discordrat | hxxps://rule34[.]xxx/index[.]php?page=post&s=view&id=10995618 | Triage

Analysis

max time kernel
434s
max time network
436s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-09-2024 13:04

Sharing

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://rule34.xxx/index.php?page=post&s=view&id=10995618

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI4NzM5NDgwMTUzNjQ2NzAwNA.GtHXZo.4D4NIxTDVpBDIp9BDhxupSxUagmCG86puABf9E
server_id
1287394542380164757

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 2 IoCs

pid	Process
5320	Client-built.exe
2236	Client-built.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

flow	ioc
95	yandex.com
175	yandex.com
93	yandex.com
94	yandex.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "198"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714839615147160"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe

Modifies registry class 37 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
3564	msedge.exe
3564	msedge.exe
5024	msedge.exe
5024	msedge.exe
1160	identity_helper.exe
1160	identity_helper.exe
4608	msedge.exe
4608	msedge.exe
3444	msedge.exe
3444	msedge.exe
828	chrome.exe
828	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe
1144	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4608	msedge.exe
4292	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 3928	5024	msedge.exe	83
PID 5024 wrote to memory of 3928	5024	msedge.exe	83
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3532	5024	msedge.exe	84
PID 5024 wrote to memory of 3564	5024	msedge.exe	85
PID 5024 wrote to memory of 3564	5024	msedge.exe	85
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86
PID 5024 wrote to memory of 4016	5024	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/index.php?page=post&s=view&id=10995618
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc86946f8,0x7fffc8694708,0x7fffc8694718
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12318654161574511216,9094976066189325833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:4264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3280

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1792

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffb971cc40,0x7fffb971cc4c,0x7fffb971cc58
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4724,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3740,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4924,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:5884
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff75e424698,0x7ff75e4246a4,0x7ff75e4246b0
    3⤵
    - Drops file in Program Files directory
    PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5108,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5024,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5284,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3496,i,132500279776199829,11778812952989989569,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5252

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5800

C:\Users\Admin\Desktop\release\builder.exe
"C:\Users\Admin\Desktop\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2084

C:\Users\Admin\Desktop\release\Client-built.exe
"C:\Users\Admin\Desktop\release\Client-built.exe"
1⤵
- Executes dropped EXE
PID:5320

C:\Users\Admin\Desktop\release\Release\Discord rat.exe
"C:\Users\Admin\Desktop\release\Release\Discord rat.exe"
1⤵
PID:388

C:\Users\Admin\Desktop\release\Release\Discord rat.exe
"C:\Users\Admin\Desktop\release\Release\Discord rat.exe"
1⤵
PID:5936

C:\Users\Admin\Desktop\release\Client-built.exe
"C:\Users\Admin\Desktop\release\Client-built.exe"
1⤵
- Executes dropped EXE
PID:2236

C:\Users\Admin\Desktop\release\builder.exe
"C:\Users\Admin\Desktop\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2416

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:1144

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa392b055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a08c011a0d4db076a7b22c5ecfa98ba4

SHA1
fb4760c1e95dbaa7d06ca60babb4a86d0dc9e0a4

SHA256
e548557637c507d7a1fe618d5f0263d90bc0616aa4b309e9079e6fe4638073cd

SHA512
96d1c67ba39020970a6b1302dd6a14c8642160e1712de24a9580f6d16bf5a1baa1cc0a1c8cc16615cb8efe92d26527a3abf53a6a222e69ce5dc6ddee02bcda7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
39KB

MD5
074d7c0ab0352d979572b757de8b9f0c

SHA1
ca7dd3b86c5e8a750401b8d6d773a9cc3af55b81

SHA256
46a06c3ec01cd4c5d5d8bb131febc48e3b1eeac94a47fe0718dfce6af821f83a

SHA512
00de9f645ca784322b005c73302aa573ab0665e8334533e7408326f0c84c12f3d056f39a2197d5c4bb8092f3b09dec4b79ec73de1b5d161951c5c48b9548216d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5bd1d41a1267c9aefdb8d6e04934e06c

SHA1
ed17271905f39f7ff8b7f035040dbd0b285120a7

SHA256
2e5c4d117c8805fbe6042f763d8b03577b1e585f10f0d4d80f2bcde7f8217de8

SHA512
d8c7955e2e8bffd4fa0eb6debd6913237e56bbe4d2f67376bbe2a65db5d4344b441faffc4ce8309459ffedcd42b183afb686823e0dcb46f6ba62505e53016950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6ce1a2ffbdcb5f3e5633d980594573cd

SHA1
7e1df6bd43c586f20801a40a3da8ee9fa78dad0a

SHA256
26bc2bac094fd6c34afdabc914d71cdca6377febb8ba552ad1168da47a237468

SHA512
b97825c6638a2da2017477b88b7eff74dd830e245d0d339c9f5dff8687baf4eb96d925d55c3d9cf2a285a4247c465aff085d79dd2952d7dbe7e84ab8e1d660df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4280188df706065db9d18f1831b82de2

SHA1
6717d23e3971030bfbd31eb2d5d3283e05d89130

SHA256
59d968e8dd8e07ad5674f5c006ea6b46a59a188ba14d36df53e5ec9efb13f5fd

SHA512
98cdc5ce06e774a8b3ec92f1ebe3a37c5efe525932044b6075f0d48024584536772e7343e7bccebc1a0845d05c51f864a2bf5746dedb0cf2efb4d52ef6553d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a5a747172a885d49b9e373006567d4a7

SHA1
43bdcbf3f289f951e39b3bb8d8d7cb8b1bf737e4

SHA256
fe42ef0dc9ea43f7a25c939628bb426bb8629c90ff6747e6b7f060967ac7a406

SHA512
6b3b94e11c1e70f4de2ea41693b2daa6e720b01e7e760e1e0e3c2869bcf9a9e72be1487df3fba47c9008519018ec8e9b33cfc9c254a2504b6a4ab89635254ed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5901b28201e6fa85a98291396d1f878

SHA1
4da861425dc1cb7485af70dcad689658a69c3dc5

SHA256
a3183b5a6c61ad7329d7fa942fc8b7a23e849a10c1b8c09791a254650eb763a5

SHA512
a96d50086c8b88cff75fb1ec5a93975187d1ccbf255992508269625b8cd276377758cea2f911e96c821708cf0052937b8a6cb5e154aafced8080d1fa5542ce76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b773cfad06774ffcf22f0e4ec743b7f6

SHA1
c683343576f082560c5d30bd106b4bff46c416fb

SHA256
1fc0cdf3dc348327ad7cb5f645515bd4976433430d9eefc94ec6af582225d397

SHA512
e1de83819da4173e04e228ee596849144a74b3a24be313c36716604fd1abd71c6522509440e108456d8b33ee7b9f60c77c5bbb9b5f3a397b9d22be995e32ffdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1c87f9aaebdd14b21cefaac484e6a2a5

