hxxps://gofile[.]io/d/MVivHq

Analysis

max time kernel
56s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2023 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/MVivHq

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 47 IoCs

pid	Process
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe
7032	StormSphere.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
599	api.ipify.org
600	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133331816170780731"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3220	chrome.exe
3220	chrome.exe
7032	StormSphere.exe
7032	StormSphere.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 47 IoCs

pid	Process
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe
Token: SeShutdownPrivilege	3220	chrome.exe
Token: SeCreatePagefilePrivilege	3220	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 1820	3220	chrome.exe	83
PID 3220 wrote to memory of 1820	3220	chrome.exe	83
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 4936	3220	chrome.exe	86
PID 3220 wrote to memory of 2184	3220	chrome.exe	87
PID 3220 wrote to memory of 2184	3220	chrome.exe	87
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88
PID 3220 wrote to memory of 2668	3220	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://gofile.io/d/MVivHq
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff848079758,0x7ff848079768,0x7ff848079778
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3300 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5140 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4996 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5580 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5756 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5964 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6260 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6416 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6436 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6548 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6912 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7688 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7672 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7364 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7376 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7220 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7208 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8116 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8468 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:8
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=9100 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=9052 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9416 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8508 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8896 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:8
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8436 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8544 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8752 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7088 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8576 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6692 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5464 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7648 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7904 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9968 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10100 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7676 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10256 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10420 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10708 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10504 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=11000 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=11136 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=11468 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=11340 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=11328 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=11168 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9632 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11140 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:8
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11584 --field-trial-handle=1900,i,5929412891287166073,9427978515980683427,131072 /prefetch:8
  2⤵
  PID:4620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5940

C:\Users\Admin\Desktop\StormSphere.exe
"C:\Users\Admin\Desktop\StormSphere.exe"
1⤵
PID:6752
- C:\Users\Admin\Desktop\StormSphere.exe
  "C:\Users\Admin\Desktop\StormSphere.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:7032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:5452
- - C:\Windows\System32\Wbem\wmic.exe
    wmic csproduct get uuid
    3⤵
    PID:7156

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8067c0f953fcd26c101f1494b4ef63e3

SHA1
07f90482ab7e396c5c6288633662170d0cd2bc62

SHA256
d057c71b8eccb7c2b668fbe61c9262a8b1f7e2754ddf3490d2aa413397cb6971

SHA512
bfb6e5bee15905c191f863420cbbc6a28a8c66b0f904d3e9b21126c4c5e10f98e54dfa411b1a8da43884cafe3b7afdd724e1c5f52f4ddda3533e843ceb7ce7c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
48ac8b46c3c542605be8b2db0bdba0b1

SHA1
fdb64465421213b6b52a11b97c4e52901ffecc8e

SHA256
635b282bde71f1cfc63f2902b47246fc9053a1d524c6c3174828ecb9327cd72a

SHA512
a3b5c7f891d70c8990a54d98139558ac3459f7fa74c22f5af3ed3caa329915f77355fc2d185db5ce60f6db39319e592c3973ffca2c3766de49ed0aac35450132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fc3b12fa5ccce80a6ddcffa313b6ef4c

SHA1
70494f882a2b6650ed5435692d7004089c67d5c0

SHA256
8bdc85f0412af2044c105df0607b870db40a673bd5205468f0aa6d9a4e77eb14

SHA512
0554b3138afef931db08a0e42d7d2824967971fed662a0d6e72fb9ded5844a5de407614070c0ca5cce54d85fb8d178cb3f1174b47781dc6d116e14ab139c322c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5ec04fd51ad85ffd1c2f23f1d461a297

SHA1
5965127d3980118cca61e9f77cac032c43bf9085

SHA256
6ca6864fb16892519dc082fec26a8a1abb6e9ed812b2cc38167e2ac4ea1a0c73

SHA512
7b4e40bf2578ae25f2c5ad64b8f50e517fda4b6548762666a8c97a22060b0a954af30de46192bde4a46eeb1db688d45103ffbc252ef6312b55aa2c935bab7de6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c857c50664e26787643d562e50937698

SHA1
d0cbff49261020b44dbaf1486f310aa30cbfb7f2

SHA256
d2e99a089cda13c9ea6d21e01226a3de0473e3a25cfcc6f468ae56ca81731073

SHA512
0376774adae8436f55b738321cf5afaacf11667c7abd1a78a63a11042efd9a542aff267996d1f895e4dfb569b5972f6572ebe1d192b69f6f056f210814628730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb981c4f7653226eba2e29450fa72e69

SHA1
9306d836ee55116bfac7b6a7c8663f79e449be93

SHA256
ab35a715201684e94d7c3ca7b50ef57baa5f5ba1cdde2b5e6bb8552422bc3c04

SHA512
73dad10844a844ac22d95181c70b17ca89372ffbd6f0075b26e3d3f6b09a83eaee2aa60ac6d0183211037ef449dac1fc1f0602740db6c3002f145c2a7e8f0612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3951462c8ef2a1cb54d193d2cfea760e

