hxxps://drive[.]google[.]com/file/d/1zm5iKgnxeM4uIsVL7HFsEm-ZmPSM2IvB/view

Analysis

max time kernel
452s
max time network
443s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1zm5iKgnxeM4uIsVL7HFsEm-ZmPSM2IvB/view

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 4 IoCs

pid	Process
3332	7z2408-x64.exe
1812	7zFM.exe
1940	Raft.exe
1964	Raft.exe

Loads dropped DLL 8 IoCs

pid	Process
3468	Process not Found
1812	7zFM.exe
1940	Raft.exe
1940	Raft.exe
1940	Raft.exe
1964	Raft.exe
1964	Raft.exe
1964	Raft.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	drive.google.com
15	drive.google.com

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
2300	GameBarPresenceWriter.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751443593801551"	chrome.exe

Modifies registry class 21 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2416	chrome.exe
2416	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1812	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeCreatePagefilePrivilege	2416	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3332	7z2408-x64.exe
1032	OpenWith.exe
3700	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 1908	2416	chrome.exe	85
PID 2416 wrote to memory of 1908	2416	chrome.exe	85
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 536	2416	chrome.exe	86
PID 2416 wrote to memory of 4172	2416	chrome.exe	87
PID 2416 wrote to memory of 4172	2416	chrome.exe	87
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88
PID 2416 wrote to memory of 1336	2416	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1zm5iKgnxeM4uIsVL7HFsEm-ZmPSM2IvB/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff963edcc40,0x7ff963edcc4c,0x7ff963edcc58
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4244,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4628,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4632,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4668,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5132,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3380,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3796 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4700,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3796 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5420,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1020,i,15495789022505893285,2116268608322047759,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:1684
- C:\Users\Admin\Downloads\7z2408-x64.exe
  "C:\Users\Admin\Downloads\7z2408-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3332

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1316

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Raft.v1.09-OFME.rar"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1812

C:\Users\Admin\Desktop\Raft\Raft.exe
"C:\Users\Admin\Desktop\Raft\Raft.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1940

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:2300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
PID:2680

C:\Users\Admin\Desktop\Raft\Raft.exe
"C:\Users\Admin\Desktop\Raft\Raft.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1964

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
d346530e648e15887ae88ea34c82efc9

SHA1
5644d95910852e50a4b42375bddfef05f6b3490f

SHA256
f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902

SHA512
62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
1143c4905bba16d8cc02c6ba8f37f365

SHA1
db38ac221275acd087cf87ebad393ef7f6e04656

SHA256
e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812

SHA512
b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
963KB

MD5
004d7851f74f86704152ecaaa147f0ce

SHA1
45a9765c26eb0b1372cb711120d90b5f111123b3

SHA256
028cf2158df45889e9a565c9ce3c6648fb05c286b97f39c33317163e35d6f6be

SHA512
16ebda34803977a324f5592f947b32f5bb2362dd520dc2e97088d12729024498ddfa6800694d37f2e6e5c6fc8d4c6f603414f0c033df9288efc66a2c39b5ec29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
945057d44521817a65c554cdeca4286d

SHA1
59412e1cbed9995a6fb580d0d3c0defa9acdf3dd

SHA256
3b6c8f371f5314d9c8fe799d398242758f67a63249139b74a40ace71a2333c68

SHA512
a6a29d40852b4df5a7155a23545bc76276a34832cb349b6a49c44eaa990010a41a94b22a02304a9e905382328e4d7e8e5d54606e7a3b05f153661a48d109ffed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
a757d2d984d8e8acb7627dd195e64826

SHA1
63a68a788a7d5f581c87c85248e410c9557d3cd5

SHA256
55c6b6fb401d9ee71a6dea82ab90cca5f29565b2a06a1d2254aaa0bd98e1fb56

SHA512
69f83338ef8f97128841d5406188db2aff7ab280f14c82aa851f025d7f608b1966bd30342f254a6232727a7c3966aa486a7f28d5b005b155a6e272dc0f13121e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
cffe5cbd6f97695ae11e9489977ad694

