discordrat | d9bded210a496305c2d35f1cba1b7322824046d91620799d32e05296e002aba2

Analysis

max time kernel
125s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2024 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

312KB
MD5

0bb84eaf0ecce587e9df501dfac2a45c
SHA1

c51c2c58ce1946d19c52c25ad1918fabff9ffa13
SHA256

d9bded210a496305c2d35f1cba1b7322824046d91620799d32e05296e002aba2
SHA512

454135e4e518fabb8816e55fc9db4dd73a90bcb155f5c74c0804e682ceff5346fbf1d26f911b364d54df705da08ba34571b34eb0964b76f84c41a9eed714e858
SSDEEP

3072:MivgAkHnjPIQ6KSEc/AH5PaW+LN7DxRLlzglKHVf+k:7gAkHnjPIQBSEtZPCN7jBHVf+k

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1MDExOTQ0MDQwMjQ4NTMzMA.GNHuzY.nMgxEoUISXioe-3GDv2EB6q1m_kTs_8AqIa7KM
server_id
1271088918208450562

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 1 IoCs

pid	Process
5784	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
176	discord.com
175	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675983408397539"	chrome.exe

Modifies registry class 50 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 3a002e80922b16d365937a46956b92703aca08af260001002600efbe11000000599b8a67d7e4da01c02e7205e3e4da01467c320be3e4da0114000000	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000003201000030f125b7ef471a10a5f102608c9eebac0e000000a200000030f125b7ef471a10a5f102608c9eebac040000008700000030f125b7ef471a10a5f102608c9eebac0c0000005a000000	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	mspaint.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	mspaint.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "2"	mspaint.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents"	mspaint.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	mspaint.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000b400000030f125b7ef471a10a5f102608c9eebac04000000e1000000354b179bff40d211a27e00c04fc308710300000090000000354b179bff40d211a27e00c04fc308710200000090000000	mspaint.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	mspaint.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
3260	mspaint.exe
3260	mspaint.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
2552	7zG.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3260	mspaint.exe
3260	mspaint.exe
3260	mspaint.exe
3260	mspaint.exe
3260	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 2588	5020	chrome.exe	83
PID 5020 wrote to memory of 2588	5020	chrome.exe	83
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4552	5020	chrome.exe	84
PID 5020 wrote to memory of 4396	5020	chrome.exe	85
PID 5020 wrote to memory of 4396	5020	chrome.exe	85
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86
PID 5020 wrote to memory of 1892	5020	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe8358cc40,0x7ffe8358cc4c,0x7ffe8358cc58
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,9961682420387701084,18188067890505753642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,9961682420387701084,18188067890505753642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,9961682420387701084,18188067890505753642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,9961682420387701084,18188067890505753642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,9961682420387701084,18188067890505753642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4720,i,9961682420387701084,18188067890505753642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3856,i,9961682420387701084,18188067890505753642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=208 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5456,i,9961682420387701084,18188067890505753642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5520,i,9961682420387701084,18188067890505753642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4888,i,9961682420387701084,18188067890505753642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5112,i,9961682420387701084,18188067890505753642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:5208

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4816

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4900

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe"
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1224
- C:\Windows\system32\dashost.exe
  dashost.exe {8374500f-5005-4a08-96e194e1dffa1359}
  2⤵
  PID:5700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6100

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\New Compressed (zipped) Folder\" -spe -an -ai#7zMap20328:122:7zEvent17049
1⤵
- Suspicious use of FindShellTrayWindow
PID:2552

C:\Users\Admin\Downloads\New Compressed (zipped) Folder\Client-built.exe
"C:\Users\Admin\Downloads\New Compressed (zipped) Folder\Client-built.exe"
1⤵
- Executes dropped EXE
PID:5784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4b1b9a525f813b0b50fb768a91122eb0

SHA1
57a0788d952a0f50652f836ea7a687d3d6956b7f

SHA256
25c3fa80556d205f3e16606118b663d7a465dea6ec1f0e80d11146fa174a1617

SHA512
4973fd4728896dbdddff55f07ba80c038f0af11fc1e6e373272d291a079aea5dda09b17731d9a935c30544e65e2a9a92bcdcf457162e311399864bf185a2d0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
cd2847baefc582884831b4e0eba3043c

