hxxps://github[.]com/System32Booster/MalwareDatabase/blob/main/email-worms/NetSky[.]zip

Analysis

max time kernel
42s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 01:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/System32Booster/MalwareDatabase/blob/main/email-worms/NetSky.zip

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2884	NetSky.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ICQ Net = "C:\\Windows\\winlogon.exe -stealth"	NetSky.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
50	raw.githubusercontent.com
51	raw.githubusercontent.com
54	raw.githubusercontent.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\winlogon.exe	NetSky.exe
File opened for modification	C:\Windows\winlogon.exe	NetSky.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133654807537091711"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2456	chrome.exe
2456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2456	chrome.exe
2456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe
Token: SeRestorePrivilege	2484	7zG.exe
Token: 35	2484	7zG.exe
Token: SeSecurityPrivilege	2484	7zG.exe
Token: SeSecurityPrivilege	2484	7zG.exe
Token: SeShutdownPrivilege	2456	chrome.exe
Token: SeCreatePagefilePrivilege	2456	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2484	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe
2456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 3992	2456	chrome.exe	83
PID 2456 wrote to memory of 3992	2456	chrome.exe	83
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 64	2456	chrome.exe	84
PID 2456 wrote to memory of 3124	2456	chrome.exe	85
PID 2456 wrote to memory of 3124	2456	chrome.exe	85
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86
PID 2456 wrote to memory of 5084	2456	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/System32Booster/MalwareDatabase/blob/main/email-worms/NetSky.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae4c7cc40,0x7ffae4c7cc4c,0x7ffae4c7cc58
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,9781307071961023877,13116823634423916028,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,9781307071961023877,13116823634423916028,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,9781307071961023877,13116823634423916028,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,9781307071961023877,13116823634423916028,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,9781307071961023877,13116823634423916028,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4356,i,9781307071961023877,13116823634423916028,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4512 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,9781307071961023877,13116823634423916028,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4968

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4516

C:\Users\Admin\Desktop\NetSky.exe
"C:\Users\Admin\Desktop\NetSky.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:2324

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap9440:74:7zEvent15939
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2484

C:\Users\Admin\Downloads\NetSky.exe
"C:\Users\Admin\Downloads\NetSky.exe"
1⤵
- Executes dropped EXE
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
08bcb458b0dc99631cdf22a4abf5d52a

SHA1
f2978af151fb73fb1b505acfcd614efdc9ac22f0

SHA256
09dcccda550c752457b425e0dae1fb9f8123a8d756552beaba50596a5b496875

SHA512
f7db765318b3f30ab684ef24d8f682df8cb3ff06b1b7225ba46581a4ef74f5b2026d98ea2e4ac14390cf90c8f257d73df9562771199cfe2953c6f56c59fc4184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9ce5a21373862b0f5f2ae4017ecfe515

SHA1
64fd91204173a2bf7cb0fcec310d1989e384d1f9

SHA256
49456d590fbdca67ac5191f759fadb659e6a51a0ed474a145055970a79f29d0c

SHA512
b27150a9aff12b0d81ac9d0002ccbfbe74d63cebea8b33d68b1fdff6c04d70dc4facc54047ff14c8d8e4925668bdb1da934288da86c11e020dfae4b998887b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b1cbd5838bac5905a5e41830f15a013a

SHA1
7a51813c06835ce0a0e53329c3ea0b8342211546

SHA256
c165a6b515f3cfb3e7791df4df97f05fc71cee16e572ace500557d58f63ac13d

SHA512
a26bef4db6d1c6d81ad3e333332c1f3f0a5a1deba3622008e2d7df949ef0a63bb8b7f9926bae05f8518c918b1253b3cda601f8cb5666c00eac84703d25fbe7b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e28c4e177cbcae14f9e3630dbee6b710