SHA1
e8d44ed8f73190867dc3a925e6c143ce4edaad95

SHA256
88dd62da5bb0340bcb05612290a076ff222f69fa424586aab01389a0462fd7ff

SHA512
56135abeb98ba4b0097fdaa18fb9f581cfe39831f6e5bd730942744d801d28122e9baad2a5a2be795639df72cf1e17d77ed8271ef49c3995d482c3dceedcc332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fc24b170d999d0cc2e60ab4e65f93f31

SHA1
3aa5d667064addbff772889eb9eb02183c072e67

SHA256
505cb6fd34e319ebd8820ecf1659c6f0aabc9b01da4ac5b63afa323827aa14f2

SHA512
777c4081df05cf2839023eafa47e2128d45a1b0a0e973d4968ad0c420353b634fa9ff8f7d79b7d9defb8a06239e6005c46fbb9af71e97590e86de711bb8d6661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f701d7f8ab666aaec77b914f03d48ae1

SHA1
8d3d106f65f6d2e85fc9fef164bd030974ff3b3e

SHA256
29b3e18ed426717d21ecc8e45fe8132b04701e111b0c302457ead8f01b5f4005

SHA512
1579ba900805a1abaad36317415293c91c9d0f7d51581c8cb2ee7e09131f2fb07a9c1db1dcbd56ba1a7c01fa3e89dde22dbc0d31e583c30345bd1dc60c75de82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2efb7cc9a59e810fb690fccc4b3aa9ce

SHA1
5e84ba72789386b7575077059a0579d2f7a03af2

SHA256
d0d441135a103f1cc2b2e9031761b3068862191bb33839650800dd6e37de5e57

SHA512
9efe8f0f3cbec328072904ac3c5b57fb7d93abf294839f0cce5f1bfae34762e8da2508290f6d4b1a1499a7504550ff4e63473a6d04e04bca59356d65ac769e8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6063dc1cad0935b26119d3ee71114aeb

SHA1
a6fa2d7155e8160bbdaab72e3f186c6d9030cd56

SHA256
04f2c7e42b29659530d5e603bce4747b0588cf3c67829d53cf85b0678925c23e

SHA512
b7ffadfafcb3a1c39aebf4aade920ea2d85a3bb88924e185ef901b22ed47526570e195fc8d027ca6724c3b559d63d4b339379e2f9042a486b9fc3e5d83bd75ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c3663e129c597a8ab85cf4fd4b2d4ee7

SHA1
768d95a9365868048dff8fa47ce58fd06c953132

SHA256
0ec569a4f60ba7f6d7bc4d7762cc6739ddfe9514127ebc675e6ad58bb30212b7

SHA512
21a865ae00d89355ece05490aa752bc1a51929f997aabd1ef31b4ff4d32789f0d169106e88b72063257d7a1a4ecd76e2f91c26da306ed964f7dde9c52455f6c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b12dbeb34008986e0bd6bd594583e0fa

SHA1
67f16d5c2b044c3baf409a5162ae85a89115d60d

SHA256
07654935e9193ab2d66c9839bd3b7e2d3caa5dc15bbd006d5fbb79c7f24e7c2e

SHA512
460ac148891328d786c64dca6e8506a96f4c3af2bec58e288ab2c9e97498a7d807a2d4543cd20d6f14ff67b27326b88cacde1dd29cd423c0672122f46e2df021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
38f517714b90337d710c1bbf31ffb753

SHA1
248a235898ed70e1ac4418bb8798074c41f68e9c

SHA256
3a21f96d1dbe24ed9e985a03e2247cdebbad68853673cb2c9c73e0963c72b25c

SHA512
cc56dfb39fe5076e3f15f94371bf3c64ddbbd8a40dc58e5cefd99d4aa375b0273d75e9d011378901f25fff33d4e71593622b4569f3905f18e777bb8af9efd29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a28c39e9c117db88b2e3968892854bff

SHA1
ee4f573fc2002a4e2ff8f4c568a49a32dcdcf7ea

SHA256
bd0cddd4f2e38cfdbd1dc7e2c37015af423034f391403c238c9478790fe626c8

SHA512
1f07db544f2ab4cf41e1c26ae835598460d0d2702a7b8a5c21af3c328f0f8e30c9f4dba363d506fbf7594edd437610b734fd37738abac80cca2caac242a5f843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e28d5e97f8f55ad86f841656645d23b2

SHA1
85abc1a5c45c2d5d684380ee672a36a7c9faf12f

SHA256
1046a04df18529c7417d83fe6261ed8975c265c1293842f6f732dd0cedd6906a

SHA512
85f61b7da7912f9cf412c4b4cdeeed86ba547b3f204c65b5eb8ef5528ae617a1315cdb75230aa8fefbfe93c4cb94fba66fdf1abd741caeb077b4511a66e2d836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
661579e592a1a486660f01aa34acd056

SHA1
065da22680f08659851b9bd901bbb1e22fda2585

SHA256
5d7224b3e912876854e3060ee8d61477c01b17943888f8c641940d3e89d2dfbd

SHA512
da9f8223f0ac799dd6efe8753d1b63407255cbffbc22535a28d5319a20f5f7cbe1654ae630f61e50a059fafbd9a76d44deab3beaa22dc871868ba99d1bf0b2e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
19428167e481bef0eac1918cbeec53c1

SHA1
1ade7e572c2c47e9c2b7cdfc90be206f4b1c5ec1

SHA256
8d320ab01fe22eb3263fc8b0a20cf4c1991e027008271d22f5877e4b79f1e11e

SHA512
2eecb42bc0960aa503506af1bc0a7d76e6a39718001507dbe2c52693b1350a6171ad7afa0f8b2d88c7fa51a52274971082026c60e379bdb6e0c34ed2707ea3d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
01e390e8d23ea3346426d721eb207f19

SHA1
f5d7f7caecbdbe3c241769e85d428e3980b2d676

SHA256
9e79c56355c78904e25eb9e3c2a10392ad8e18af6bfb6e4b381c0a596409ae2d

SHA512
b92524c030e683efbe32300092e6fcb60c8532c89de177832dc2e26885e20321c11b8e0ae3f44d9bbf6e2f024b183e63a712bab7778c5b3347f21e15339924b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f4ff675408528fb3aaf81bd4ba31bd1e

SHA1
d17bb9b2bf3ede1ed5cb6fa1667f599776c5cd8a

SHA256
9ccf04019c9ec9e8d0c48742cac003f4242a9947b6112189b418dde73a373986

SHA512
9366d45d407aed1e66b4c683803062dffa2993d7f4cd09340cc28a1f66c549deee859403f4e468a3b023e69f895e6d83428a46849b9cb90c5bf5ead1f1dd5265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4cb82bb327ff14cc54fb00bafb5fc9fd