SHA1
369e4a9c326cee86d347ea840073f1cf3ff722e5

SHA256
3d8dbe045132c7f9a52337705b1b9b223f7e98d699ed5f0f016a5afd9bcbd035

SHA512
43fbf96716648425a71b7fd42b8c094696f37bd0e111659a280e251054c156c2e626c1bbe4f596a7181923c681582a8d70b8475a02ad70c0b350ece7725e1720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
bb2be3716a09ca7f0453c18752d032ec

SHA1
3601a7802928f81932f44665fe25b5147448e831

SHA256
12534cd919191f649c797f169e58dff8d98a92180c0b4defe3749ca7dc261ca7

SHA512
0fdc48ef59e2120e7ad42720cfd75c6b01c508ecc19d49d35e9484b9d16a89ad12940e3a08c25840d42f671f4fb68d350bd9aef311e182414aaf47b77e4fd2ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b8714ff3c144044acc9eb3ac96e4f127

SHA1
d0696875b4b991e14ab4925e7c43f4d2616210cb

SHA256
8df39c18a191790902bd3dae26937801f73226524a2657011cc3c0bc5f82d6e2

SHA512
64b2a055dec0cfa9d0e6fe7150cc812828cf3d204bd1faa9a1fb8f9e581c71489de95f55d2478f28df52e83e3ccba6013775688b4db54a84bb298fb5af94b380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a7b8b7b33747079f622fc4f550ab8450

SHA1
8ebb4279a7e193201a86f8a48e7693d5ed7f136c

SHA256
33ab544c383b58dd9983f309716e2ebcb8d1c9dd96087abf24e9d00445acfebd

SHA512
bbb0b58319219ba55237218d2ea36674b5705e5fad2e168f2fcd65b9a1048df2d4fe89868cea5d3678b0c256288237a80ac288deb7d78044b1a755707923b2c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
b1b3949c1d74ec20aa91314989f89cf9

SHA1
82294d22f6d2d3447b3aae177c866a6e56700fc2

SHA256
1eacb111b82d9bc60dc5834d71893986f5099a284522e04c0d0dfd37ef34aa99

SHA512
a7fd0aed3438732e9eb12dd9c484c80ea211fdcb5357f7b98b0364d8246778cd840a48628f766eb5401e4c0b35a389c5988c6b4c9fd51de47301c77b85c0b50d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
213aeff4f82a5588b7c9cc61923eca71

SHA1
e138f4048112d0ebcc57e810a7627a2d1d1efbef

SHA256
9c5685abca330cff0c8dc6198114c6df797683b938d7a401920467eab9b3c049

SHA512
dc73a08f2038398075591e7fa7b428a8cbc395d1b0ab40dacc243e35748f3efb811d18e795fe82bef30f26c1311d0594dfa39d6b6e1023c13075c58804c36594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
48d699361d121ea8b5fc861326667ed9

SHA1
85339b36060bc6ceb249cad9dfb679a35d698ec9

SHA256
b729dcbec4f48f29b56159f8d9bd179e039cd9d22de41fc50be46345c33127b2

SHA512
361d7414a7fd5314a26ad0b1e74ee211a35788e7af8f23d7b022a43f14af73877d293db71573fd2e8eae3450cd96a88433676517e307b5e8983a9d38d203ef85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
937dbdd4c25185878d9c54a98203ccfe

SHA1
ba880645f9859eba9eb0a02284f86ad1178d2d6e

SHA256
fc1e6f74c64c62df1f9436c2ccfa332f3929240c19b593027f535582d2bb6ecd

SHA512
7ce9dd681ac0bd35088c19c2af0811f77de77f02c24ae3fea89688027a68bb99e9abdcbd0e2e1add00fcc6daf56caf38c204f1ff63a781dafe6d3c610ed33c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0d0c81b77646d82f3c110a97c61599ca