SHA1
f138eddd6235eef7cb5ce0b88f4c11acb5b99253

SHA256
1870df05c38c778e5220db5831b5afeecdbf4396225d6113e93fa99ceea118b8

SHA512
536ae015f6ff9e93f1416b7c4e385e759dfbf473d9ae1efcdcf4cb3244beaf467a590d66bd813ef34c11889da80a1b10f4c1bb45dcd58eb864c71ad1da6c8564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
aaf84b12cf4091b96b55293d30299772

SHA1
1b60b2463ca302e0cc311d3f999f0c8c0b70a1bb

SHA256
7d5a9b69ad09078a78f717f489da14b3be229479031f6ee8e63b9d8f6586efab

SHA512
8509fb24e78cbe2f17655d1381df7cbd0df50c907d46972361520ead4ea58cfe133884c4815475cd107e735165f18ce9d27130771a404493c52bbaf43d0a1fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
190f0e8ea692f8052e20ec3b01c9b445

SHA1
2232d3439f2f95f6c3ea9dc458b6b4a592bf8d2a

SHA256
042e33dd16cc8b0a3c86efa21036b38247b864a1d2d7c86b3dd1e2550b9ba401

SHA512
cec7acd577359a18dc10d57bff50a014024fbd0ce0e2b8abed9e9ccf0bc1d7dc1ac2014046aa53cb8fe4624095cae792e301f636a48fcff4b27098c81d65e655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
05e02f8b2ba92809c118078566080067

SHA1
6fbef6c9df08f5fc6783b7b87569cfacbc26c168

SHA256
359c833b7adcc362acf5e887806031c927763d2575e9c3687452f946ff9b4d57

SHA512
5957a6d2151bbd67a0ac371722f5ef1ce65b8a8599dff927d0659c01816f7bac6af8b15a6d58b5b3429aebe85888fb2952996695dcb678ba646e833ef458efd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c1ef8e81d44ca31ecc55cfed27804409

SHA1
c5621e6f5e2be647540ff31e57297f97e6e42ab5

SHA256
59dd5bc7548a66877e2064571d4d404c8f5592f95de216d17aa65919fde48e67

SHA512
7eb06fb095334d5746aab66c03b90ffe58628cb9f78b9256430e25d6305aae1b49e6f6f856268176526b7a4f518667f6ad7964a9235e9c25ea8010623d0b14be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bff0dc9fa1d45ed56d73b2a3eb0a3043

SHA1
48f20cfc630a9361db624f8bfbe515c60ca4ebcd

SHA256
7e19f8c522352c7ce1588f5dcc431d82c00080ca9ff8cbcd7461f263e2a6ec47

SHA512
8568d024c64c174619d2250a2c458baf0d830a49432d089c9fd098f3a640cb4cef45898e88f475a66b5b7032548484a63f643f4dbd786edfa9f36aab45b34b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6c98cd2fda19b350ac5aaeb613ce2088

SHA1
9bb5b22fda01548238b74131c00bea3cdac11b8c

SHA256
feaeede312b4c38826561dc8e61425b74e732d01b09adddba6f07eba2906b59a

SHA512
6cb0544379a2712e5d272189579667b2ac6551294e6cb68906cb417a0c7bd496ecb2a4cadb37e31ba2211745a013d8063b27166b58c2d98530aff090b34d1f57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
49a958178268dcc2ebfc4704c1392d95

SHA1
0f48f45acb1f0d55315eebc026478097ebd8c0c8

SHA256
b677d7fbf7e915d3d1016434d91e7d6ce85ecfe9ad8de9ebf81be6d85b3a5961

SHA512
f6e88f3a7d3624bf750f437a4376c0ac9822e297211c3cb0c027656998f7769e37513ca7480b53f84d2642a009e78d5f431640b554506eb4966f76b28efff6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
76f25202af567e1758126e2930c311ef

SHA1
bff5327f84cc66c5807d195ade8ec48fdc4ee227

SHA256
986c6f1ea1cf98a67a551f25f6673cd159dca049788cebc6bed0e00b92740fb3

SHA512
4cac10f9ec40026f7fa9580821dfb164e92c68688fb998df4e99f908ba0e214f932c3810aa731eaeae9da52fdf2a1b6be6983b4cbf3c091f1140f7b25bf0d4c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
55894126e73b88d22c2fcebd238e370e