SHA1
025d4153f0157ee247c63b93f7a37e3b58ec56b0

SHA256
71179f513ed0a16ffeb933679548059c682545fd8fea35aa3ae1475c19e80913

SHA512
6216622c8b176074d08e850be9f6fcdb3b756b76d1b328587bb7d058f7e0a8e3dd2c9b07dd4231b116b6c6a0f9e08ab552c8766a6c01a5ebb3fdd1e37f906479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0c2944d6ab848c953d4edbd93b4512ce

SHA1
22ccf5f25ad336a1f1343bb7bcbc7d99013e9d82

SHA256
207ddb0119f90ef2595dc05701e7538b3f2bd4b9a5576d6e4eef0fe0556a5108

SHA512
a32b242235d8a3875249ae5e3ced8bdc631516352a2c49a05f80e4f2bf603715cf221e5d270150343934ffc8d5cc7c04a3e4a83a4e9492ca898f5a6d9e45677f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a6a95981ab732199c6625719b6e4bdb7

SHA1
a2cfaf7604ff2727d94187417d57180b101edd38

SHA256
c412713db1955bc11ff60b800ca50dfaabad2a69bf9a5953d1e956d056dc5fd9

SHA512
eba5d584b4053ee420af98bafa96c6295ef07a2ecf086fd32e15d161c00823a040ef4024c22887f95f0f9f8ed56b5f8586bdc26dc936bd38807c16ecc86b7932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a75b8e507880a367d85cf41c41f99b82

SHA1
821c5782a4da83ab6c6e8470386150cd60e8b25c

SHA256
a78821e30a4e025748966a2d72b6d9fc599d663945999fc6ad2d89a39139d3e4

SHA512
fd2c56ee4384c3e2c6141f310a1b8e6b5b48fe190919768cb426963ed2b0be159e2405c00c334d60bb1b6f02d86bd34652387dae34d555f4c892d9b7ec1071ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f6d6e6006a05c10497656ca480a5e376

SHA1
4fde50780073c2f805e75c5900cb3b11e3b05efb

SHA256
8efc03857e25d163793b4bead42c46e63526061124bff453730ccd9dccca27c0

SHA512
903839ff24771a13f1abab1448f687239d350154dc0dc1935c22b0a8f91a291a2b1a27030ab7f6b0847ce54158b3c93b190b1dc69de931ec4eed512bab4d4cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7199308da0a4296b904974f64467b516

SHA1
54cf207352a5f0cd81f924cf9b10a91988fa18d6

SHA256
aac332c3e5edb97259a46c811d64ee5d63d70c0719746380bc3c9207314267c1

SHA512
1e9745529e931d58420d00a1212f34a2ea214edaeaf0514ba630f207b7868a0a009ef287befc6995aee57938257e65d5a48276ffd4eba366e7cb3ea3ebc785ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7f101438419a0d1ba53e78e2af57fae7

SHA1
7334fd0e2fc9d3b80bf12ba9d28d899057b76867

SHA256
765e6ee650b6df99cfd816fac7a52013a56185b99668f279d7ebdda91319fbfc

SHA512
96758533bfac66dec183a18466f7ebd1c902fbf0ccad9797d8f75dd8e53270a4053cd5f4c6fe25ee24dcb2b0286084ce4b628374fdf45faa8ac753a3b6602bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f264f57b2eba53d4c334aa12169a0c0b

SHA1
79ee4bda13aa005f4cdc403c8919c509105c96ca

SHA256
2f9ffb2a7760ed813fddaf0bf227ec47cd042b1c7253cf897c51a493fbd4407e

SHA512
3c8266432490ddd68cbcbded80369ad939904ea8795700615752054904ada52c6acccf5f021489ca38e48f873f66226020ea57067a270e6a11e1cc0c423be46f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d22d0ef5f60d44246e080e6eb7cf925b

SHA1
0df8a40daee0e52e5f6837b0732e6c1c2e8c0ee2

SHA256
da87d530b56bb5781ce8546bdd435b1ab55129f818c518030f34eec67dda096e

SHA512
bcaf9fccf761fe154f87aef84aa76527ee233ca0fad428846106588f189dffdffceb48089978450c6b409c19c6c3b5e6756ee110728607bff1b3a4c6f458ab57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
05e359ae8b477e446d8a24627b17035c

SHA1
c3ff15f1da1ce60977676bb021e0f566120e9575

SHA256
cc490501b836e1f7213dd251be1edfca245a5557e783e4011823c914a72f1a1a

SHA512
7af1f36e18e3166977a22f1c685c87c26f50e7d106069b8d8e813d51254b252f53bd3f64ea9a88b55bca4cc005b4a3a03df27e0aef127e7bfac6402d133bab93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
00b14e05a2ff2705eb844132e9ec537e

SHA1
e6776448263a5e2337e7346ca56c0569b32d295c

SHA256
1f8f1b84577161310b6e067380215095567102fc78fe5b2c1965b8fc3479ceb4

SHA512
d31e6eaaa7008016e6b1e727d5e1342a3a2d523074db7fa8e657035570a2b2991720a769d48a9fcf573c06df3f5383d61e3c1c6fe85d47997c75149086934152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
26e63b6d39fb24fb03514b33f6d9ad35

SHA1
58748b2837d27150a405fd509f00bb0ed4a541f5

SHA256
a6148706ca983817ed6d05e51aec81d0bd04fe0571c1638a8873bf652ae17e2c

SHA512
075ebe41510c32ab7aaef1d0e78d8988cee1ca61959749005b4fe3459080f62bc011b12b1784b31de7a6deba7bbdfa97af02a33c2c52619d807470fe931e70dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
93ce11db8b66d1de495ccc449dbe37c7

SHA1
7a8cd0286803c4965b5c2fc9e801559ca7a5fb17

SHA256
a68a2b5b0c54beb92240ea48570b7e480820729f43bcbaa314d35609c9e0eb67

SHA512
b8eaa6f19af96e7e9b765a4b72e8c05a85052f61543b44c7cde7a09222ec97384276633b8f8f0a65da71e384e7d135d1d443e441c7c80a03c964af0020047318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
b8c6d0530ef37bb945b93126000018cb

SHA1
a05a342fb1b4624cc9fe9fd4343f3cc10eac15e0

SHA256
179024ad964dfc429bf902805f91987c469e98a1bc806da7973993597c2d2f26

SHA512
dd8074689c24148ca5dad711f3f2a4ca91f95223bd78282a45d2844b9d61a9a3e23102c347a374589c394b7bf0731d6e003d8ac60212e426967f589425ec157a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
7ba31860b74907150611e1c1aae5068b