SHA1
9c6ee8c8b20d332e30e19feb79e0fcfb2a24783f

SHA256
ffbf261a8afd2123f0c3cb932fbc34414ecce530c43be54e61f3fce1b59b43d8

SHA512
0f0b286cb9e53451e26f3349b596eadd704bb6f1e9ba572b28b9ec3a6f8bd8d3876cac4f2ac0fd4cc0e8de78c93e1fc8bff5ca2a8920b4ac71da369d6daf40c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
93c5cdfb3ffcdf55b14ea204f07ce8e3

SHA1
d76c04685a098bfb838415c0acf9b2e30434e965

SHA256
05cdd815a6335c76f9c727e115c2d4f413b560723b569838442f305252d623a9

SHA512
939d3967ce526e46cc01158858685509c23981e3b676305e4fd6f6c102b2dc1536efb7c3fe48f35d6c70aad417328cb7d87264e775081cd537144274368bc621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d21d13a7bb520e5e4706dd31e649ba1f

SHA1
7a57dcfcad2085bd90e10f92729540afec6838c1

SHA256
2b86ef6e81886d12c22f1ace13c011d8bcdbb290908b9e32565b9e263ceafcb2

SHA512
bd0e726ec76770af14a25372c38422ac1fd78cb7b34f739ba82875c560f60ef41db6006a044c161318013ef47eb770d691db0ecb0904593bd3f20fccf79bdde7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4a6e65739ae9c90d2141e06ad6fe5db7

SHA1
b1e8839c16471b1c8188bcc5b0e7dce97b9c5395

SHA256
fb9f8a18a9ce7a1b26d8dc79bd2815a64c2e28a2697da8adeb70a69518c925cf

SHA512
f5a95998b373b9e6719adf435376faaf549eb0c63166772fbc015af04497a38dcd3a2526dde4f104b0072830e81c2ce3823f7d60d8bc8373ef7dfebcfb89cf1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dadb0aa46320c8f2773c001880c8314e

SHA1
f29e7dadef7ca22354c59e780cd189f697c95c68

SHA256
653b4cb5f117f63283a1674ae470554fbad416d081e35112fa7a9b13bfde1f61

SHA512
c71a04f6aeb2418ac0261af12b00f1619e13a224002f235306a1a0d5d122e7b79327d92f91790d1480345434abd7e50a61d35a50b0856bbf3e89d7212db82af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
99d0f6a5f9a9dd3a8ba5637ee82c2f4f

SHA1
b9a6dc614f0b60c70a7f39cfd235a13a3bf97811

SHA256
af8a3be7a058ee24ed65099513e7d61b59df6cc4ba879f4e27fa8bc24cd5f2d5

SHA512
c1d909a3f5f1a87056c85791576e056bebc8fa55c7341bc9bcd9c1a99de2125a4887f961a473f01e43177405c83ce4c5605583862f7d5bb9fbdad83cc968e1c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
760127ae2e9da8d29ca81fac5f0879af

SHA1
096f6910acb9824df3783e1b211130315b7234ec

SHA256
afae54f81c6021f26fc6de25d17e0e7923a0a1f1b76ff18669544ff3aaaa176a

SHA512
b7f41dbb1bbeb64f0816d6d5c12aeb0bab149d5f135044d268e7f7cbb69ab4cf4816d4620a99a2641ed173b04899646e1c0bfdac0dd96f66742ea1bf710f1682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
c9d62fb1df365c5096a2a53e5b89e098

SHA1
1457ebb5e69385fe55a9f3a43e701a0de8f39af5

SHA256
3a68f78c5bd4ff20a8572afb56b16d2d7788404b669f3ecce8aab4c582bcedb9

SHA512
af69c6b76ed4b61493a08e667faeb2a2bd47552a7c786abec8327b865e1e847c8f0d900855ea06c0963330d1437477f187065623607917f99f4f91c19a84eb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
cd08a815af593e73e60ef12ccbd7d3e6