SHA1
57e553b55fdf8e1c1b1316f4155e138b1e3e9bcf

SHA256
f1607172c705f5ff3393797bbbae711afed151bb9acced4b9eca2cba00d8ba64

SHA512
be7c20e08472ed8cf6e3a6b819744355d5483b5b39864e475f289de1a4f2cf21f143cdd99ae0692d8aee8989158068437168055cf646dac477f9da298975c8ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a8d70dda3f7c09da29e6fe2fee8d0e82

SHA1
939aa163740f71201d1ffcbab6c891fb9b4bc8b5

SHA256
4b8a7385d9d5f3e9bc501406838d69800bbfbc7d8afa854d435eb53dfaa6da93

SHA512
4841115a17306378a3c64c5033182f2dff8d5e63f89cae81c5ef9b1b859a29ce56c217bdc04a90f3f2978c5706aad34211359c3a2ba19400ab1f9b65ed19177e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
359207482022f05e803838eb9547d7b5

SHA1
4e9ed417365f73eb7fa29a6dd417c15c21e411d5

SHA256
6aa8e07f6eaa6338a213e22390bfd3d8375f00b3eb303af5e32c98c11656a5f2

SHA512
0401127d71ce54a989534baed3bbd2a65467ce5d18a98f6142e00f46f52ce6d975279f7f969c70127006be036b198c643e83747876580443a81cb88ca225c423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1da9cac12af9a8cf07dd5d9af57a7944

SHA1
08588bff51343de0d5504a9d39d53851d8b48798

SHA256
b2febfd3e66302a0135718a54bf0535302e6e4717b5341eececdc8c2ab1c8b6c

SHA512
3cd49f47ff63ca3b3c6afd921a51d71dc25779a30b60a268228b3c8e53026f9bebcb6ce0c8d5f8373d739b0fe348ac7a451705022dba494d442f627a10d9baeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6ee60a1d83325843fab6ea8ce3e0ac23

SHA1
865f8be555829a070d048378b18e4a6feb53d250

SHA256
c6dad8f6617ab6ff1d161f7f5bd6caed37d7672add145d38cc3d47dd80ff6d47

SHA512
d16b7d80959a40966fa154aebe67648d6f38b8fd0f04be380e30a0429755190e098d5088ea33182e660c92409aecd477d63ff73bf5251b0a120f0805cf97052e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9aa7f8a9424718499e27760a6e0d6cb6

SHA1
2b3944b1bdef9765fe8b45c2d22e6e96eb028ee0

SHA256
04c405f5ea98e022dc7659f236bd2ce273e4aae47c08e00a4d3caa4d210451c1

SHA512
18386735e3f1c1a6096121d4eb072b70e3c7b95e9c6d8d86a415cb99b123712f840c4ef8e86bc07137987a57bc15d707172a4e1f15099cb595d6b26e47d81abd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6efdaa3a2d0a354122c07a0702d359c2

SHA1
6e69a40f2e7ad0d4bc0a2589ee8271d324e01713

SHA256
f9bce1011c013e016eaa174034fd1293683e72b1056a38eeb19a8917adb5b271

SHA512
bba1857ebed2dc240fd09577ecb8fcbbe51b75a957903078291556f93150c1052f00ec9bc8a16a3eb952974ba4080fc2fd17d02dc48066bf6f2121e4c508e91f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9ea235a9e98d8cf15b9e3432ae50eaff

SHA1
9b808f7b3c16695216b700a469312929cccfd9e0

SHA256
6d5651f16027075e017cdb82a2dd0cdd101834ddd9dda5b4f4b7fe1fc39c01a2

SHA512
e7598958bceff2a5f8fdde02ac0ae9143808fc07426d80939185e50809797f9e14d2b9804234472086c706466c4f19de59d12b5cadffa0741d9be959835a5b4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a7630ab26e81f505ab1863ad4753c2fe