SHA1
51f1a9730291a569a4e05dd52d84f3f476b443e7

SHA256
a0d8abb744091033c9be34b2011a5e0ef1972df466c49eb3ae479c6bfd01abd0

SHA512
ebc0fd8851386e7d9605c6ae3e7c44a0697e0450b36c73a2cba453e322e94ac5e51fdf0349f4f3b34a7531ce46bc4eac8f38a43cd3b4398536cdaff8dde72225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
57bba080f80ddbb6b5dd81ff2fb0c954

SHA1
9505fd05161c15755e479e27dda4bfca2b878287

SHA256
6d49dd9f8f507e7b01e17eb0f03fc74c5c2c21602e3443e4ac8831726843f8e6

SHA512
1bfb4ab84a75e3d266d15aeea10f7347eb4ec67d1bc9b31db63bda7daa76bb3902dbe7c86c4bf7055218196d109e54a8c26555652a269abbd20c2d4f776d919c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
8477e2ffa48c13eb60f80c2c411a6d2f

SHA1
bd2b39f34063f2afd217801ba8b7858675ee3498

SHA256
e0718a43d64b32d9696c033c81383eedab0fbfece54b6db5559a681d45fb33b8

SHA512
67992715535747a26d6afcd11ce48fa7e6b096ad3e368905313c174ec44007ed37ad01c2c3343fa7b531dd63a9fcb6b2c9d990ebfe51c7fd74fc4bfd933b69b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580bb3.TMP

Filesize
103KB

MD5
0340b644bfda6e627905fd784be9e990

SHA1
9ed765d0dcdac5b45af1e159b0954a2a8e2497f7

SHA256
8e042acd7921a2a2fff5c27ccc129dbd14b170479c0f71ef19c6dddda77cc688

SHA512
86deb24f597132d12a80e47413e9d274400e096a1620a13b559fd3cf5d8c3b584634dce614f9a86fe2d398bf1cb092c5c3ac47ba6468d814e661518bc74182f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI67522\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI67522\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI67522\_ctypes.pyd

Filesize
119KB

MD5
ca4cef051737b0e4e56b7d597238df94

SHA1
583df3f7ecade0252fdff608eb969439956f5c4a

SHA256
e60a2b100c4fa50b0b144cf825fe3cde21a8b7b60b92bfc326cb39573ce96b2b

SHA512
17103d6b5fa84156055e60f9e5756ffc31584cdb6274c686a136291c58ba0be00238d501f8acc1f1ca7e1a1fadcb0c7fefddcb98cedb9dd04325314f7e905df3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI67522\base_library.zip

Filesize
1.0MB

MD5
d6a70e28db864ded89448550148b524d

SHA1
2efd4ff9a7f09e2db811c3cd0adefc09dca7aed9

SHA256
5d4b56eaf5a7b00e8aa30d3d176819420b70823ea8e7cb62bdb2ad7c6311369a

SHA512
0f9aedc7a06d3db198e35f2fe368871240d13d9320ee0f3fd831d584518eb5c5da76fb0fd38771f74137da749e8d4dd0febf271fa1612d04bbf0746424d54990

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI67522\python3.DLL

Filesize
63KB

MD5
c17b7a4b853827f538576f4c3521c653

SHA1
6115047d02fbbad4ff32afb4ebd439f5d529485a

SHA256
d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

SHA512
8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI67522\python3.dll

Filesize
63KB

MD5
c17b7a4b853827f538576f4c3521c653

SHA1
6115047d02fbbad4ff32afb4ebd439f5d529485a

SHA256
d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

SHA512
8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI67522\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI67522\python310.dll

Filesize
4.3MB

MD5
deaf0c0cc3369363b800d2e8e756a402

SHA1
3085778735dd8badad4e39df688139f4eed5f954

SHA256
156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

SHA512
5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI67522\ucrtbase.dll

Filesize
994KB

MD5
8e7680a8d07c3c4159241d31caaf369c

SHA1
62fe2d4ae788ee3d19e041d81696555a6262f575

SHA256
36cc22d92a60e57dee394f56a9d1ed1655ee9db89d2244a959005116a4184d80

SHA512
9509f5b07588a08a490f4c3cb859bbfe670052c1c83f92b9c3356afa664cb500364e09f9dafac7d387332cc52d9bb7bb84ceb1493f72d4d17ef08b9ee3cb4174

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI67522\ucrtbase.dll

Filesize
994KB

MD5
8e7680a8d07c3c4159241d31caaf369c

SHA1
62fe2d4ae788ee3d19e041d81696555a6262f575

SHA256
36cc22d92a60e57dee394f56a9d1ed1655ee9db89d2244a959005116a4184d80

SHA512
9509f5b07588a08a490f4c3cb859bbfe670052c1c83f92b9c3356afa664cb500364e09f9dafac7d387332cc52d9bb7bb84ceb1493f72d4d17ef08b9ee3cb4174

Download Submit
C:\Users\Admin\Downloads\StormSphere.zip

Filesize
12.7MB

MD5
34fd4968e5e02826a4f9f8f9ea12d1a7

SHA1
3c1289228f92f21171431a1df85419eec08c3691

SHA256
44b0d555d02ea63ad8d767fe81016d24a676ced54c0bc13d32059841d7859c6e

SHA512
9c57af5f4db99c22a938585fb8e3bc37ee7e62802f2e7b33e579d0ad663744377189176322d3fd7594739540d76b1f2a3b402ba0693ed6b6f073d4a7db69e1d2

Download Submit