SHA1
aae41b61da2aeb81a202994b224b76390ed4b8fa

SHA256
77f121ded11fe55e14afde75d6328aa99287348294c4b42be5e6b90dc963ba65

SHA512
83dfbd4a066d2917b66e9e3d5a5cee5f9bbdce37515bb77cc61bd6b64a56b627b3251b997cf8e38e2f858a6473b30f03270f3d9b2ffef536317f5c38de44d021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
411B

MD5
22dff439f2a33f459b668b83468eb7f3

SHA1
0bb3047a4f297acf3da7bb43f57b632d1c0df2c6

SHA256
eedf39cb75df76044a3bdbedfba03677fa672b9ca393901f56063dd8d55448f4

SHA512
12ad61aa7314c1d845029cf13c26b9b58fb9cd744f3df112681bc999d747275f40536b93bda0488f24544dbe53702c793c36e85c5f71a4f125197e75ce2bcfb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce43a6dd379b118a293e36ae74ca8e25

SHA1
71795bff90b266601d15d12f5bd655a33efb31b1

SHA256
306be5ba8a2d60bedc161c8045c837d14f2defd75c5f07a6982e7e0d913ca157

SHA512
2d1edd5f1aef14a0b04134336bafac72c8a32d40ee1949e1bacb33764b688ae532edce0a3c0b7543874edcd6eac359cb5d781b40b7069018705e32c3e6daf5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c29074be642da111360dfb4a51904301

SHA1
a26369b235889ee0993d2a8be70120f971df6a60

SHA256
969e4093a35ad5afbe05007be36b1f426acf3879beb24228d624b2024aa56a9e

SHA512
500b9c9ea5f3aaca0bb464f61840518df31756d9e2b571e7a795584212edff91cc9f7535777e9d7b699b67492e45618210379657c53ed017df765388ea1396c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52cc6f9d2f19c181824f87fc48945ced

SHA1
a38b7adcb5fcb1058277763993d5e0a78c3b5715

SHA256
ff77639400bc72e18b867aaf4804a5a984eba23d53ef454e221d00ed1c5777f3

SHA512
c0bd9ffcfd2c7285e4bea4648e6fbea5ea4c828eda5ea97e0d7a9865d07b8a213e3429fdfd8dde7b1a78854376a6347d81df3c4ece58edaa88bb2d218de0a2b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
89fcc6a60ac423149fbfc8c424874a36

SHA1
a0a457d7d787751632921018984dbb2674ce153e

SHA256
317467fc236a93657e4c5d204f90e2cb99c73eb9c87d27cd375b2b65414c26f8

SHA512
653fcdddff8cd4de6b77bc9d8a1550f9ae92ff2d3abda29c0815b99e23f6ff7188dd59f124f25ad7d1e9cdf0ae0053bae4ef29eba8f70ed7b463e16eceddd1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
75d609f59c5737873fbcd71b18c2f7ad

SHA1
e2375e7201f3136bb5ae1a00c7b7336a9a75cee8

SHA256
e9db1747c0b8649e4a0fa90667abeaaf35157275117a973669ab6f33474d33db

SHA512
aaa4910dd264886a13f63f8a0d9caa13fe87782ec9fcee001fb6e2c5d96e7def81ade52234f9d066df0cc5333a0e869f1fb8085937dad3f539f59e42a1ffac99

Download Submit
C:\Users\Admin\Desktop\CompareRevoke.mpp

Filesize
516KB

MD5
8e5a581ccb81cc6d48689b84ac2a5f03

SHA1
8cf9dcc58beccf63f1aad0c354e3e39ff30247d0

SHA256
5a5a89d03d9d668ace62e16c0f296a1d3b34352aa2b9b6700f6a6f7388f0e2c4

SHA512
730d57c59e900d3f56b66aa8069cccdc9d666e12e93691572a388e4d48cd7cd30838d02fe18d1b2862c5fc38cae0e52f06b0c94fed739f1649440d6d20fca62c

Download Submit
C:\Users\Admin\Desktop\CompleteUnlock.gif

Filesize
368KB

MD5
83c1367559cdc884925b74d0b3d29fdf

SHA1
437a48cba094ee7358a44f0c7a26c2e9d0bf0d65

SHA256
b75897a7937ebff76cb7b24fa97a57f7ed1ec56a80caf228acd4287cec2c159a

SHA512
1f1d60bb767c42f7549dabfa81b2b38a8923d22f17ce821669b854fcbcdf0d46e74f133f821e9beb432d39ee8273433b28f96a2399a235ea3b32f7a9cdbe9667

Download Submit
C:\Users\Admin\Desktop\ConnectOpen.M2TS

Filesize
869KB

MD5
39ef2fec773b290ee4583b4aa2f2d160

SHA1
544d09dbe4be3d142764e5560cf702f62d50044f

SHA256
7a0ff4f0b9ed46c93d9d70361721cefe5af26c1e921cf2c24faf54ecc62b025f

SHA512
1263c722196723a506db0d1bcf2158419458334dbd0c949214e8df01e8ca76ccf967775927bc62001885b3878dae55a64de6ca94953700b5004551ecf60d773a

Download Submit
C:\Users\Admin\Desktop\ConvertExit.mov

Filesize
575KB

MD5
920209d1e83fda907ca3f68cc3f0c2fe

SHA1
950ca65a65095545e49fa63d908076ac411edcbf

SHA256
5ad4a2ae16a83bef1a757e2194d93788b50d50b11b76f87f988a4f1f776035d5

SHA512
90bbd1b03407edf6466fec152ae48d78ad1939d4d68e3770946e1110e769d86eee8afe67ad850e78cc4120ac91467cc745779be07fcf64f98dd9fd8c5729928d

Download Submit
C:\Users\Admin\Desktop\ConvertFromApprove.dxf

Filesize
545KB

MD5
0306956344d462cf7058420984d7c4ae

SHA1
94dd6787ca054278be69ad6a22920889d8949dde

SHA256
c60bcb0e5d45d4b8801f4420e345191f1378d63af9b938f7b10a3563735a0770

SHA512
4584b1b417779a0999a15de8a720594ab1183ba60463b2899fe9945d522b19e7d2116650f8de102749ef1f18470fe0d44b927706b1c6e77d36d4a5539e1c8e66

Download Submit
C:\Users\Admin\Desktop\DebugExport.mov

Filesize
1.0MB

MD5
770c9efaa9408b7e1e23e2ebdbcf0719

SHA1
f7ad44781d9f1f18b2d375bb7479525c19a8baee

SHA256
6ada2088f8b437b799818f66d5cedea29c04ec9d7c4d5e1efa3f7e19d09827dd

SHA512
43a598a375a4595b64a1ca4f75747f2f5372a7dad652ca9ab3434027877c3dc90476641cbc84d1a955304ba1cc0f38cbc57ccb6bf3f8b10d5680e11e203a34a0