SHA1
ae404874254a30bce30a4c4ba12c041573852a30

SHA256
68277ec6b6a4eb6f614ab4dd7b0c1b1db88f3d1829d03f0650c21ef8bbf00c5f

SHA512
54f3b0a47cfcaf1160be1c245613dec558d5fb1ed55fe8fa24157100d47c3104976d1d3b359a081238043534d8ab2a30937263464784ae6ffa96375306963724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
50dfa8edc92a6f24cdc8ee39d42e3289

SHA1
ba62065abdc6591e0ad443670527f8ac26d3152a

SHA256
a35a1799e80d95f165e71c1620871868bcfebe9e46b1893db7bbbe6090b70216

SHA512
65d626969687c40fd7a0352f8d27d7df9d8b6e96a6d7687cf8706f4b6f13ba9e58c2e5db4b09050b13612c5054ef918ba4dc90bf524d8f18557a993f8b096816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5859b94ffa01312933bb4f59cd3b11c4

SHA1
c4158d1b0e4fe4597cfb25ccc2a350a0755d5ab5

SHA256
8743b78bf4c2e7fdb16d8ec4f6805f423db94f246966df4e42e6d1ef7a624bb9

SHA512
94d36e9be6e03364d08a724b4b9ae83fed6c5f15dfa0579e330dee3ba9c15095e36c689d157cd4959a26f72824188234724d7bc2e343aab083fe383c8cbb93d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ff6863f218d55c32886238c0fee82934

SHA1
c30909cb026807d502299441a1cd59550baa0405

SHA256
1dd11bc80a6e505ec5364166259fcc261824cf672ace85c67a2296ccddedf4d9

SHA512
6452598fbd9bc70386a4663f4d8bc140b80c766754d60e1ff61f077c6ba4e2debc4ff0634c0fc911ceda294103ab1f00c9a52da5071e49b1d1c16c48b23369e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c1f698ecdc9d910992bac42d01ab8781

SHA1
fc250e647c553c658581e5627f96a3654000a60f

SHA256
a759b20a607824303acc0f1e58b5174408aecae0f7937c7ba9de4f833a3b4a77

SHA512
6c7477e336ab7a1bdc61f561d701eb718ad47d20eb5b2fb00be965f2fc55815e252496e12481e5b03e44023dadbf406f7f2c6987c6c372435cdd0397b46fd58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
50de5efa29ad553fe3956a6cb50e9bca

SHA1
fac08fa45849fb50145e0a4b084f3b4bcb1d7d07

SHA256
504ecbf22915c655a6b17d2c37b81f33733f5e3c4d53b3c7f3c43ad30cc1909d

SHA512
2e43536014defdb29868606db52c94565b0614a6f3c3c9b7947c7f954eb4effeaf2119d26fe333d02e5d04a52c640ee2f3f9e2dc5e8cde63c70d8a313c5ecab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d87735e3f0486240173baf279892de70

SHA1
d9a3914ced26d0c69100724a13121ec29f302057

SHA256
2aa66fa71b84f6b4b3f67d577517cd5f4e1399ade64fe7ab6d3eaec441fe0c08

SHA512
6e96d0c77b2ee80e7e96039a49d3da0a4282412d31789c0875fdb3c613e1d4abcdf080ceb69338d6f1f10f892385497e87c7a6f5c022a0e941d2578afa26aa17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3f02f28ff5d13e16d8ec99577e5b0762

SHA1
54d54a6dc46c584c39a56e38a5871632b78885ce

SHA256
69822a78c0ef0cf085b39c09cdfc9b562a22a9c905119845cac10eaf917f72b3

SHA512
6223d55639b28ca6b10b1e4452ebb2d4ac806f88078f26beb8a85d9865a57764118915c3b4478d683048bf09fe1d6ff9aa8b6774f6ab78a41efac8c117be0b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
288fec27ab4f4e0999b59c47b8f7f7f3

SHA1
4c4b10372b7201c0af3f61e50a02b02b12f11863

SHA256
9037f5b58aae10b7c51fea8c3d5b866f36cdbff5c436e436e43716cf24c13588

SHA512
491753f4f5917649fa167484120c8fd8112c86e81ed71da0117a146a342beb867213916b8f3dc38dea0f31ce4de057c6a5d0ea91223a161fcdd7252bd789e8f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a48496a7289c364c00ca1a6daf97413d

