49ff1677507112b6bb15c3d91ff30fbb8caaa728e4806c0b566d691addf27ead

Analysis

max time kernel
126s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CosmoNaut-Setup-1.0.4.4-debug.exe
Size

40.5MB
MD5

a7c65f03fa37570011f5d36947d73924
SHA1

307eb6c9bc2f91b1f71e330156c3f0f04cee87be
SHA256

49ff1677507112b6bb15c3d91ff30fbb8caaa728e4806c0b566d691addf27ead
SHA512

48b5fe55a9081f24db3839e0724b6c82dfe752fa2a3bdc5075ddef456b493c7130f4a1e811c99acaeb644944467648c5e7f307c67eb1e2418c3de7c70c880f98
SSDEEP

786432:LOI29zwVmFZUpj9qO3bI6sC1bXR96LGd7RDeztMi6RUmYbnxOnI+V20UYz40mo5D:LOI4rQjnbI6sQjX6LGdND4Mi6RUp7xOz

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	CosmoNaut.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	CosmoNaut.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	CosmoNaut.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\CosmoNaut\locales\ca.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\hu.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\ru.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\ja.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\ffmpeg.dll	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\chrome_100_percent.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\icudtl.dat	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\icudtl.dat	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\el.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\fa.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\te.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\zh-CN.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\zh-TW.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\cs.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\de.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\en-US.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\pt-PT.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\te.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\libEGL.dll	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\sk.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\v8_context_snapshot.bin	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\LICENSES.chromium.html	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\nl.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\pl.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\tr.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\uk.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\swiftshader\libGLESv2.dll	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\fr.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\it.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\ms.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\pt-BR.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\resources\app.asar	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\en-US.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\hi.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\sv.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\uk.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\resources.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\chrome_100_percent.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\am.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\d3dcompiler_47.dll	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\libEGL.dll	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\am.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\fil.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\kn.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\sr.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\snapshot_blob.bin	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\Uninstall CosmoNaut.exe	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\es-419.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\et.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\id.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\ta.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\natives_blob.bin	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\bg.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\es-419.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\resources\electron.asar	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\v8_context_snapshot.bin	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\resources	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\gu.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\kn.pak	CosmoNaut-Setup-1.0.4.4-debug.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\resources\app.asar	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\LICENSES.chromium.html	CosmoNaut-Setup-1.0.4.4-debug.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\fr.pak	CosmoNaut-Setup-1.0.4.4-debug.exe

Executes dropped EXE 5 IoCs

pid	Process
3580	CosmoNaut.exe
4000	CosmoNaut.exe
4584	CosmoNaut.exe
1688	CosmoNaut.exe
1580	CosmoNaut.exe

Loads dropped DLL 20 IoCs

pid	Process
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
3580	CosmoNaut.exe
4000	CosmoNaut.exe
1688	CosmoNaut.exe
4000	CosmoNaut.exe
4000	CosmoNaut.exe
4000	CosmoNaut.exe
4584	CosmoNaut.exe
1580	CosmoNaut.exe
1580	CosmoNaut.exe
1580	CosmoNaut.exe
1580	CosmoNaut.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\cosmonaut\shell\open\command	CosmoNaut.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\cosmonaut\shell	CosmoNaut.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\cosmonaut\shell\open	CosmoNaut.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\cosmonaut\shell\open\command\ = "\"C:\\Program Files (x86)\\CosmoNaut\\CosmoNaut.exe\" \"%1\""	CosmoNaut.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2548970870-3691742953-3895070203-1000\{4B8A795B-AC07-449B-A866-C62F4FEF7385}	CosmoNaut.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\cosmonaut	CosmoNaut.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\cosmonaut\URL Protocol	CosmoNaut.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\cosmonaut\ = "URL:cosmonaut"	CosmoNaut.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1908	CosmoNaut-Setup-1.0.4.4-debug.exe
1688	CosmoNaut.exe
1688	CosmoNaut.exe
1580	CosmoNaut.exe
1580	CosmoNaut.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1908	CosmoNaut-Setup-1.0.4.4-debug.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4000	3580	CosmoNaut.exe	88
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89
PID 3580 wrote to memory of 4584	3580	CosmoNaut.exe	89

C:\Users\Admin\AppData\Local\Temp\CosmoNaut-Setup-1.0.4.4-debug.exe
"C:\Users\Admin\AppData\Local\Temp\CosmoNaut-Setup-1.0.4.4-debug.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1908