Download Submit
C:\Users\Admin\Desktop\DenyPublish.vbs

Filesize
722KB

MD5
f583b695be6c692f708a8d12a9a474a1

SHA1
9d406dda4b24edc3714d2aea0274bf955299db60

SHA256
9d4ce294774e9429785cde3ef88c66b48aa0887cf37e4a5157d90d845fa61b12

SHA512
ec9808e3b3d7355a003b6cbfec95f6fb6d69dcbc7c26d088a575af73e3b66358be86de0dcf891616cbf76a72fc8aa7b00a111b04aa8ac2f5e3507bcef0513f4f

Download Submit
C:\Users\Admin\Desktop\EnableLock.rmi

Filesize
958KB

MD5
f4fcdb76b77aaff353cfe0a249b15004

SHA1
05ab52fb37962aefd701fbf99d0f9bc5e7d70a04

SHA256
c84928cffe3cbdfdf5064a7aa892a093c72ce0ebc437795e15d42020d24ed5f1

SHA512
f8f6a5c2c6311d3259a8ecdf1d3bf97e34a1746770dd2714ad3fa045c03456ab043f3386a8cc00915ad4d6c1e0bc36fcb175d81a6c56eda6809437ba5e396230

Download Submit
C:\Users\Admin\Desktop\ExpandWatch.ps1xml

Filesize
899KB

MD5
f36c9de412dd465004936188165b70fb

SHA1
fd05c28f43feb114f75e985244fe7454869cf62c

SHA256
e26846473fda94205acf417dc25c2f24007a0838129f3f839728844ecc3b7702

SHA512
622b38e89c08c26b4a38f9e37bec3135936477304b289215e622cc67dbc0996060f56a008e35c7a5a47dfecf7b6e8b28386388dc210ac5cc0ae4d6c4462b738d

Download Submit
C:\Users\Admin\Desktop\GetTest.gif

Filesize
987KB

MD5
c205892eb612fc991c8907ad314679ce

SHA1
b89ab4439bf5df6670c2ccdf9c8a5b544386b6ab

SHA256
7d2f68ac447b8d1557695797d39b5d71e1bce0f7dba3711ffeff6c308adea942

SHA512
b08561125ac8efbc9dda30e5b4fd30c7168c06e027c4a8affa85744201862c78acb853ac5efb24ee1794726456049a9b70ba4853a208f89a49e87cf1e142bab5

Download Submit
C:\Users\Admin\Downloads\4ecc7dcd-9042-49fb-ba7f-ce20cca4a49d.tmp

Filesize
88KB

MD5
ddeb0e0d7cd38eafb32ec2111b68f8e5

SHA1
d0fe608fd3279337af9439e46f90532439f677cd

SHA256
91a3a32e3390a6310bcf5154efee3a88082d44ffd38f32c6a73b4b7e190a3e0f

SHA512
dc6b380326a38844c98cde8cbeefe12566f89fe9471c30ef1949befdace2d0a5bbd71e4212b14a914c1595835f9a14da1c50a4022ce3209660e0ad96a7ceb582

Download Submit
C:\Users\Admin\Downloads\AddUpdate.001

Filesize
918KB

MD5
b0d1df248342b817cc64ca337945d71b

SHA1
3c38b8226d8bd8abfa654329d710126370ef1e70

SHA256
301b220b767ae9506b2210ab5f5227f2aca1b1dd3a5bab7e394c98028c608644

SHA512
eb52d2c2c6b733559b63445bc07a093ef41d5417718c611b1549a304ca5b49fd9bec6c1e80799595bc89b89a2c8bb44a9c7fa2e3fc43ac992bdd8449b36bcdc4

Download Submit
C:\Users\Admin\Downloads\ApproveMount.mp4v

Filesize
615KB

MD5
4db79ae7cc5056dc265c3e119689794a

SHA1
99ae547038fd43a520250629c972c050ad9c96a5

SHA256
64dc291acf881092e7217afd6694f5c6dd6725aee6bbcb021adb22598ba2b256

SHA512
83f777d9c8a56732bf4d0c34fb9b9d4d5d31388728afdbd91c2c6bbe2395d8585a7f5e9df49387d652ecd967b0f1e37571d05debd7fd171d9ddbd782a180aa84

Download Submit
C:\Users\Admin\Downloads\BackupUnlock.rtf

Filesize
959KB

MD5
6afd876cf0cfa5718f8362599c3d8f2b

SHA1
eca202be435ed076331c39e922f2dba324aae9ad

SHA256
a8b0e16ef2e1101afe29e259a4d250ceb4ae4cf2bfd48d8b63ae9edd3217e442

SHA512
53cdd7d721f05971aa7549404f2fa8103933679a8a9add98a6627545056c2afd500b6919e737efe514f440029d5ad92b44bbaa97b6b6cf84c1482b159cd3f7fc

Download Submit
C:\Users\Admin\Downloads\CheckpointSend.mpeg

Filesize
757KB

MD5
fefb1a85f20e14edc0336a764139c4d3

SHA1
85fefc3cd304fc731419d675534bd8ae741729d6

SHA256
dd5fb1f6b75db48c33a28b7ee7fbad00f1dbecad8fb2bcf3d40ae213cb22f891

SHA512
dd379e6b0f6f3c95e6971207ecc8685cf47d5df84d0e2988ddb334f7f320715cde40168d7d5a42cde38c1c671886e6441d27952badee66d47049bfb0b1efbfde

Download Submit
C:\Users\Admin\Downloads\ConnectLimit.mid

Filesize
676KB

MD5
19c76ea41a8da8ed9bd7168cc971de8d

SHA1
c6d63e6ba4574923e001c6ef0292f0b134490436

SHA256
4218e654929394b36b441c1d311214c73a6c282c00a39c0abd8cad73e6e8a159

SHA512
3a305068c73e7b3a7a9885c9804ff4136bc30c071b13ef87236981251792cc9ea8fa8199dc2470fd00fada58a4d9ceb956bd4dee578f4291521436e32d4dfa5b

Download Submit
C:\Users\Admin\Downloads\DebugWrite.wdp

Filesize
858KB

MD5
99790d0da3a886734eb991fa5aca20f3

SHA1
ca947cb9041cc590a44f8a05c99976244c424a1c

SHA256
ed507c875e9346db2ef904d890c6af27065dcdfb02a23884a8869efd2fb969a2

SHA512
c33095fa2a5c414b9b3cb26fd19fc6535efe7b671d57a268a7079e0c35c1645f7796da628a4bdb5654824e48d67e45a6255806b506398bbb0ec7dd600e493455

Download Submit
C:\Users\Admin\Downloads\DenySave.xps

Filesize
595KB

MD5
e5d24dc45e5d71d42ad249c927b05ff5

SHA1
a151447a4c6c20d31f6f2fe87651cf0cdd55aa04

SHA256
1b66eb1a50b6dc5f43ea81f1cd6653975acf3d426385be2b2b9d4212cf117670

SHA512
c6d40f09727b8345e4293ca25f811ecc9fe1ce1cec160980d86c29ea1ff9a4189e7eead1597fe13000eac17972eec113f23202787fe3ea83b262cd8c41c470b4

Download Submit
C:\Users\Admin\Downloads\DisableExport.svg

Filesize
555KB

MD5
be2356da6e831dd7c8dedebfbeab128b

SHA1
439caa2fe313beccd645330f9230f2dca0c5b960

SHA256
0543614e166ec3fdf3368d489bad289038b29b5f7ffd13d1c7468eaa8f698d18

SHA512
ded5c058912a55dd701a573aae7981b003838da6a28ce3ca85390de7fedf17a76a40855e9432211b6b7878f983fd1c08fc0fa8b3aadd56b09226f9bcc0dbbb43

Download Submit
C:\Users\Admin\Downloads\DisconnectResolve.asf

Filesize
1.0MB

MD5
4a995b769715890f15bc99635083e02f

SHA1
2bcd8b9325ee288f1227de02e0eef82574687ee1

SHA256
7e6b4086b6ae42f4cfb8146f72044f8629d8e03e16e501c7e1489d2adb44f8b9

SHA512
c0ca29672f92ac0260d1bb68f0d0ef03e0e8f4ff87573ff6500b9442ac1eff5310b59aa2c38433277f6b4eb67b792c09a2a46edb694b6ccbd1086f893fce126d

Download Submit
C:\Users\Admin\Downloads\ExportDisable.wmv

Filesize
838KB

MD5
cadaf3258d0a667e2bf29b7208d69c39

SHA1
dd4cd977f457bee66b54b335fd8cc958d61a8f70

SHA256
35aab0a34383f5a06741718cd8144bdb0f3f3069d0b702784207e7f4e0ccbd78

SHA512
8eca8e012bbcba76f9c3b7bf3e515ba7f9e5e291890c29641acef6ce05c9d1466d3877a4aa6f5d529948ba560ce46efdae4cd1936201860a2ab8cb9f908af9e4

Download Submit
C:\Users\Admin\Downloads\ExportDismount.wmf

Filesize
898KB

MD5
f439ed5cc57b6fe9a107911bc712c2ad

SHA1
345a0fbc0b4764ef8b740270c506fd6960fe5899

SHA256
ed5ce74a71135fe53209875659dba10e6f8519362007cd12d0e0bc16e772bcc5

SHA512
f3a7f57839d5755fb08fcfce1b6b24e0c8d9a36310075f2361fac383655d82c5e776debbafbeb512d39b24b65074a2109ed3833544f425c6102e3f515e6897f5

Download Submit
C:\Users\Admin\Downloads\ExportShow.jpg

Filesize
737KB

MD5
c67df5e00b6fceb06bceb91cdc9709e0

SHA1
c9537577edde56795f10c73144356f2dc61a3d98

SHA256
9a1a6e6576f7ec24934c0728d2d301056a2fd7dbf007a23d83f8833fc0474777

SHA512
bfd80e0995e7543019df91a25b5e0ac69c7f2fc48881b9309eb0bd76945cab89b748f6e6bb2ba3d776a3e42a1f40c8c0244c7b827c5c0aec77a92630217a7aea

Download Submit
C:\Users\Admin\Downloads\GetRemove.zip

Filesize
494KB

MD5
bd559e5ff65ec27627c856b2129500e5

SHA1
acaeb806e2e881990549b374481bd0f1fed5e337

SHA256
43046cf4bd2e7fb9933b033496f46803387c40a9c05a5c02a71e843f2772831d

SHA512
56ad448a90eefbe61ed946945ac21bdad1816d49ecf47906c29f940cb580c200694e0c7f48c597f62f803651ae1793fea656ff72f6cea56477fb457c413216eb

Download Submit
C:\Users\Admin\Downloads\GrantResume.crw

Filesize
454KB

MD5
51b468e35d32edaeea6e47d87c385000

SHA1
cd35d75a2b6e1d47d7bf22bbad6f336604b384ef

SHA256
4b4aca13b2d6b852732e64404d93a8065cdd7ee982b6b5c7cf2429491c89db9e

SHA512
d1e29496a7ccf5d007f506ef2a7f7dd2d296a3cb0e80c357cf0956cc974ba3329b8e7e0fd54e567bd8fe2d66c1cc98fd48d06bf448b091aba595925ab69fcb2b

Download Submit
C:\Users\Admin\Downloads\ImportJoin.mp3

Filesize
939KB

MD5
7a6a87867d5009c9e394a30aadec65a2

SHA1
bd3e6963f17035cd26f04f6160da8d0e63f68127

SHA256
565beb7f702b9d5738655ad134b3da58528c6ae708c169632f39d3c3cde6544a

SHA512
de055e7e0d52db84c7a64567742b30fece8401152b2481274f1bd1589b526d3bb29ee55d50a67a63f8ee45d6d536c4b717649b16f8dba1a11cee68765bcee87a

Download Submit
C:\Users\Admin\Downloads\ImportReset.wmf

Filesize
474KB

MD5
dc8ef67de50b032466955151323db095

SHA1
71c9c2473fd45bfa2d24c9e5463a3ebce7a2ec62

SHA256
beba543b3bea49683ad527dc91769e33ee5d4320a2f0732fdd313aaf65b49d2b

SHA512
2d8cc3a33c0f37d1265b2e4686bda22e727bba0102e90faa7c5b2b50b8d6823293a0f3ccfc1547e64d8b7ea2e5a3650664ec0d203a51fb7d2b94a573f02fdb3b

Download Submit
C:\Users\Admin\Downloads\InitializeExit.midi

Filesize
373KB

MD5
ce4727d9cb0350e5f22e70550a766b1b

SHA1
b1d034e5c4a777db08176e38d729dccc8b59f306

SHA256
c6a0e482db9ab018ac28a56b3fe6f01780bc8f3dc8408a01e68e4f1c0b727d26

SHA512
2a19a66c5e574437e1818199266c64e0967aba8a8c31c97f000c1f5402d564b12cc8fbbf1c90ebc5b18a1fc60164bf69aadff18aff13f5b711344755157fa542

Download Submit
C:\Users\Admin\Downloads\LimitResolve.wmv

Filesize
514KB

MD5
94d3d06d4fcaeb2340f05b7a0180cf9c

SHA1
2d6dd46ddbec19c1d265dd2836245ee46549a5c4

SHA256
83d86f338f2513b9dd11805cfccce623fba193b7c7979d189e3cbedba0e58885

SHA512
bf01ad76d362b1e61067a493da1dd283292e33a49c661091668130784675a4c0453e99307fa7eb8d79e5bc42a056cff56344ac445b4d8b8f8be13af32eb50653

Download Submit
C:\Users\Admin\Downloads\MergePop.htm

Filesize
696KB

MD5
af7372d2a6b52db376034e295ae5a91b

SHA1
273a79424aec4617ed9595358744b141a4b69996

SHA256
22390dc82689cead025f01daaeedb6448e1464a70a3ade872003471d100c7649

SHA512
7bab3fa038daf65c1a59081fe449fdf6b7864e7477c34715ccb4cd4692a4051fcafad2eaa94ca3b9fd3b92a9221b8937e4b86d83f98a4f92f1d759012f2541d1

Download Submit
C:\Users\Admin\Downloads\MoveResize.jpg

Filesize
878KB

MD5
7a1c0db0411397d54b81d15a037495a9

SHA1
18715efafd951f092fcfc8b01f69a4a5ea97a7d3

SHA256
b8b32e54b8b7ef60404fcede8d68cf212a6e0e519b5a9114ab7fbd8b45f74922

SHA512
5ec521fb2320a5ccbc743f2a44307a35d3fb740a051168503d7476fcdba37227b28590f2b7eb57adce929428733fc69abbeabbb963823197765bc127f0c69d00

Download Submit
C:\Users\Admin\Downloads\OutOptimize.3g2

Filesize
535KB

MD5
25910a37e2fd4eeb2de0a8e19a61c741

SHA1
7b063f947658564a430f5e2a77972799e8e110fb

SHA256
eda07f73c5c23ef85999553a177fbe3b04c97bd44c69ad7a24f9bab81bec7cfb

SHA512
f28872144ab235fb1fbc0bb840296280f73d61542f841902760588fb4f4389ba251e923ed6ecf8f1bb9125a056544a412b2c048c29e8d67f205d42a2446f5afb

Download Submit
C:\Users\Admin\Downloads\PingExport.m4v

Filesize
656KB

MD5
fca1e63ade5045700b6c1d87526828c5

SHA1
bb23b8c9f6d3789c3e72497bff08e55c0f8704f1

SHA256
72219435c74e87487d928abd8b6f6f411ab51ebf8d5c2225d9b33b0e688ef625

SHA512
573ce1926de9fd429fe99ab768f5975500106e3bc31816a45676ce96ed1576f57536e50f8c37c97025750c81f9202d198b97606a7c0201397004aeccb0dfcafe

Download Submit
C:\Users\Admin\Downloads\PopRemove.dll

Filesize
575KB

MD5
d518fa73d03c51ffb6bf0eb3c264d91c

SHA1
e50cff7cc80eefb22b7f287ebc01c53f527e02e0

SHA256
1d514e0676007b0aa17906ccce0991dfaa74ec90666da4768103315abc9d85a5

SHA512
7cbdb4b462b281e98cc51188b2a68337e9554147fa1384a6e32e15336530cfa54febf584c2ba26186ef0c1dd2a6df5ee128fe74a20923c81f56b6e7e2f53bb4f

Download Submit
C:\Users\Admin\Downloads\ProtectExit.ogg

Filesize
999KB

MD5
e279a5fb8ec9ae0b3411449a8e13bd29

SHA1
8f3bf1a8130b8b351fbe76a97fb2e6f9e7a3b804

SHA256
ec19fbbd4496cb9a73e8cbb10ea4492807e3836228802994f96df81e1f660373

SHA512
164388155ec751b62840d4c307d5691061081b11e7dd8505e6faf85ddf0d46a48211b6720e0ba8d7571dfce15dc96f9bcf16f5803e34dc5ac921ea7f704cf8f6

Download Submit
C:\Users\Admin\Downloads\PushTrace.vstx

Filesize
716KB

MD5
75be37687c96de337f11a3e07f26fd47

SHA1
4f784dfb201c204fa2e473c7fb66d14cd8ab1f34

SHA256
e098f8394b0159cc4ec15cacc3dc081b155523bbe1ce285d301cbf6b3d670ed6

SHA512
065212321671b3f89b05f0e5e85533069aaddb20b9e9cf8a9c2196973482e0e7e32b3966bc5ae5a08d9a3453ca7478c099de50eea85a7af9434d748a52d464e5

Download Submit
C:\Users\Admin\Downloads\ReadPublish.potm

Filesize
393KB

MD5
53ba9833a0e2f767c22cc37be6bee0b6

SHA1
b651127a38bfb9ee5a56b5819003b1b6b2ed8005

SHA256
060c91747185befffd5d052e4d859dabc937ae7605b72a77265d2459ff40225a

SHA512
c231639ca01b33952e7baec71afb5db73e29c2561f0bd4d2489bd4a6c8c5255584697a81eb3d3f042bd4e834467b873aab53da8aea33d66da7e09ac3ee0a8f86

Download Submit
C:\Users\Admin\Downloads\RegisterConfirm.vsw

Filesize
636KB

MD5
d3a790e8fb4c782dacef571b2bf65d9f

SHA1
0028a68ce20a69c08150ee519c44e3cce93545f6

SHA256
ead651dd3ec565ba0bf27e85ec344c374ea9ab5da7ea3afacd9b01e3d6c7acaa

SHA512
cdda028049c9c8e5a9efc7f8500c47163710b3e2e9b9e8baa1a257cdc3e37050b35e92e83d5ed8ee15ce821c3340e6083fecded0d63deb3a357db2a8ec8317c3

Download Submit
C:\Users\Admin\Downloads\RegisterRead.svgz

Filesize
1.4MB

MD5
b680a34baa94abdd8adddc2e98b11c7a

SHA1
72d25c68f3922a8cf375e991087dc760f7685758

SHA256
bc152ceaf889eea97e0b27fbc62ac75082088f98845e08f04e501c1861c7d7dd

SHA512
fa5f0dc88783faf6300f46af21b9d1121ed80d4b2d021c6d7e31aacd99c8cae83fdc1939f9d50d359e2a5c1b30935cbc4e0fdde5ae7ccaca2525b2e0ee17c09c

Download Submit
C:\Users\Admin\Downloads\RenameSkip.wav

Filesize
1.0MB

MD5
6a04620a4b73fa08bf2c2b6b03d5c0e9

SHA1
345695647230e3695c5d0cbea1b527109ae632b3

SHA256
3561c474839514e1b7dbf773821ce000f30685177e8a59be7c65821788d13977

SHA512
a3b12fab887dfb22afc1476c83bac635e06849e3ccc729b6d79844c7fdb2fc4e788cf7ff8fecec05c43e63ad8f041ccff8ae41f8c2ce3acf8e96221390a95ad9

Download Submit
C:\Users\Admin\Downloads\RepairEnable.xlsx

Filesize
777KB

MD5
6b304e564b4dae8fa657f6f29d421626

SHA1
05f42fc5447c923ed0a4c8456335dcdff812957a

SHA256
7a3bb6329d38f85c31ebf34f65821bfe64fa23bd9f5312ce875d413b3c4d6c77

SHA512
e641269351464ff003dafbdea17d08f5327cfd128e0e7d228159ed00cf371dfda24480dc4cf43756fbf7247253cf7e00a774333fe99a051b68f00d435baed106

Download Submit
C:\Users\Admin\Downloads\RequestStart.xht

Filesize
797KB

MD5
8a25ba58fe2b4add49018008e0f7c367

SHA1
583394f6c253766815b85018bc2306001f4db055

SHA256
9df72db5cd130cb9b0879e44e46d1634684d40432cc7c178fbceeaa7e9bcd9ba

SHA512
ef466b4674c24bd7b54399a4193e2e2e28b854a93093b8a461bd9cbdcbebd0cb9c2aff57732a66838098a5132dc0a1dccad15c2e239f5be707be0b3691be8c73

Download Submit
C:\Users\Admin\Downloads\RevokeResolve.mpeg

Filesize
1.1MB

MD5
95d1cf86548632cfb9b19a3418fc964a

SHA1
e94e51951135dcece753fccc77217fe3986ef7a7

SHA256
9f6a6d1b7bd6f2ff6957861f59fd72bcb31c3e0553867c3c3ccd0e93640ecec1

SHA512
7892086c486d0f3c218a9f05a3a246dd77e85e81cba9c7504aca1e5c04d5e2b44040715b0421bd7a4f48a0d121784300219d8a305dec9981865f1e8852170809

Download Submit
C:\Users\Admin\Downloads\SelectMeasure.TS

Filesize
434KB

MD5
ee443da41954dfce4ebeb9ce52ba7f01

SHA1
992ed6c176cc475d6747a3bda87077dc9c021f72

SHA256
9fba32fe0683242a524c5f36ae2e7fa7cf8b5e3707f30a53eece48992f7f7dfd

SHA512
7e766239b02ba7b299dd98ad849106ff401f8218b8428f17fb9238f640ebf0fda81db55bc9f987b728faa9a895b012185ee4124f6241f606c90af54d2a721573

Download Submit
C:\Users\Admin\Downloads\SuspendImport.AAC

Filesize
817KB

MD5
903d4d55c37fe523a4c72745882e5d61

SHA1
ea41429c40a9969a94b9bcd0692b4d4625018b33

SHA256
32fb008b70cae838282f480b249458e328b848b68d1fca3b21f000aca3531211

SHA512
41745873ca97cda9e209973a489d51464f83ec68acc7b3082d1421e2e948f2d966f949d3b60ec67be0d7ec43726736fc436748a420088b3250bba3c7f85bba55

Download Submit
C:\Users\Admin\Downloads\TestReset.vsw

Filesize
1019KB

MD5
8e4f77a57660f5aaf281e906121720a3

SHA1
cc1c22fca0a499eaa18f43af313a1db0e2648517

SHA256
3a74143d327728680db9f150290c65d2e722ec8aed8b9ee84f7cb7539b0f9a7c

SHA512
f2dbc3d4d52e69e4e279532d89f58cc8a760de25af5f6c5947ae53d5247d0136f457b85091989899d3605ef37df5a1a617c72174937e7a6eb8399e654c1e8478

Download Submit
C:\Users\Admin\Downloads\UnblockApprove.mpg

Filesize
414KB

MD5
2bdf8c219704783cacf366672a9bed4f

SHA1
aa8036784225166626fef16f0382fbdb7aaa6da8

SHA256
08cb8641097cda9309f579aee27e7186b4f6a216f0e899f6e62d609b434d3511

SHA512
a540100155f23a970929fd53b2f698c26266c07005859693b932768918ec491344f78ad91abc1d60cb91600530a17ce586b946687875534c2b0e2497fcea5ebf

Download Submit
C:\Users\Admin\Downloads\UndoRequest.hta

Filesize
979KB

MD5
47a134584eee65b33ea324908825dddf

SHA1
670cec1daad80c9d37c9c23cbb5bc987ba21dacf

SHA256
44b3e1be4881c09ee3a5680c9649deedb009febb42ebde7f1f6028e738a64ca3

SHA512
906b1b5d078f521301df5240612ecf9ec665b988de7e23cb6d5673f0729712555d2a80dd38c31efc63971b2b572f8fed843a88abc82f4fe6ee983d4763c1ab14

Download Submit
C:\Users\Admin\Downloads\release.zip.crdownload

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
memory/388-780-0x000001A88D830000-0x000001A88D848000-memory.dmp

Filesize
96KB

Download
memory/1144-842-0x000001E6A9F70000-0x000001E6A9F71000-memory.dmp

Filesize
4KB

Download
memory/1144-847-0x000001E6A9F70000-0x000001E6A9F71000-memory.dmp

Filesize
4KB

Download
memory/1144-843-0x000001E6A9F70000-0x000001E6A9F71000-memory.dmp

Filesize
4KB

Download
memory/1144-844-0x000001E6A9F70000-0x000001E6A9F71000-memory.dmp

Filesize
4KB

Download
memory/1144-838-0x000001E6A9F70000-0x000001E6A9F71000-memory.dmp

Filesize
4KB

Download
memory/1144-837-0x000001E6A9F70000-0x000001E6A9F71000-memory.dmp

Filesize
4KB

Download
memory/1144-836-0x000001E6A9F70000-0x000001E6A9F71000-memory.dmp

Filesize
4KB

Download
memory/1144-845-0x000001E6A9F70000-0x000001E6A9F71000-memory.dmp

Filesize
4KB

Download
memory/1144-848-0x000001E6A9F70000-0x000001E6A9F71000-memory.dmp

Filesize
4KB

Download
memory/1144-846-0x000001E6A9F70000-0x000001E6A9F71000-memory.dmp

Filesize
4KB

Download
memory/2084-766-0x0000000000A60000-0x0000000000B82000-memory.dmp

Filesize
1.1MB

Download
memory/2084-658-0x0000000004C90000-0x0000000004C9A000-memory.dmp

Filesize
40KB

Download
memory/2084-657-0x0000000004BD0000-0x0000000004C62000-memory.dmp

Filesize
584KB

Download
memory/2084-656-0x0000000005270000-0x0000000005814000-memory.dmp

Filesize
5.6MB

Download
memory/2084-655-0x00000000001F0000-0x00000000001F8000-memory.dmp

Filesize
32KB

Download
memory/5320-779-0x000001F53CC40000-0x000001F53D168000-memory.dmp

Filesize
5.2MB

Download
memory/5320-777-0x000001F521C90000-0x000001F521CA8000-memory.dmp

Filesize
96KB

Download
memory/5320-778-0x000001F53C440000-0x000001F53C602000-memory.dmp

Filesize
1.8MB

Download