SHA1
7499fda955942c69f706c613613e0a32df07477f

SHA256
03fe6085d0ffd926999d3a78d25ab6b4262ac81d8d28fa5e57c152618325fe86

SHA512
112d70688ac5b7c0b5f21c5ff658fa3bf3c5feb48f84635c09776738a45583c7cbbbcfbf4379e17304019f06ed15208edc42a9c819ac1df51416fff862ec09b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d60f9ce4892ddbc7c1c49fdf7b5abefa

SHA1
daf66f01f0c3d80d49266c20c9ca51b8185fef7d

SHA256
16d8294ce8e6af5e17f03edd85db75005a9dca523c700d4237dfc64c09b6f684

SHA512
6bd2187f4ede1cebf466d145f09946bda310e39a5e5d374064c32c16a38379a4549005b12b3a89e068097d8b489014ae195c31e3129ef37b9c8212ea7c16b633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7946bf70124159a945ee41000d7c03cd

SHA1
39077958416bf096d5777df5831c2d29ef6508e8

SHA256
67e638e9144303390b1f0c2fa7fc6f7706d5ed90e9a2dbb96ebd46140e798626

SHA512
4ee54b484d5d2b92d3ab0dfc183fd3d1f799a44b21f38dbc126a9a6e21f528daa1eabaf64c15885d7999a2a2ca5cec961b1a772c02cdb835f5de8a6f8a476a90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1049d3cc685907500d8ab56bd5faea67

SHA1
b4fb554a390d2fb272133197a8f9e4d0b710ab65

SHA256
103eb9965eeb1641b93f4404e1fab7e672e7eedbb357e920f7f99ac092f40bcd

SHA512
82ffea86c188af82b3a5a417824e4f5e788c827c5914b5ccf038bf7138c2af63e73fbafa269d984010598b0ac14179ae4f614c4e04162c4414fc1e2cc1c961dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5bf23f8244d5519568d764239b0f097f

SHA1
eb2e80617d3695099f2980377405a7cb324e68b1

SHA256
998da3fe4080f23a704353c053c5c5d4d510902a683fe7e63ae1f6c18a4e3eb3

SHA512
9b5512a0d088cb0e34cd78aea7b8e2a9e6f41707f78c6bec95ad6bd4303a3d2828cfc97724ccc029f313cafbdd360e0dc0e287e8680c678307ee1e985ea33bcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f6c395752cb8f85e5d75655258bc30b2

SHA1
2e6a5789b03822936594761ba7d038e6d6106252

SHA256
f8f2da8e4f260ca912551c8ac07c8a35f576172bad13e96b481f32e6ace86131

SHA512
00d5cda9a3b467d7a2609e2dbe746bb751679fee70eb46cac5166d1bf772cd2e7c463d51c4521d9fa332fbddc25dfaa4d923569c5e774995d854473be738111e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0a29107ec3b7ca1bf5dff1f7f8f8575f

SHA1
10a3fd9af3f0e0e196a4a44c9f2a7526e2b487d5

SHA256
117e0e78ebc73c9a1045bed6b5eb3c1a2e96e04878b565c32acecb0a8c63969d

SHA512
9e7ba75654f73f0365d042ed62ee098eefdca0e6daa8fce9abb231b080a329c647b0c4a9e7bb85f7bf4ba7b3749541c272cf36462fd991fccad52b410f6617e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ae642c6714fa0fafdd9f146a47c17302

SHA1
1e3bb999ed10d64e7a6d7dd108b5c5f2859bb931

SHA256
8feef14fc55a60c6c079a92d26720bf588d6a6224b121271b59c0d6db74a8c2c

SHA512
ee2176e9211aaf3a67739fc7ca62ac9ac8104b66b8138b7bae0f9a8d1c8802f10764053c31db1fc9046bf1caa1a4d9af52c79d5610d83dd0c8cec27b6ecca180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a6f40ee63ee9ac62ddd0d83e804ca8d5