SHA1
ed5d956bc0b91a2f955b52415d3e0579d3e49a58

SHA256
a5b33dbe9072c6e6a6cf3d67c3489b11fb021fa106b74d00591bb7a7785cf027

SHA512
76dd9964df503e94b291c5431e6b99f0739fb06a10e474cb4449e2482740055b63fcc264c0789083f1756a981951f187eb459035149a96d32baeb4ab38b82c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ef0736f7a04a2aa1240a9a8d6168362

SHA1
4206c06a7eb1f93bcdd3d4f2e372f862075c8d22

SHA256
7ae5edb8c18f45900330de01f6291f8476240b0d57ba587d2f39e0d339b7ed84

SHA512
e289e127d94c30e2c4fd1eae35db13b2fd8a86337d32622a371d9449c051cd1a02af6353e8390f3a850864c368d25aabd10666b6686ee2e676e9cc82ce773bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48dbc1ca5f9177b672831629268dcba5

SHA1
871b70cb12d8e583acbfe56a7f483035b44fd8e8

SHA256
0badf0c129b2f65b2f15d29a0fc3997636b197d22ec8ec16e3d3b2fbc52920a6

SHA512
fbd2672c9523545aae95bb1351f256eae79680b47d8682397c953aa483a67eba6ae87fa5bda9cdd2deb54c7b61ed8f4391cf6b582bccd5075d6a679e7e4811cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
d328ce616d22c8d2eabb1b4e7907221e

SHA1
72bde2e4e079eaf1ad605e1c4962e758384ba02e

SHA256
8fab4f172adfe5375726fa226e9e51f4511332c87f77630fa294ccb12cf03b14

SHA512
fc0245c6a0b9bbef44046da2d3780376df9e1c46175c2c555c038461800235ef82d2eacc24cac9622cc626c395b7259d7bf971152fd8ce4c0afe6cd0c82e5bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
eaa7e3319b3ff5b31dd10832f85c52fc

SHA1
587eec63cf38861ada452d11c008320ffb1e72ee

SHA256
de6f3b218db7e61aa4bf24ec07ba5818c1e5017dac5ceeb590fedfcdf289120b

SHA512
159ef3a9e43973636e2386639b586e23e8d93634c43a8c03a908e085165621696420958fc833e1019ddf433892e26e69e717cbf12122d851920a23e24d87a2da

Download Submit
C:\Users\Admin\Downloads\NetSky.exe

Filesize
17KB

MD5
6f49434d7e4532520372a4721a7a9aec

SHA1
979e0112b24c1f490653e47e4a340b37f72d17cd

SHA256
15e48ef767e1b2d696d2f6beec08e12e6e6d8909c070347d2d10abe75c120495

SHA512
9c86461d65fa52dc0e2ab15f3b95b75fe572f7e46b20ada7fcae57b9fd5355bee6e31b47183d5465e97bc72a065fa96dc8330667fbd3e69b13ed561600e6672c

Download Submit
C:\Users\Admin\Downloads\NetSky.zip

Filesize
15KB

MD5
0fcaf4c68f61bcef1ecc5c785bdc87dd

SHA1
830c82fda751b2433455dd1c44e38e3b188ca8e0

SHA256
e410d3d05109d373f043620a14976d969f4ead193be440e32a83363f14e91187

SHA512
0bbc8ecd8affd0e536fb359f2a79b97a2ff939b722158cc0877591151194cc108b813dc61ce33826391fe6d455ac43b8e3c5487a4391f6e72975b91f4d0bf400

Download Submit
\??\c:\users\admin\appdata\local\google\chrome\user data\first_party_sets.db

Filesize
48KB

MD5
5a1706ef2fb06594e5ec3a3f15fb89e2

SHA1
983042bba239018b3dced4b56491a90d38ba084a

SHA256
87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd

SHA512
c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16

Download Submit
memory/2324-209-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2324-184-0x0000000000417000-0x0000000000418000-memory.dmp

Filesize
4KB

Download
memory/2324-182-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2884-217-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download