C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe
"C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe
  "C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe" --type=gpu-process --field-trial-handle=1800,7874527306316109280,17064391921180800840,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAACgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --use-gl=swiftshader-webgl --service-request-channel-token=8460203659538685427 --mojo-platform-channel-handle=1816 --ignored=" --type=renderer " /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4000
- C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe
  "C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe" --type=renderer --field-trial-handle=1800,7874527306316109280,17064391921180800840,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Program Files (x86)\CosmoNaut\resources\app.asar" --disable-remote-module --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16630082299504377639 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4584
- C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe
  "C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe" --type=renderer --field-trial-handle=1800,7874527306316109280,17064391921180800840,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Program Files (x86)\CosmoNaut\resources\app.asar" --no-sandbox --no-zygote --native-window-open --background-color=#fff --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9620271435094391482 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe
  "C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe" --type=gpu-process --field-trial-handle=1800,7874527306316109280,17064391921180800840,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAACgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --use-gl=swiftshader-webgl --service-request-channel-token=2879132413285075706 --mojo-platform-channel-handle=3472 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe

Filesize
82.4MB

MD5
4c9123538353edbd022f969d306171a9

SHA1
655a5930114804f4a982a9588ad96e8daa3b7f9f

SHA256
291e72ab74ec572895264a4fd580a74e616cf9190d03fce265d7b01c2a46bcd4

SHA512
c1f0e7b395cea13b1ab7ac7172e17953571cbe3e88f01004792158cd2aa9080d622a67d10bcf1b74daf8c2be7f22032a925873966ecf79bf688468cad9c42a55

Download Submit
C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe

Filesize
82.4MB

MD5
4c9123538353edbd022f969d306171a9

SHA1
655a5930114804f4a982a9588ad96e8daa3b7f9f

SHA256
291e72ab74ec572895264a4fd580a74e616cf9190d03fce265d7b01c2a46bcd4

SHA512
c1f0e7b395cea13b1ab7ac7172e17953571cbe3e88f01004792158cd2aa9080d622a67d10bcf1b74daf8c2be7f22032a925873966ecf79bf688468cad9c42a55

Download Submit
C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe

Filesize
82.4MB

MD5
4c9123538353edbd022f969d306171a9

SHA1
655a5930114804f4a982a9588ad96e8daa3b7f9f

SHA256
291e72ab74ec572895264a4fd580a74e616cf9190d03fce265d7b01c2a46bcd4

SHA512
c1f0e7b395cea13b1ab7ac7172e17953571cbe3e88f01004792158cd2aa9080d622a67d10bcf1b74daf8c2be7f22032a925873966ecf79bf688468cad9c42a55

Download Submit
C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe

Filesize
82.4MB

MD5
4c9123538353edbd022f969d306171a9

SHA1
655a5930114804f4a982a9588ad96e8daa3b7f9f

SHA256
291e72ab74ec572895264a4fd580a74e616cf9190d03fce265d7b01c2a46bcd4

SHA512
c1f0e7b395cea13b1ab7ac7172e17953571cbe3e88f01004792158cd2aa9080d622a67d10bcf1b74daf8c2be7f22032a925873966ecf79bf688468cad9c42a55

Download Submit
C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe

Filesize
82.4MB

MD5
4c9123538353edbd022f969d306171a9

SHA1
655a5930114804f4a982a9588ad96e8daa3b7f9f

SHA256
291e72ab74ec572895264a4fd580a74e616cf9190d03fce265d7b01c2a46bcd4

SHA512
c1f0e7b395cea13b1ab7ac7172e17953571cbe3e88f01004792158cd2aa9080d622a67d10bcf1b74daf8c2be7f22032a925873966ecf79bf688468cad9c42a55

Download Submit
C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe

Filesize
82.4MB

MD5
4c9123538353edbd022f969d306171a9

SHA1
655a5930114804f4a982a9588ad96e8daa3b7f9f

SHA256
291e72ab74ec572895264a4fd580a74e616cf9190d03fce265d7b01c2a46bcd4

SHA512
c1f0e7b395cea13b1ab7ac7172e17953571cbe3e88f01004792158cd2aa9080d622a67d10bcf1b74daf8c2be7f22032a925873966ecf79bf688468cad9c42a55

Download Submit
C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe

Filesize
82.4MB

MD5
4c9123538353edbd022f969d306171a9

SHA1
655a5930114804f4a982a9588ad96e8daa3b7f9f

SHA256
291e72ab74ec572895264a4fd580a74e616cf9190d03fce265d7b01c2a46bcd4

SHA512
c1f0e7b395cea13b1ab7ac7172e17953571cbe3e88f01004792158cd2aa9080d622a67d10bcf1b74daf8c2be7f22032a925873966ecf79bf688468cad9c42a55

Download Submit
C:\Program Files (x86)\CosmoNaut\D3DCompiler_47.dll

Filesize
3.5MB

MD5
d2d0ff97605d2c2f8921e93062eb01ff

SHA1
586cdca915f47fa4b1010f781ec0504e3138efd2

SHA256
4056e0804a13d791362555636ba34158fade7c1e71599e415a285de1472d83d5

SHA512
7bff38be4c5c41a978b33b9458dc885c59e68fa3dd4e56c6b980d334837bef37b2205b1b69aa1f058c0d8e24e3938c29da917a198b640b521d9726a505683b10

Download Submit
C:\Program Files (x86)\CosmoNaut\chrome_100_percent.pak

Filesize
142KB

MD5
8d56d44c318d122f7931d03ba435f00b

SHA1
387f530e06f79a2a9f7fbf4446c71c31db08e7e0

SHA256
fcb4faaa82d13d90c42dfa0669f67391b3124d30310d0f4c510f31412974cab2

SHA512
03bd2f56f73ad06fe22ebd94fb0de4e37d1771f8a9d82a47ea93002ba4696d906b59d0e25db63e98af10a169a8c3dc9d047cfcbca01030924bf93abe7bce1590

Download Submit
C:\Program Files (x86)\CosmoNaut\chrome_200_percent.pak

Filesize
204KB

MD5
879f88cafa5714994744bde20e7bd2c2

SHA1
d63b55f9f7c0e40f9585cac8a5cb28c0ea9f32ee

SHA256
76126341d0dc2b4b6ddccf30559709e6a856cd47148107808bd18ceb16ed1df3

SHA512
4d70ae16c2656cf3a8aaad00e2ce0ddcc030bf1ad29bbb1d0e90c03f866c413f893b273b8b03aa12c9ea5ae01537ad1d2d1b2c52b35bf7773278121a09a3af9c

Download Submit
C:\Program Files (x86)\CosmoNaut\d3dcompiler_47.dll

Filesize
3.5MB

MD5
d2d0ff97605d2c2f8921e93062eb01ff

SHA1
586cdca915f47fa4b1010f781ec0504e3138efd2

SHA256
4056e0804a13d791362555636ba34158fade7c1e71599e415a285de1472d83d5

SHA512
7bff38be4c5c41a978b33b9458dc885c59e68fa3dd4e56c6b980d334837bef37b2205b1b69aa1f058c0d8e24e3938c29da917a198b640b521d9726a505683b10

Download Submit
C:\Program Files (x86)\CosmoNaut\d3dcompiler_47.dll

Filesize
3.5MB

MD5
d2d0ff97605d2c2f8921e93062eb01ff

SHA1
586cdca915f47fa4b1010f781ec0504e3138efd2

SHA256
4056e0804a13d791362555636ba34158fade7c1e71599e415a285de1472d83d5

SHA512
7bff38be4c5c41a978b33b9458dc885c59e68fa3dd4e56c6b980d334837bef37b2205b1b69aa1f058c0d8e24e3938c29da917a198b640b521d9726a505683b10

Download Submit
C:\Program Files (x86)\CosmoNaut\ffmpeg.dll

Filesize
1.9MB

MD5
749ce69c4ce3118a12756d672341ef20

SHA1
7dad6145fdee7bc957c24d85549d0d3f3cd78a7d

SHA256
3104bdd46ae1fb130a76fdfafab0266aa3532cbf2a607a4ffbfc781bd6f0ae4c

SHA512
fedae1795823f6ee3d02a8ff8adf2c5013a3b4ecadd7854e7bd2e8e60c64ebb51defbdec2a8c35194b1b530c6d266a5d5c5fd3ede0147576ce0e43b7cb89f3c2

Download Submit
C:\Program Files (x86)\CosmoNaut\ffmpeg.dll

Filesize
1.9MB

MD5
749ce69c4ce3118a12756d672341ef20

SHA1
7dad6145fdee7bc957c24d85549d0d3f3cd78a7d

SHA256
3104bdd46ae1fb130a76fdfafab0266aa3532cbf2a607a4ffbfc781bd6f0ae4c

SHA512
fedae1795823f6ee3d02a8ff8adf2c5013a3b4ecadd7854e7bd2e8e60c64ebb51defbdec2a8c35194b1b530c6d266a5d5c5fd3ede0147576ce0e43b7cb89f3c2

Download Submit
C:\Program Files (x86)\CosmoNaut\ffmpeg.dll

Filesize
1.9MB

MD5
749ce69c4ce3118a12756d672341ef20

SHA1
7dad6145fdee7bc957c24d85549d0d3f3cd78a7d

SHA256
3104bdd46ae1fb130a76fdfafab0266aa3532cbf2a607a4ffbfc781bd6f0ae4c

SHA512
fedae1795823f6ee3d02a8ff8adf2c5013a3b4ecadd7854e7bd2e8e60c64ebb51defbdec2a8c35194b1b530c6d266a5d5c5fd3ede0147576ce0e43b7cb89f3c2

Download Submit
C:\Program Files (x86)\CosmoNaut\ffmpeg.dll

Filesize
1.9MB

MD5
749ce69c4ce3118a12756d672341ef20

SHA1
7dad6145fdee7bc957c24d85549d0d3f3cd78a7d

SHA256
3104bdd46ae1fb130a76fdfafab0266aa3532cbf2a607a4ffbfc781bd6f0ae4c

SHA512
fedae1795823f6ee3d02a8ff8adf2c5013a3b4ecadd7854e7bd2e8e60c64ebb51defbdec2a8c35194b1b530c6d266a5d5c5fd3ede0147576ce0e43b7cb89f3c2

Download Submit
C:\Program Files (x86)\CosmoNaut\ffmpeg.dll

Filesize
1.9MB

MD5
749ce69c4ce3118a12756d672341ef20

SHA1
7dad6145fdee7bc957c24d85549d0d3f3cd78a7d

SHA256
3104bdd46ae1fb130a76fdfafab0266aa3532cbf2a607a4ffbfc781bd6f0ae4c

SHA512
fedae1795823f6ee3d02a8ff8adf2c5013a3b4ecadd7854e7bd2e8e60c64ebb51defbdec2a8c35194b1b530c6d266a5d5c5fd3ede0147576ce0e43b7cb89f3c2

Download Submit
C:\Program Files (x86)\CosmoNaut\ffmpeg.dll

Filesize
1.9MB

MD5
749ce69c4ce3118a12756d672341ef20

SHA1
7dad6145fdee7bc957c24d85549d0d3f3cd78a7d

SHA256
3104bdd46ae1fb130a76fdfafab0266aa3532cbf2a607a4ffbfc781bd6f0ae4c

SHA512
fedae1795823f6ee3d02a8ff8adf2c5013a3b4ecadd7854e7bd2e8e60c64ebb51defbdec2a8c35194b1b530c6d266a5d5c5fd3ede0147576ce0e43b7cb89f3c2

Download Submit
C:\Program Files (x86)\CosmoNaut\icudtl.dat

Filesize
9.9MB

MD5
4c8a9e9c260dc5a6fee2a3c37520f5bf

SHA1
5a9883dbeb5314a98e7ab5326f9868e78ba387dc

SHA256
8c2df1f6e2ea8df2e5fc5e4b016b0cddd64a7ce6985189ca45be3c0ec99472c2

SHA512
c0da0b08a0b0eaa898f96c6e6c6fb65bc7f773f5814fc0d612a40e2fcaea4049c67cd2812716a564dbc16d609677ee62eaa9f9747d2a7bc5c9bce43cd2208aa7

Download Submit
C:\Program Files (x86)\CosmoNaut\locales\en-US.pak

Filesize
69KB

MD5
15e8556f737d17bd4d645513ee190990

SHA1
a24844d68fe3e9f4c57d14e6091a06f5e6b5f327

SHA256
12e4fd083a49e038578ea2993e6c88239083c8d098231527eee861299a4e1c99

SHA512
4e5c423b2b14def0e6ebb9c7844bdc050198064c9db69d3a880c1444314211995b1f0dec6fcbb12c6d5e59f690c3ffc893c2265bf7168d1ecbc8d83dfa5e1465

Download Submit
C:\Program Files (x86)\CosmoNaut\natives_blob.bin

Filesize
81KB

MD5
f8ac49858ca8739658ff44c296f8aba6

SHA1
427b4da3bd619d85381c36d61daf2ce392e07909

SHA256
354ff502a0e1ed73df4e5c7b52970356b04777461f6e169f72a8567ab5f4c317

SHA512
52e875aedbdc5dad21e01a42e333ff5aefed9ae6468a00e80f2bb373b871196f9a82bc3f43a6c72c9dd6be0e4fbc591d3ede41ca47b23a806b788db5aa9bf313

Download Submit
C:\Program Files (x86)\CosmoNaut\resources.pak

Filesize
8.1MB

MD5
b6830e889fad2ffafded27266a80df62

SHA1
07ad626b5de507d9ff357f4e8990724e689a5f0b

SHA256
bfb1edea4ee192b61d00d000cbf1fa1ad18e49da5739ce418d36686fa3fc74c9

SHA512
d5816c600e37a294478b9d84abff20ff3bc5947d74c51b8183be50fe0ec5f641a664c860c33746e3ab02267141044213a396a44fb11e1c3c46c2f719f2fb00a7

Download Submit
C:\Program Files (x86)\CosmoNaut\resources\app.asar

Filesize
3.7MB

MD5
8c4813d579317e21e5e57db272c2b086

SHA1
b496ed98c8b786bde37297920f3dcbe16e49f0b8

SHA256
039091dba4de0156cff91cb295dd33b6e7b2b7fd6576fa3d6f3681b58ef17c86

SHA512
25cad160dbbbb8b336f5496ee6a158c81c171fdaa505648ed05f5d8996bdf05f12eb0a0df4cd7c4691cd44478a5314ea5be1760615bb4b85bb5672d4c0951946

Download Submit
C:\Program Files (x86)\CosmoNaut\resources\electron.asar

Filesize
344KB

MD5
b61369fb1e6b08fdf70ea8b71e2ac3a7

SHA1
a2067ed4007be43710ca67a7182f5c2075c3e806

SHA256
a08e71b922d0d579028c40d835cc7b6aaad90f2229972a096938d72c0e386730

SHA512
2014e88b92837a7cfecba25b1d0a334ce457943786d8dae40455340f6ba5014bfc2d954016686a230f95d4206a71ade72ec2efc4abd70f9016ebaeac0550c2ba

Download Submit
C:\Program Files (x86)\CosmoNaut\swiftshader\libEGL.dll

Filesize
252KB

MD5
138846462a58f0c8a3403030c2747c86

SHA1
8a87047cec0324e581e3e4cf0f8ed26a6ee71224

SHA256
a9933dd2c49b895f320958c4c4d4046e9206b7e42c10c20d3fe6d2b7b30cb0b9

SHA512
59511f3bc2386208b272993f5ca6ccbe2a2968354a6b9f9ec5865a483036652cf42fe77a0013aab558d7c85162750a14b5def20f5f5394e17f0ccc6ccdf62814

Download Submit
C:\Program Files (x86)\CosmoNaut\swiftshader\libEGL.dll

Filesize
252KB

MD5
138846462a58f0c8a3403030c2747c86

SHA1
8a87047cec0324e581e3e4cf0f8ed26a6ee71224

SHA256
a9933dd2c49b895f320958c4c4d4046e9206b7e42c10c20d3fe6d2b7b30cb0b9

SHA512
59511f3bc2386208b272993f5ca6ccbe2a2968354a6b9f9ec5865a483036652cf42fe77a0013aab558d7c85162750a14b5def20f5f5394e17f0ccc6ccdf62814

Download Submit
C:\Program Files (x86)\CosmoNaut\swiftshader\libGLESv2.dll

Filesize
2.9MB

MD5
1cb9f7e93104b5bf2b3af199d0302ee1

SHA1
6988c5e5f51134a1b3be3533a53a7e8ec9f2788e

SHA256
8456ee3c3577cc2582098b21a11a3d5f13ad930a3164dd4014cd7f7e2d540fcf

SHA512
c6f89d95d8d5e0c6f5b09f2bc56cf09bb3ea34393f390bf01570c8df6e427c1c436cfbaed2188f0125fbac3aa65d27ae69ebc1fa663bb5f0b8165d1d94439e84

Download Submit
C:\Program Files (x86)\CosmoNaut\swiftshader\libGLESv2.dll

Filesize
2.9MB

MD5
1cb9f7e93104b5bf2b3af199d0302ee1

SHA1
6988c5e5f51134a1b3be3533a53a7e8ec9f2788e

SHA256
8456ee3c3577cc2582098b21a11a3d5f13ad930a3164dd4014cd7f7e2d540fcf

SHA512
c6f89d95d8d5e0c6f5b09f2bc56cf09bb3ea34393f390bf01570c8df6e427c1c436cfbaed2188f0125fbac3aa65d27ae69ebc1fa663bb5f0b8165d1d94439e84

Download Submit
C:\Program Files (x86)\CosmoNaut\swiftshader\libegl.dll

Filesize
252KB

MD5
138846462a58f0c8a3403030c2747c86

SHA1
8a87047cec0324e581e3e4cf0f8ed26a6ee71224

SHA256
a9933dd2c49b895f320958c4c4d4046e9206b7e42c10c20d3fe6d2b7b30cb0b9

SHA512
59511f3bc2386208b272993f5ca6ccbe2a2968354a6b9f9ec5865a483036652cf42fe77a0013aab558d7c85162750a14b5def20f5f5394e17f0ccc6ccdf62814

Download Submit
C:\Program Files (x86)\CosmoNaut\swiftshader\libglesv2.dll

Filesize
2.9MB

MD5
1cb9f7e93104b5bf2b3af199d0302ee1

SHA1
6988c5e5f51134a1b3be3533a53a7e8ec9f2788e

SHA256
8456ee3c3577cc2582098b21a11a3d5f13ad930a3164dd4014cd7f7e2d540fcf

SHA512
c6f89d95d8d5e0c6f5b09f2bc56cf09bb3ea34393f390bf01570c8df6e427c1c436cfbaed2188f0125fbac3aa65d27ae69ebc1fa663bb5f0b8165d1d94439e84

Download Submit
C:\Program Files (x86)\CosmoNaut\v8_context_snapshot.bin

Filesize
596KB

MD5
4453a66a6e810591ea9f5122514d7cb7

SHA1
d005ab8967c98338f381af090f68206c31dfdeef

SHA256
71a3723be4d336849ad93174116a1d8566a07fd3fe0a3bed781ea386589fb441

SHA512
e88fc5a4adfe34ac81668df1703b675a2ee36f0e0bc583b367be6a9c009a79b80b223432dfdc52a2dc76eaefceb577e8f0bf9a9722a08b61f268c994f3bfe928

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq71AB.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\Code Cache\js\index-dir\temp-index

Filesize
456B

MD5
192437cd2807264197a6510bceeb91bb

SHA1
2c890ef4407fff9b23cf02c14aa2b2c1aec9df1b

SHA256
183ada7ec72c1cbc15ae57b67294697014c5098059d6fe804bf227fb812c3e37

SHA512
c7c478460ea68d1eecbaf964b7323a8e2f0c32eb2cbd34544fd0195c3dd6d82b6bf7bb3ca4456b31f4b9a84d90173cd572ad1afd0b4b9f2168d5ab02dfe7752e

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\Code Cache\js\index-dir\temp-index

Filesize
336B

MD5
4c825521d06ddcd6a8d2c3269192c903

SHA1
6d3a3e195a64a966ca490e4829606642315e9126

SHA256
9211eac08c635e629aac148c05792c20ed09be4507602897f69aaaef367f844e

SHA512
96eef672d7c58fbab4d583dba9d05358ce852ca2f854f16ab475e37fe7725fef3424d34631ff54035a4c4319d5d9bb26d05b74b40f85faf680722746d654ad05

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\Code Cache\js\index-dir\the-real-index~RFe571c23.TMP

Filesize
48B

MD5
c4360411c0b84265104681a2beed530e

SHA1
bed86984c9061a8aafda1e855282aa86e6389996

SHA256
53815ce571df04ab3ff98fd861a443d0f407898060f177e063b3f91bf23dfc07

SHA512
b30bb2c092f37cc41ecbe7e2e3bca9562466590cbcfedd8cad5303b68b1b0c1d703379ef41afe2a0da2af6947eef935ddc03e8f05e61c37e652fd39eedfeacde

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\Network Persistent State~RFe57b47b.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\ed387cd8-38fb-4881-bee3-ee87e60c722c.tmp

Filesize
398B

MD5
ae22f4560a158ade9eee816faf52cd90

SHA1
8bfb12f26d1203a75ae42b3d21797ea3cd5c8148

SHA256
bebfad482d7e793e65674c84093437a4140871244da73c318d91a5bf73b8021b

SHA512
d2b5339b4eed82dda01fd61a14804c62ab39929531952342131e62cd02c5ee6955d08232bf5dc5692f8f8095b223d21d384712fab005f61e1b434f2324b5e1e3

Download Submit