SHA1
631169c0376a9a377f8886a295e35777159bd224

SHA256
aeac7d6d6ac49af9a258ca19f07620f3e37f130891cb01ca5fc199aca9c7d644

SHA512
7c35082649cb3143adfb8bc43a97d69a09a86aa75752e8487c895c1e64f42977871bca6b5d207b43d9720273c715b3a8a454627179e1867fcc2a5ccf472a48e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0ab7ce424b8010e38db8891710b2f4fc

SHA1
f67c5fbb29af45eb6fe4479c0e8bd433059a518b

SHA256
72e9ad25891dbaaa88d46e39c2b10934a49da9a159b178daa524265803777529

SHA512
06c58f73d8fd9d89eecfa0dad6a483f06edb4eb9ae6b30136f408c544178afe0c2b8694579180245aebab4c779f6e4cc8d77b783547b542ee97cecd8a3f1f1f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE41727E8D\Raft\MonoBleedingEdge\etc\mono\4.5\Browsers\Compat.browser

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE41727E8D\Raft\MonoBleedingEdge\etc\mono\4.5\DefaultWsdlHelpGenerator.aspx

Filesize
59KB

MD5
f7be9f1841ff92f9d4040aed832e0c79

SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae

SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

Download Submit
C:\Users\Admin\Desktop\Raft\Raft.exe

Filesize
837KB

MD5
16d64ca4f6f1b8e773550390bf97fbb5

SHA1
8f196dcd7f45edeb9993d97f1395a92744e32ce7

SHA256
5438c19007ad96da0a969c0c0caaf00aa06375f1a6e85073f91a1392af94d059

SHA512
4d500528c1f6366b3732a94466dc72f0151b278116500ca0a0bba28185afc3dda75e9a26a1c152900b93a34ada3f69b74656e9559ee15493dce11d3b439e4c13

Download Submit
C:\Users\Admin\Desktop\Raft\SteamOverlay64.dll

Filesize
96KB

MD5
549eb651023fa847d2212bebe29c6f9e

SHA1
f70fbe8f46cbd90c185eac2a2df843e2c3405a8f

SHA256
9edeba9df599d65fb378d4bcbe16e9ac2ea3b7850491e662e8ddaf6f1d74849e

SHA512
9e249b8d589c52857362b0611c265c21d1f715749e6b7a75e112d28aec89975655a8ef62ad1de812fadd39a48f0e01cc8eef9e33bbb5e30da827020c77247c68

Download Submit
C:\Users\Admin\Desktop\Raft\UnityPlayer.dll

Filesize
24.6MB

MD5
41c1832d3047728afae30d9792583819

SHA1
c828c6b4477211257274a11bbaaab72125e58efd

SHA256
6664527f187e6801be9e51b858adaf5c7a4bae707a0313890920c0f5a54f994d

SHA512
b3588435a62a7347af82d7c390db5d98015cb1f515d0dfed192fe44a492a4bb9143532863413c4709dd9cb3c5cc14a8a8c60872d589ad51f7773f17a3b15e05d

Download Submit
C:\Users\Admin\Desktop\Raft\dlllist.txt

Filesize
50B

MD5
38d4ded5cb7d2c53910dd42efb201589

SHA1
dd7c18fe1f4455797dbc31ae8d1b4e9c7dd1dbfb

SHA256
0f081ce53989c584ed9aed97003e3626ff946837b0020b7f61ab9443d0b4fc1a

SHA512
d466cd4a31e5d189b09b9dc3c8cdb76748dfe5decc1040d9df7781779019af2ca9da4026450c293d83beb2d1864ff8d6607237d734ed7c263295fe7b25b25e16

Download Submit
C:\Users\Admin\Desktop\Raft\winmm.dll

Filesize
257KB

MD5
c5bf99bc699a12c89783ec83c42a36c7

SHA1
acd45b08796a4932ae7ad3989c571993ebcf0352

SHA256
54a6ece54641ee6e437caa351e493ddf4435f3e23e3d4ab4655c35f57b94fc59

SHA512
2d86cf49181d66e2747dd6f8ada8eb0646b4a9767d4dc2ad5dfeed5c9737543693855a43c6c4e19334bad6116157caa0344518d2ca803ec0882ea630d9d32ebf

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 927602.crdownload

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit