156aa2

SHA1
ce2c9a9ec67258780b75ad745721df310d6ea0c0

SHA256
d1990d471abc799156a80a5aba8279665cd1f9d53f4b111596d1c7f67425777d

SHA512
795ffb9c31251e8e7b7426cde942474a6f96cdee4a0902900448d0bbc52d4791a310a3f2cf1f44f0b73d11828a6d2e01114bd50622deba188b40dbd7dfd95a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
23cfaddb66962296b6f8b01cecd944a3

SHA1
9a587ac1da29ebdc25b05e0c4197994cd1d62f2f

SHA256
b39ea9ba7126ffe9b8a61e5d5dce83d8f522afbaac9919721219a68ed11aaae3

SHA512
d8e42b3e88a4552ce8b6191addacf0e20da1d7ddb22e6892793018bf5f0ab24076888858f44df5db84830e7bb2b079576510d780b5f2cd940271415a24857626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
453b55d644aa3e4b424e9153f928e7c3

SHA1
91a501d5e035614296eee9d85f49023b2dde0f9d

SHA256
21650c851119a1075c7964acb2cf258fe8da7cd0f91446e51154986e8e3ed073

SHA512
abe49473b118b3d8be3e1c96b6eaf84ed65bf1cb24d22842b3d2142b06b6e0b951be006fa63c13b9e1353f22d35917f1d69cea1b1bc75efca058ab08944f7e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
80770c3034ba6b6560bec74a93534411

SHA1
fc8d7b382e1c7e0089af5fe6b31793ad230c327a

SHA256
350cfd183c7052157ad800dcd09b370b01184a9304c9124d0a878e0b16ceb43f

SHA512
8f78d6d583bf48a1f560ed34b455c56494a14200e33849510d943ee15b9b40459aa214fce2b6108b20b42a1dd020e326e9646497bb1a996be420c4d9796d3019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
9e20fa0217f5d28b4576ca65151825e3

SHA1
1de14c9338a2a4160f1c507548ae57f3370c317b

SHA256
94020ab7f970c7f3f720625fcad515c82b6a8f499237de5e4e14356c8bc6f2e0

SHA512
321a26e1eb947ab328393365955afd4507a6e7954ae86063f694405326104b1399f1d3450d313e3287bb46d6414289166775d1454228aeed7f22d6a4e220ed10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8c477086dc1b5048177f8ffe28c01670

SHA1
23c5ce12980476fa8ad31857d6c9afa0819ebf9c

SHA256
2c2cf77f841bbc47d06b32b2b2c71e9aa317a75cae31a3ff8a5d48904ed5cdee

SHA512
4afd2cc91aa5e315ead63e13abc6ac55a05090690993576964d80dde76da2df789f918fb5301497957b1f83030d6e9fe8963ad3f009dc1c4f18a78a461ba0c0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1665f82396595528739651df188c5427

SHA1
cbf563c1bea127b8d3da9fc78a80dff902c27766

SHA256
1b823af9c2f48758d2e33320f4aa35ddd23de1132494498f49a0c196dc501c25

SHA512
ae501ce4f15ca974d9ec076dfd3d03cfd0e1ded4627f68fbf2fd060f6dd8c5831cd4a7d534670f1338c9841113764fd625a37e3c70ca66f913e44f4128890cde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc970e4707ccc6c418802067fd7d0c7a

SHA1
cc70cbfbc1e0d8b4b39d1015ce1cb33e93940a85

SHA256
aa318463f3e7c4c8c5253eebfe8abc600f00dc5d07f17ce64834f0af02846156

SHA512
317621b973da60a7a83d02b6e774267e953fd4751312dc0d6a909cc8a54a60c4cfd15d3d2c9b0700c59c8979e7e6b388374a2fe34362adb5f3f54165ec83d48e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ee4722c8deef349fd960464770abcbb

SHA1
ecc8d74b65d46d8bbfcc2c7cf3a9b835472f84dc

SHA256
2bca838d1691f9ab44b662dece7153169635008f390750a69b349638f7394023

SHA512
e53e720b23b167b215aadcd11dd1c8e042796a85b3e049d0a9328a9a54525da4944c8784e3ee63db6af6a32e6cdd734f5a1d2e6c6fa74ecdd1c5a2e80d29cab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
009967f0f1077feb780a3b9eeb01dd3f

SHA1
3dd1b41ff47f9c5ab7a13942ab510f9041c97bfa

SHA256
21503c87b87fe58b389d40186c61bda954926c323a3fe56b38f9a5ca93252564

SHA512
3647e176d4676e774b702e2ac9ed2c709016db725cfc05a362d6ee2c141bad5768bdbea76fe46399b5e1f3e1d934bb71d52f75dad4da0025b0927e097cc1634c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a1963a3e269c8076d5d0ed6a224fa6f2

SHA1
602f9df8c10b0634be49024625f6c7db0ed98fd3

SHA256
7b89829f0ec57c3d8523d666e8428931a3c0a6a3911603d8d192fd4187adb753

SHA512
ef2c9a2dc4c071d1af97407891d44d3629cd760202e203e36175ee2a2a6e4054d6b62d0c024244045ae476859b0b34e2dc3746521aec8e296f3d6ccb08b2fc35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e5c23f6828c17946481eb6de0ccb2964

SHA1
3aea03df49e305a2fff056d597f0516a2bae7733

SHA256
2e4a7e1cfe3751fc25c5747d367428e3b42cc504f96c9d1cc5897b8c29e7e969

SHA512
98b2ca9b3b3e40b17e62699c93f0d0a7291dc830a77bb1114426c42c5523e8ab10e80f5d413f07271bc9e108568fe1602b8b438cac0c46ba20f7a0a255bc7812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
580a0ed03c6ef1cf4fa9538ebe4e135b

SHA1
c169f148b30ee4fcfbe7f3630fde58e74270ee93

SHA256
c418f93dedc3db237b7ee5ea14d33b6517d80671a8ecef95a1565d6b90af4763

SHA512
e626c72d8dbba079073710cccd5a1191196facac1cdb5023af4401a36c4e534dbc8f0161dd9971a9010a0a88bc4bd6c2bd7c77f25a356e0723d98a3f4123e0d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b1e0b28c10df84b8e705b39133537261

SHA1
ecf3d7de34e0676d28dad2b7b050009b3133c562

SHA256
2a08debf160ab86fb48440928acde72cdabfa65191fb582f515be3fa560121cf

SHA512
93faa1a5f243c7e2d7f328795d1e16bc5d467e79ea98f6b679207b345b7fc42aea70f44e7e15d95664f0f1f607629d2f182fa012e61fb0f4d3827e4f29c0841e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fed5db5579879e101fe7607e4cfdddd6

SHA1
163f97995000770417b9a98a2d42d947896dc50d

SHA256
500aa1eddbf58f2872d00cf5495c03bc4b31caa993f616c9ce898425e90fa9af

SHA512
5d5686520ecb75d971e178dee2e072b33bf2753dc3d0358480f08d8fb604aab66891e020408d4d8cbe047a1c9f015938977e1880b5178a5241064e456fba3737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7158c5295711d5a5da2a5f09efa1a33e

SHA1
3eaa16e24366715cbb7f904a8e211ddd6b221e7b

SHA256
95bb8962f84f54686d2b146e487e2dc1bba786e1c321dd970b82499dee4142ac

SHA512
d6d92bfc35ddcaf79e70b6183e550c75cc44065e8b2b28cc4932451e5aec51bccc773c4c707b25fd78811a0114471e561042e378463c266dde1223764b935706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0842a3cd9aabc0f0438d667da8b3c53e

SHA1
32a16a5bfbc0c1017db397316f5cf1a1c920febd

SHA256
435eae11f7b2b4ab70919411f8dd5794f47e413f6b23a366cab0cc5bb027e608

SHA512
ff40e916ea54f55e54d7c6a3363150fd6589b6be2b9b9a62f52ddd2b466840ab06739f440f8ed9e62c5416bb81b2e37767ef338a669e5bc512424ddf83f9ccce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cdd8aa4a13eb7c90b2222c6a40ccde81

SHA1
1a0e959f8cb43a5001bf75ae80fc016c18ee6037

SHA256
13908434b56b4eb237acc7e6f4aba5b70d7b5584eeba9bd86aa0a0cbf68d7e9a

SHA512
fe14abec39ec8b6f303fc73535915864931f715ef3c0129ac9c218fb8ee2163ea2bce7ae491154dfd1e1d96cf8af2f9d26fd2d2ab73c0be2141218f70a9e4ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a329a1be39a3513d84fe4321514d1c1

SHA1
03e3456a8ac7c5e0b4d6b00e12a00e0c8f59016d

SHA256
863367d367292cbcaea5298e0d2b509072726638790d7c1ee60799cfc3561d88

SHA512
be814811b8a6f94b486940b9b16ce6ba2725abe43c69f640cb031773c265ac715a6cb277af6309ed86c860fdf2ea64786d7ecd44610c1bf38a4830d1a1822010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0c2081b56ef4b6342f3ffea19a554a55

SHA1
c6e4a5c91a598e3b5b6c8253674747f6f2796dff

SHA256
2861e51d06be84ea586cb19b29226ed8c31a814ef524d03da7fb0311483b3359

SHA512
29ad1ab5bf872214571cb5fc9ddfc4bec2cb126bc1fb5d88e0538d5d0bcd4c8ba46440b7555e0e01d9a93687a1c9f58dbffbe880302940352579f4278dbc1bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
09bfaec20253780aa2cd86510a2365f3

SHA1
e1de4077cc3611085f166a81c169f66db48f52fb

SHA256
c11b0153a33dd1475ff98403783bd40cd5cfb525443fd03e771bd6d7f3aa5206

SHA512
fe0864871405738e9c56d227daa0ba416b0949c0c7d02dfad15df39f7c6bef8491928ebf8cbfaf8f51d1d0a2d3e87207c9eeb662a359a84100317cb79b979cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df6de02960344f0b7c57e80bb2a8cd07

SHA1
522937a6cb68d78bb7d0856bb2868787c831bb41

SHA256
cdfbfd193973f7f5c8302dab30a78070b0a8096a6e517f8d4586b4e1ae66f773

SHA512
5de475bc61731116913a92f57e680d997cd867f95a41e564cdd9a9a8590ef7323d9dd9be243d94add6844e468a507ded25904c30b3c87d5c2767114c5f967214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
684416e6391ea5295e3eda280992fdc8

SHA1
aa80f56a8e83e0089b0038887a9de23d010791ce

SHA256
d970311c1d9a5b615fbdd915ad3f6fa16607b6bb18b04292f336cd982413bb77

SHA512
20ad00c899202b00e67720857ae4c34eb0b221d6dac42da4d4f9316ff315d5aa929d18bea3a2004a041b121154a88cc669f47f3334b123d078e0100161cbab61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
75e4b1927906c1586fc1984c66ef5eba

SHA1
8b4df910db0a04a863002717cac349e27b3b0232

SHA256
f3f2f2e6f0b12fa892a33a59b1ba16b881f30c6b41ea65ede874c0ddf40fba1b

SHA512
ce3e9560f89eb54ca88e7cecb508a8dd0d4575dae81355d2a7f220e68825cc5c6449b150eda9c81eb5a0d0d4904694d5a66fd8b1d7df8aa5fcadbdea167f895c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cab059a99a0ec70d7b7befad3e59ece3

SHA1
7fcddfd7f9ba5a3a4d4c8d6b90b048a8494a483c

SHA256
72fc23eb73cb97178af65b52709396e2703879ef67445f513ae4f45d53c096e9

SHA512
e4477c11fd3a4458206d66898011f3dd3c324bf8f99f2a4bcee687d90317b81b7e6514cab90dbc7520e64f1276559702d4dd57b35a191f3edab310a840d71be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
75e7906b7f7ad74ae8e0d51ef1cbf457

SHA1
34471578de692691e3e5d1476fe63693820dab1c

SHA256
56c65c7f50ec752063a123ba4ed0f0d158127547a5fb4f0dc11a0d9bcf62e9c8

SHA512
3cb8e253b626fa32bb56b367b6161b7a446d1e1230b0721aac3ac5e542682a3fa383bec1ecfc4ee00f55a08152c0bc129ad1178d00aaf587cb1655f0d4176bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e03e7046cfb4531645207e865bf5261

SHA1
affc3b991c37608ac895925a5d119c1ea1bed520

SHA256
f969912974efccb466b707d08fdbbecdd45d7e877b5b0b81fd8f834877f28205

SHA512
5ac0584ccf84094167c6363d6124e762ebec3de7ca5c04b44e155a5da6957e14121ecf6ab0dc6baefb5d9fe2889c44863da399d5d4a558302e0874c9775bbb1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6cc3d2ce3340ec1758fd3226298a957

SHA1
66bc6ad05cc5a0a90073a91851cfbab51ad62e1a

SHA256
5c4dad91b8afc34641846b8050efc49ce061a236ef204cdf78e0763e80f3759a

SHA512
d176361c4e416fbadd1537ad1dd554f2c56b3772e6929870ae45e99c9c9c216fdf6da42c8c5930bc50e62982d2d44f120532fb881150fc4d6fa19072c6235f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e4dfb93d47f4d2879a9764bbabb2f0d7

SHA1
0a162965102e5a42fb4fe448e3a64d7a97629583

SHA256
f57e6a9c5df8de7c59d707d61d9db3dac436c223731e80b88f11e9745be8b0d4

SHA512
94983d21b6b75529869d5fc8b175cfab3930783de7d4ef631d88e3adc6f2790e1f76420c6f7fb46d4cf3f9abbb6cb06ef91e54c09bc37883d072f53526d5dd61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e205b9c29ff1910510b9ffc8dfe6d00a

SHA1
bad3026e42239fb5c84d6d2e9bf03f11d779bc07

SHA256
e324a0c0d5cd539d4685d43dac9c03e1edacee0495364893eda449339b4299cf

SHA512
3a96a2d415ba295a54c8c5ba0e75ee738d38b15d169e9492751eba16f7ee16260e78b1d84cd5349f8668ce42e389a2c14e5dd1483321b20a150d1ea850430d98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d6750006e78b8700064f1a42407294fd

SHA1
c112fd67581cc88868b1b812cb49a076d86c9566

SHA256
4cd97883bbeda08f690418a78a7479a29a02537deb744777d6564e1a5c58f5c7

SHA512
a7795ae8403b9919570f9d48e0323b4887a498058b548b2b85f21fb4503e908cc1105382f528c4af29ab0f8bb94a7c3b6260804c9ec6c8fb62761b7a694d0f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1d617541028314b9e9646465690b506

SHA1
68d5ab12ff1fbf7e8a00b30e949388d13e4523e5

SHA256
f7b511ccc189e68cffcb8c66acdf562899f7228ae385a434f87447191be30fcb

SHA512
1e61b9eaff87f1a725a8187314903a6b259265d6e1176f9a54a2e35bbd92085f738e154d40e553dd56f2d5563ed3f52ebdd33b1873227131c521870da7be9572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71c96c2b8c303dbd2f6377eec48fb9ce

SHA1
79fff76a314228c0447b97c08f7c402549acc122

SHA256
5fec6414c5d5506e9bd7d6c636cf368fdc9d2cab7460303eb02011c7eb592db0

SHA512
c0da48e7e45de750902761eb93b58eb1218e8f51ba3e0a24584905835a670087cb462e16c87fd625926fa7d6482ef83cafd037e21dcea6f03e962f44434c282d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e57903f773bb2cf2c66c3c8ab045397a

SHA1
170941057f54e23a562a9de6b9e5e98513e18056

SHA256
99875652261c371061e3049a1cb7933e3d996e5753ed789779192a0ec92586b2

SHA512
2060454315a57b2ec78fb3e9d26b203567dd684157baf4735496181fb5832ee5808827f251cafc7673a405cd9bfabfd05ebd676ef8fc6ce5454acfb117720d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
1d7f77c4901558dfe1c2f520c7843831

SHA1
ae3ffe52d9004ba5d87af615a6122f687a10e106

SHA256
ff8a0cedd1ae5d31653934b08d99e5eaff4ac7352293fb3920dc5b91def1ec1f

SHA512
035b13cf44e3f49be4bf7f74474f80e3019c5bf1f7a8b2e68b5454fc4d9145847d47ddbb759891b0d22bbb1102c357c4af58ca6665951d5596d6475be8ef2abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
a833d98d90e2637cf4fb622aa9928364

SHA1
01c6060632629e3fdebd81912dc6f5cd9b4ae87a

SHA256
eb0028df8f97eca87ce1ff187c1cbe5da4a06d5995eb2c8993963f357716533d

SHA512
86538d7fd08b466e64f3b6f45d75249cf8741f5e78f53b51d3248454e8b988f6f8522ffae8eb37e52b38d569c998c8323aa3f309ee66222444937f92dd7db701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
2f94c4f9669a09d37a86de471f3d38ec

SHA1
2f07aaa9aa9ceefa6706c80a6b1e65a29e370f2c

SHA256
c0b877f7863ddf7a47c3996ff7fe311f6a33fb976f00c5ad10861f61747dc07f

SHA512
f4294a40849897adcbe43cd5210a4b46b27610cd7b740ec912579ac7989bad72ec5eb67b0d027d113d0350f0552d8025475162ee8ce63b2c3766ae1246fca2a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
347030cac97be1e6178be048f095f3af

SHA1
906eb2ad7be09f169db271280253ebd3d590e772

SHA256
8572b47104fc4237347667c8f3b0d1e884b75ee448ad6c713195d49be5f60c5b

SHA512
c4a6559740891a65eae441bc11b423db3fae5bbc9a71552def80b12b7eb3dc85ba1820bb9daf93c8ffaf77c65bb01b16daf0b860edd2205c7bd13acb66ac95ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a06128fb-6791-4cd8-8b54-126168eedbf2.tmp

Filesize
92KB

MD5
3072d4b81c3881766c4f9c6ecf1df615

SHA1
23835192f92f09ff8d07224f9d53c8f9e18c9d3a

SHA256
4d9c4204b5b6d4f6c1a5cbc47fd79e6de40c6bd0f1029869b0495f03060b7d5a

SHA512
83d57444f1eb68e7366bb9493e46a03c3746faac0a4c49be39b3a3706415869dbfe221a777cd5e3a400ce6cb23f62d5fcce4777bc5084d0083aefbcf1f2384da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
36e2fc3cd2efefee4a0ad9359636bcf7

SHA1
382d34ab435e0c970206e647ccd34ef1489b7de5

SHA256
445c14f1db8172dae15a305c6ee40ae9be81e1438bd139f4cab1c54722de526a

SHA512
571cb7fcf6f82419d926b5ac2fe87bad663cb6ea12b6b81236eab2c794748dcdae34a9f059945eee9b306cbef9ce09c6d1b47930f7fb3a144430b8b1b056499e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
bf85537b1e4889dbf70720634e4ea540

SHA1
94421720a3379d69c5c14cfe804f51d1af6930c6

SHA256
31b03cf6eb1ddea0424682a9080f20683e4023e3948c019a878244d885c3e7ee

SHA512
fb50626dd6773bdc949de358d1ac83eebd04490e04c1ff95331c0127225641ea126729bd50e6ef059f76834e3d04a812ad172e8df4fd10aec7a2d11479a1ed9f

Download Submit
C:\Users\Admin\Desktop\LST_CHEAT\LST_Cheat.exe

Filesize
78KB

MD5
eeadd3293c876a90cc2a22c60e012003

SHA1
58d0252ad75f1d6f2ff4db7f11392adfb9009130

SHA256
0e7733f20ea6e903f8ffb92db353bf5806f64284172d9e3ce756b25ec0da3d13

SHA512
b90da6283786aa199c2a35a72850266831d358f846d2a13b41687ce13e8af9fb6d26f631eb69463756a91565d78bd721ecba3575f9e752304d401a23bd645a63

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 476137.crdownload

Filesize
1.5MB

MD5
f1320bd826092e99fcec85cc96a29791

SHA1
c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

SHA256
ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

SHA512
c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
memory/392-1158-0x000001EAF0610000-0x000001EAF07D2000-memory.dmp

Filesize
1.8MB

Download
memory/392-1159-0x000001EAF0E10000-0x000001EAF1338000-memory.dmp

Filesize
5.2MB

Download
memory/392-1157-0x000001EAEDFE0000-0x000001EAEDFF8000-memory.dmp

Filesize
96KB

Download
memory/4192-1167-0x000001A1D7C20000-0x000001A1D7C21000-memory.dmp

Filesize
4KB

Download
memory/4192-1169-0x000001A1D7C20000-0x000001A1D7C21000-memory.dmp

Filesize
4KB

Download
memory/4192-1168-0x000001A1D7C20000-0x000001A1D7C21000-memory.dmp

Filesize
4KB

Download
memory/4192-1170-0x000001A1D7C20000-0x000001A1D7C21000-memory.dmp

Filesize
4KB

Download
memory/4192-1171-0x000001A1D7C20000-0x000001A1D7C21000-memory.dmp

Filesize
4KB

Download
memory/4192-1172-0x000001A1D7C20000-0x000001A1D7C21000-memory.dmp

Filesize
4KB

Download
memory/4192-1173-0x000001A1D7C20000-0x000001A1D7C21000-memory.dmp

Filesize
4KB

Download
memory/4192-1161-0x000001A1D7C20000-0x000001A1D7C21000-memory.dmp

Filesize
4KB

Download
memory/4192-1162-0x000001A1D7C20000-0x000001A1D7C21000-memory.dmp

Filesize
4KB

Download
memory/4192-1163-0x000001A1D7C20000-0x000001A1D7C21000-memory.dmp

Filesize
4KB

Download