SHA1
00ad6e24259a4bd7dd8040f26a848c7be3a93ab3

SHA256
17f543c4c2ba3c0596084c4ce878572712fe37aae52dac886f9067f825ab7a42

SHA512
4ea031915d1636514aedc79491e7bcf2bb84b5368c47c1714b5bd1037f72051f6f7fdf47800806f1c938e4fbd825bbc628849ef15bcce537ff1e2f893e24d27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
1024KB

MD5
8af230959c315ec0da2f9dfcdcc4de04

SHA1
09ad1665e3eeef603b05daef5f714bd5f9e01ecd

SHA256
5a0b852f3cf7dd81ee26307a44383f91289f6250b81c83da93b31551b4c60d3c

SHA512
396601250204756972404fc23134b1a234244e875d6a21bf6fca0f53de728a1e90a6905f64a751e12a66902bb10301a72a6bf7560f57fe8152903e953dcdde69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

Filesize
1024KB

MD5
b14bf160fa9f4cf1f765bc7e03434c20

SHA1
350abf64215146c6f6f520d806f3a81076d4364e

SHA256
b9f6a5fd558116216717b5a1b1d157500ccc9edfa69a1ff6badcae7cbc8d7b1c

SHA512
eb4fb2c30eb9585842b9f52accb93620eb5912249c22d36bc4e90e682aa7e03a4eb29a664db86501bdfb0e0e6b35fa9fced671560e712d9bb5bf320e5e37f3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db

Filesize
1024KB

MD5
a8302e66a4abb6f14a63cc221a9c3c12

SHA1
7dc3682a0f068cfcde15250cf7df4fc8d2e77fab

SHA256
7025ed572c0ee348fc4abc82f3d5c5a7288fd7f719d2df621d5a7ea2e0ca002a

SHA512
bc9a457cec8a45bc7e37088f748ac3d9b43cb6bb8d363f0cdea58407bb3d1c1c49cb7a804e1145d1bd9618f2de17c40b7c4b95137c728554c219226518149407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
4c67e293fff363cb44ee3c03e8022bcf

SHA1
11fb4616f73bf05bc91e25fcc4e7045c1c811507

SHA256
e66a4d7d2a3e64ce3570b967b5ddf5ac627205bcf24f37f553abe8a73d22bbe6

SHA512
f01278d63f31c75a567a186803b375909c35f8389f1772219b17a361d81662b3608afcb5277316701c46b5d6b471e1908c675a4553afe4e14f7d2410fc3e50c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Untitled.png

Filesize
3KB

MD5
559e8f97a4d4d08115486a942dbcbe90

SHA1
8ca4d4ca14f7c31a43b08a730ccfacac49b8fec2

SHA256
ebd4e2821c3a7c56f01ebbec51b469d296f38309f1afd65a24506e1e314c6b6f

SHA512
864856c139162cf61699e454c5b3a68fa5148722eb5f759e06ce82ac59580b7c5d5f7e9d6cdd08470d862c4191e3208007cedc032156a1735e0e1ffbd4284c51

Download Submit
C:\Users\Admin\Desktop\AddConnect.wmv

Filesize
668KB

MD5
eff51aee4bf34cb2ea952aad13450a65

SHA1
ba5354978ba55834d567b477d99715360e7299e0

SHA256
46acdfe921bcd0fc31981e888a6b671b8de2fa84158b4d1adbb1a2168dba10ce

SHA512
b76fa5679f8e1475347d6f43fef8b3ebf9e68d11af46dc23a39c4b15072977294f05080443f969dcc6029325c53f4191bebf83459ab74ec8d6024e86a8d209d1

Download Submit
C:\Users\Admin\Desktop\BlockRename.htm

Filesize
241KB

MD5
dd464c1185c641e47ceebd532c67d84e

SHA1
30afebee3c6262afab86ebf802647a8ab359047c

SHA256
17d4e3004550f8a90be4a4f430625c91c8af81f6843077ffa323b7f266685a5e

SHA512
7e68f4fd0e2236617aa8174e10ac9ebe4792c7101c549c585f1dfb2efde45907786b1ace4224fa830421726c693cdb97c87cdd183e58cd6efdebac59f6c740a2

Download Submit
C:\Users\Admin\Desktop\CompressUninstall.otf

Filesize
341KB

MD5
2c8dc4dc72231804e9a304ed6a4ce023

SHA1
2217ffd0e3114435c10a51ee3430960846aacb5f

SHA256
7978a884231357d25b7df565e616fc94e1272323b5e12fc5884e436ba5a97cb9

SHA512
b0efe7d9b67e6b3cc306f4d0f5ca70796e182f985380b9f9c6b65351a9d81be7f79f807f6399f481a5f6a1d1b98ca210350189eec0c2005e1de808e987454480

Download Submit
C:\Users\Admin\Desktop\ConvertToShow.3gp2

Filesize
369KB

MD5
a1bb9ac5e56c73942e9a39d17f7c4faf

SHA1
ea144b443ab8a5b09b931c8add03ba95577c7841

SHA256
9e2e26f94ab0828353fa3e2944aa090595df3b266b805e368515e063fe7a15b3

SHA512
78ce93f84f3fcf9f3867f26c58f36454d679d408fb2324bb478e5db3408680d935a03441e67a57f9af94ec008698c5b5c56dd16a31a08f39ea9ab09a97a03b4d

Download Submit
C:\Users\Admin\Desktop\DenyConvertTo.xlsx

Filesize
184KB

MD5
650bc22e7409b388f975944346754b01

SHA1
c591289b21ec3218a3bd6d8bd3bd9c39acdd21a6

SHA256
b2114f393965609bdb2d5f8be48b4392035e1c25d15123235010a66f9c378069

SHA512
27b27173caf7d00af47aedccf74d737ff47975e8b45654262157b2ff69a3f7fd40f14f27e476c6b7bfb0a8dd82f8b7818b6f0ddb84a06c05b0a1f2c6e9dce18b

Download Submit
C:\Users\Admin\Desktop\FormatSwitch.png

Filesize
426KB

MD5
35ede91cc1713e256f87f7ea4f82ddc4

SHA1
68022cbc3fc5a91c36c10cd798f70538e563bb5c

SHA256
be954e98ba8d6ac6b79e902cd3077c8b8b7ed79c17a437804fad60e5e2e77417

SHA512
0e3faa2ea7709ed057ecd49b43567eb6209efbc8a2d3f3799bb77fd4d63335be70e39c7c89474043001b3ac71a06a0de0d7748ea727ff282ed7db18fd6cfc4b8

Download Submit
C:\Users\Admin\Desktop\GetEdit.aifc

Filesize
284KB

MD5
b509a2b8f3bd8284d361c368064134c2

SHA1
6fa62df386a5192a779662aa80c5cbaf5e4fb26b

SHA256
00ed89f1cc84869a54665f080b330c9908a79f9a440856e91feda2f049b4af2f

SHA512
055d08e978896b2bcb07f811bb972d90e0f9bc0016229eb5e56949fca2395fa7f728dbbea56593fe783e8c199f39e1defaad095c08788a325b59e6fa31083dae

Download Submit
C:\Users\Admin\Desktop\InvokeCompare.xlsx

Filesize
14KB

MD5
abae12a53d2a43b4713e570305011f3f

SHA1
07868201c2e4e80494a1a26779c34ece3eaa74a6

SHA256
5cb2420e66cbc7ffc6ed3f7f7c141cb5455a78b613e73559ec69d2040638ff2d

SHA512
ad8d50e2c878e7bae198e852f615e4eac4df881bb1319753b312ebcccd20ce649812b06a25b933d3bb8a938d5592a910d04190cc94e98a07c95b13e621de69c4

Download Submit
C:\Users\Admin\Desktop\MergeRename.pot

Filesize
270KB

MD5
eeb36e7d01045adc9d4e7c407062d774

SHA1
62af21bf1104693fe37c176ef1e8a02d75dc75e3

SHA256
5998e0bb5c919695ce1eae0c06155588b2048c46e22c97d4278f295f542585e2

SHA512
66258094e232568c033e31a6458227b9422ba74a426042facedbe94504feef6b151df0ce6c979f1c30bc60b9cadc03d35170ff6213665191d5cf8302abaee618

Download Submit
C:\Users\Admin\Desktop\MountGroup.vst

Filesize
312KB

MD5
54ccbb7079f1f9ae3278b58d4507db3b

SHA1
974731b6707ec0b588bc2294c9149e8c165891ea

SHA256
133198341f56f1427d53d3bd0b053697c92073d0e163fa18620de17fc848a4f9

SHA512
8bfb1094b8eb1bb224309f21aff4e8b807eac8f1fc9958f56a2163ddf3255c20ef8f1773826428f7dde6dbbe35ac0e2cffe30ee402b61349ffaf4e9ca3bad61c

Download Submit
C:\Users\Admin\Desktop\PingNew.pptx

Filesize
256KB

MD5
7a851ff8177259856f815a4d91ed828d

SHA1
1a805fd5526fd53d877346123f5efe8d39e76124

SHA256
5bd8b6fea77a0f98e691f2735365dcf6b233bd9be9d8f19ffead8dcf8bbcd2fa

SHA512
fe9ae1e5e11302ed935b9bc66a6df24583f52b25c9be9a5409de1034acd40f9d0aac9dc3a72384320cb70fbf705b4565a1e4af863d52fb1c986855b27766d196

Download Submit
C:\Users\Admin\Desktop\ProtectSend.mp4

Filesize
199KB

MD5
d8ec9d842120a9e80d9c0bc0eadeeb5e

SHA1
6f7c7c960ed6865aa85c9fe8ed480cb167e47bf0

SHA256
209ccc21561d5663ce1e15970aa5acceb8906f42cd73f5f5a545ec8b86b56e5c

SHA512
6e31b811a46ae8dc31ab330afea13172b649b7b78c00fced03675e0f5f5a851cfb12e3f653ef762aced41a4a2d329bcf08e31c0a5d00961237d33c82b52f834a

Download Submit
C:\Users\Admin\Desktop\ReadComplete.mpg

Filesize
469KB

MD5
278c6aa685392b7f9263dfc77fb87e5d

SHA1
1047e724d16793a2f47a18dfe177f26afa62a764

SHA256
b1170d8b13f723fa85b1c051a8966ccbb794820f87e56be1ee9fc159457de545

SHA512
f0a2ff4c8cf25cf6b1b394a175c5764d8943c54c1c7791bdcbd564c1269b8397df833054b368a6540b7df230289e4b6cc178c62f5aac0f41d2e2dc468201751e

Download Submit
C:\Users\Admin\Desktop\ReadUnpublish.snd

Filesize
412KB

MD5
f3c1dbb5da2aa6a170bb92551d08acd9

SHA1
ad78315b653a98e00149e75bc3eb5a3255195165

SHA256
0576f8d8e21e723d51b832ae8048e85e958da5c6392ef6d6cec16a11da224130

SHA512
f63e33698a9277de000de1034b97c1ac6482e2933253a3106512c2448ce0903837ffb3e857bcd204373996da5e247849c5bf38c1b016dd34faa0e01194ae310f

Download Submit
C:\Users\Admin\Desktop\RegisterSubmit.docx

Filesize
17KB

MD5
97972bf498ea49a99f997742518c1a2f

SHA1
402946669337262d5fe60765d12b5975e555cf8b

SHA256
24886f7025e19d83cba73506e7becc54e74cfb791183617a1194f887d89eb71e

SHA512
fb7b40a23afcbb3980856269f54b4747828ca539054f7ccb7c7168b40f6e5970208f9e81d72d67e19f09efa3eecb71aa024b192aebe753b75afb3a17389a5980

Download Submit
C:\Users\Admin\Desktop\RenameMount.vst

Filesize
455KB

MD5
2f10bf412231e64157f0505bdf018d8f

SHA1
a1d9672b6e91c7683da46a40baf41dbb458e789e

SHA256
73af0f94622caec31bd507d298b7bf45f0c7db2684a12521097833f300023add

SHA512
182634c294b1921e172c7e5d540b93923695f16251da2e477e6bcf0034a29c4581acbeb6b380e6226a25925f95bdb3c57319257bed00215dfe662bffbc0bb91d

Download Submit
C:\Users\Admin\Desktop\RepairSelect.ico

Filesize
440KB

MD5
e04f7b2e9c7350089d1f740fd37efdf0

SHA1
34cb0185002a1086909476fe16ec03a9ef436f12

SHA256
4beb648ec187908d5e39131a8bc86a08865f3c2b0f258400d7c678769bb788dc

SHA512
d929374ff57686d61b9adcbd7f7bcca3528f0c824cadf07a1437e8a3c9f180eccf3c307abffc36e0c4e65e58cf28e0e812992fc256b5cb29d5d80c19e544e7ec

Download Submit
C:\Users\Admin\Desktop\ResizeLimit.docx

Filesize
19KB

MD5
2272924e35a2e5dc8da27d24031c1839

SHA1
186927a95d062fcf2f6da754380c56e32d891f04

SHA256
d867e5d15ff9b97275665f43ef8a8e8410509e8967d2bd945cb7dba10f8eea97

SHA512
9b9ac762d3cb358082c7e6d47817dd97efbd1519819ee6c730d9bfeff183ddd67245a34aafd2e5ea945145afa72d16465c5fbead3eff4f7e52286b0d191d0a16

Download Submit
C:\Users\Admin\Desktop\SplitStop.xlsm

Filesize
327KB

MD5
592b559715cc2ec9e1b57abb194bf3ef

SHA1
f048a0e1324c09361fdae9da920d734da2c4cb83

SHA256
94eb4958cc230910fef953f914ac1c08fc82ae98d037142546909e558f31bc96

SHA512
566ea2944b1cb6391fcbe2cef5eeed80074e1232f2a0646afb039a7e265d34384bd2a432fda3c2dcb1f763594818b4cfd447defc662b8bbabbb1265180a7390c

Download Submit
C:\Users\Admin\Desktop\StartClear.html

Filesize
227KB

MD5
42aef6f6c93a6683c286f4a0c71c0fe9

SHA1
c7855a02f6bbd8a23677de448f18b5c310be3ae7

SHA256
c433e36418fb6e3b100b3e5ad92b02a46df14a8455e89506701339dacb5bd9f0

SHA512
66033ad9de2b166bd7f5fffa5b6abce01627e041a07d9f2ce1e00fe4b5c295ba16c1e1383f1181d82795410e6c5d10a56c23dda225a93be3e25c8ca0ea9f4d2d

Download Submit
C:\Users\Admin\Desktop\StopEnter.ppsm

Filesize
355KB

MD5
da4f82db2301ec980fb178750d3fe820

SHA1
a2c41ca2a768b11f97c82fd37fc9d0b93c29bc10

SHA256
b89718495dd5376d1fd20bf05105b363e415e769a5f96772e0eb75ee9e88d9c1

SHA512
0f0485a669a9720912e7f73e1bb2bc15bb94bdb85d2b4b1e0df7468823c3c84580241a91331f6bd37f54a2176790ad0f4440ab3ca748e7356443b2c1f7ae7802

Download Submit
C:\Users\Admin\Desktop\UndoStop.mp2v

Filesize
384KB

MD5
b65b7c1822af3b15f6d351ed0353df43

SHA1
d674aea22f1405ecf762f6bcf493ede85a53a6a3

SHA256
fb057c02d961424303b1ce96b32aad98f4a873b59060b44b904b229b8f021b2b

SHA512
c9a4038ba04331acdefe37b151bdb93c9279f9ba70fdc72a0c71af6bc1ba29298845b1a7778ffcf628033426d2e5b7db18be862f7b1c94c570dc40d40a401666

Download Submit
C:\Users\Admin\Desktop\UnpublishRead.asp

Filesize
213KB

MD5
406670044719ae83e25eb4fd2beb1969

SHA1
8c412e1b5d0497c53a23f2d2ec7687662591db31

SHA256
deeaae136b7dd62ace4bd16d0afeec65f0c3f6adb916c39d47eee2ba7d121a13

SHA512
dd26b26406937bdc8108853a7938b14d6de838a74f01add6edbdc56ed2bb65297e7491f755a365e0f1c5acf437cf52a48bd0c41ae73cf28db0773e63983a7ec1

Download Submit
C:\Users\Admin\Desktop\UnregisterOptimize.ocx

Filesize
483KB

MD5
ac384624173704bea19198c7c12318c7

SHA1
f2117c0f7f4fbe49006a035244085675527ee201

SHA256
316f8e0ee7adb7434b49be003df956b0af4650a4baf121592108d37d67178db6

SHA512
b81264840a7a80cd3a824cb9732958e05ef0c58ebf08a50cd355fbeed6bedd6426d2d894634e83546576af38cae37b6b9526b639ccf6ded3722e5c2847cc7515

Download Submit
C:\Users\Admin\Desktop\UpdateInitialize.wpl

Filesize
398KB

MD5
7881d6068e220e08ca5db99b16133149

SHA1
ac349c24ed4506ad957bc5600b7282f856087b96

SHA256
4fddbaebbc79206b42376ea3d3a012b3a69a48ccbd1ee1dcbd3424de068d6762

SHA512
dbe1d90883b1c414a82bddc53ca71d0ea526d33ab33f73ac275844153e3e47aea16b0e1ed406030af64fdfdb7f462b85b7a1951abda233ac19df0de129f942ad

Download Submit
C:\Users\Admin\Desktop\WatchEdit.wav

Filesize
170KB

MD5
2ab48a1cf2baa8bb9af777785b36d072

SHA1
fcacbc1f340d07119e5655d8658a3386d15782bc

SHA256
f80f794e17bb72a00c165d85757950918ae7f75ee91db0364bb060adb84cbf44

SHA512
1206d6d68f43f8a2b39d27d221108b5208f9656565c30d1106b7126ceb43b351260994f8d1add034b07709d465c242350c4123928a2d57a3142b3ac20fb2ad4f

Download Submit
C:\Users\Admin\Desktop\WriteUnblock.mid

Filesize
298KB

MD5
4402aa813a0c167312abe2db24c496cc

SHA1
155bf49a4ac8ef852e69e151b2b9be881c320096

SHA256
46d0c541b7208ad5bfe6d4c4af1e12c4818abf2036963d355fa8ec1cf92a6ce8

SHA512
4a71d0b8043aa448d12c89dee27c4f38358099ba1b69fd9f349cfcb13f4bc89b6bbc2e1c5cb5b1c916d4a02ebaac48dfca739d7443a0a1962c9a12720d1e12e3

Download Submit
C:\Users\Admin\Downloads\New Compressed (zipped) Folder.zip

Filesize
27KB

MD5
01a795a4d65ddec2738d51ed01692dcd

SHA1
12005885aac42d1d04035e4a0bd87bc503d2d853

SHA256
fb1d0185e6ebef04a37aa7f613a288a5ae7915ea0b37aaccd79a34f4140e8dff

SHA512
87b5caab045ef8eb497bdfdf90d5d7d345a50724900908e30868f0d090c2c8638e7dd18db82cb1b3150b6a951625b92feec721287285d3d501ab7f2f5d594591

Download Submit
C:\Users\Admin\Downloads\New Compressed (zipped) Folder\Client-built.exe

Filesize
78KB

MD5
8f5665933bc1759f2f7a55689d5a085f

SHA1
13451df4c6f2478e8a6868dd76099ccf2fa45036

SHA256
c0153559df0d05f60b5bc7f3f97ade742de63d3b5975a0fe4a616c6ca921432e

SHA512
16eb322048590bc4a4b7834609c09170ade708dc335581e2f2e872d650f880f5486b2745e0f6fb1c812a12c0ba3b073b4eb0d70978a5870cc9d30c127eb41807

Download Submit
memory/5784-388-0x000001CF84730000-0x000001CF84748000-memory.dmp

Filesize
96KB

Download
memory/5784-389-0x000001CF9EDA0000-0x000001CF9EF62000-memory.dmp

Filesize
1.8MB

Download
memory/5784-390-0x000001CFA0260000-0x000001CFA0788000-memory.dmp

Filesize
5.2MB

Download