hxxps://drive[.]google[.]com/drive/folders/1Cj6Ed6wqCtqVvF1WlFwjqNIwM_eGIv4l

Analysis

max time kernel
139s
max time network
145s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
13-08-2024 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1Cj6Ed6wqCtqVvF1WlFwjqNIwM_eGIv4l

Score

7^/10

discovery pyinstaller

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4756	bhop.exe
632	bhop.exe

Loads dropped DLL 5 IoCs

pid	Process
632	bhop.exe
632	bhop.exe
632	bhop.exe
632	bhop.exe
632	bhop.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
3	drive.google.com
4	drive.google.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000c00000001aadf-164.dat	pyinstaller

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bhop.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bhop.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680376286081299"	chrome.exe

Modifies registry class 55 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000009b43c3c59bcda01a9a9d25562bcda01a9a9d25562bcda0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
992	chrome.exe
992	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3252	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: 35	632	bhop.exe
Token: SeShutdownPrivilege	1176	chrome.exe
Token: SeCreatePagefilePrivilege	1176	chrome.exe
Token: SeShutdownPrivilege	1176	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe
1176	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
632	bhop.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe
3252	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 4864	1176	chrome.exe	70
PID 1176 wrote to memory of 4864	1176	chrome.exe	70
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 4260	1176	chrome.exe	72
PID 1176 wrote to memory of 2384	1176	chrome.exe	73
PID 1176 wrote to memory of 2384	1176	chrome.exe	73
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74
PID 1176 wrote to memory of 4496	1176	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1Cj6Ed6wqCtqVvF1WlFwjqNIwM_eGIv4l
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdb89b9758,0x7ffdb89b9768,0x7ffdb89b9778
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1684 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5348 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5560 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5508 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Users\Admin\Downloads\bhop.exe
  "C:\Users\Admin\Downloads\bhop.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4756
- - C:\Users\Admin\Downloads\bhop.exe
    "C:\Users\Admin\Downloads\bhop.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4456 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5488 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=832 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5864 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6116 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6132 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6108 --field-trial-handle=1780,i,10540239897831754443,13757924171747776418,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:992

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e2ec4a3eb43394273e2a833af696da27

SHA1
dd81ca546a3445aecfe08b0437d88fd12f2d0bb1

SHA256
4bc413ffe355cbc7b6232ca889980ea07886aa021e7a7aaa24d7ffb53d76dc32

SHA512
7d4f7538582df7f75fedd61dfdf1a29c14e5cdabeca96cbc004a61fc6a4556d758d84fa8563f2c2ea62c52bf58f4f3905b52439577821c344f1bd587455a507d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
2aa31959a1358addfcdcfb25356fba1f

SHA1
1166f7d6306a6c395edab98091b8f50c88ff8583

SHA256
4672fe81f6ac9a603de2e19c41ea125b5dd5447f3df0bb4ee76ba25d7edf89fe

SHA512
768dea862ff529f5a920ad03a0eb9efceb034d4afa54533bfd5a05b33b307c477d91455f61072ebafe7c70ea94bf8fdc554f32ea987a23cc935b956cdc746e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
325f4558a2e50c17ffc41affe0e64947

SHA1
f00aee4194fdacb1daf84215674171b53e73bfdc

SHA256
73e7cdc7abe587f66eb1a4e0fca6ecece880268f9d65015f9bcf69bc331a577e

SHA512
11367ce332cb288865d6b47d6957ea42a36f81ec4b70ff004a64f12ebc8171c0f22ee69e889fc51d91c6f9c0f87276c91391d5bc7d95df3ce029142f0a86631f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
fdf5f6b66357631123f53383a15346c8

SHA1
46b6fb48fc5d5019096f311af9dc42cebe968c70

SHA256
bf6646c7ce8fd58271a6f7b05bf277fe61e66b6094a68e66165bc96101e7f71c

SHA512
05b145fc28331d5e95259fd30d1b63ff80bbfe005337922ff68eee3c009bbbbd5e39e17ee7deb8bd909e9eb7242cfc08337ea6a3396f51210210f3270e20f3f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b37dde2cd8df6dc3d2976ba6b719b66f

SHA1
d78e97f7ef221fc1734281ab52aef69a669c5ee7

SHA256
7079de97b36e8a5d7bd458863f8a43913fb23ef2bb395463d0d9b31bce4c8917

SHA512
f101bca5f3bd44bc64fffc31c181b407623f4e3b48627127d1da75beb0f80d4f954440641ff075ddc0f8727e21a88b54196356e95ef6c86d8cbb312c90914e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
873B

MD5
605936a55e57b898849f7797abc89352

SHA1
2eef9d33288e47d5ea99000f45422eadec1fd3cf

SHA256
a3a6616000309eb0991307f0f0b1ad018356a0878a5738877a2416bacf5b5e4b

SHA512
791f48934b6add30f8e0bef5a9d5d5c5ae946177c62759db5b6226de9c91f9b606882b48d6e34caf5ea97616178e78de57e3efc224deddcb8c4033e34bbca783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cb950a43842e29ce82b656fd1d36396f

SHA1
b1bcc200dfbbfe2f1698a647f8db2747fe9145fe

SHA256
a838fb04b715b0544b075efdc56249cf40e29baa8c476616f6d65f7cc8920e15

SHA512
2e5a7bb22bfb6e5483e32ba6c2eecf63723f2afc4d3707cc1bedbab2d66251265bcf4c0bf96a930f50f2f0d41517e7bec74bbd7e726e0962264d167d5174d1df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb274d01992e231da2988b17ddd5f989

SHA1
64914d85f64d2f284cd8c51e725a1e327c65f040

SHA256
97c705cee81c7beb6908f6533e7a14c4f547f99ba7db332a840ff01bb9edb1d6

SHA512
b675939dd3b9215cbdc6b08f7e650ca8e57733fd4821d9fcb302767d758f42f0c4c80511a4eb8e2104d65b44643fff12acf743f3d8939e5d684be408f8ce7890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
df14cae61f5b747c5d45907016800d38

SHA1
56f5d0b673ddbf54cd3ed015b1a2b8b7ae376f93

SHA256
e7a175bb81fe2ed4a70dc36e18a748ec81981ccb4ad2149ba9ca48e648ff3df6

SHA512
9964660af58d11df9b5b4bf9510f8f19500ee002551f594bcca44ca727beb6c5f1c6042c656f8946e0eaee803020153911ccbee1a12d779abed523b7e6494b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
777a0518fcf86205c13afd9a730e230d

SHA1
8ff8935a742a4e21debc883b6cd317bac689bc81

SHA256
1f43b6289ed4cf1859d8df2eb50a3c8454226318600a1b0ccd56affe6457f720

SHA512
f4c1e56a1e01dde7d2a88a1549e93bf6c78d0cbc237225666884fa4f4416b62d3af2f904c4354b76ab296a6fbb05420a3f435c3d909d19803a2b3c4de1f76ac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac1407d28a4f224971d9066fc0a07ffc

SHA1
02091b631ab002bbe291a843c58a5e5bbf254aff

SHA256
b806a8862eb0ce0d15518aafcdadb8169f7dcd694320306d4d584fd5fde72670

SHA512
962530bbacc23430f579b36a475f4455f4ac5213049b339ae7e9c062fc5fc97f622b99f470fd605af7082f2c0e794d9d3223cb29783b79e3b780f55cef6656b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
388578f97d5a28dab9e15d8222ff1ba8

SHA1
c689ee481f1d12427ca9727647bde9a1d8ecffc9

SHA256
2eebad7a5b22f8085577ae9f95be866e1f58c5ecdd8fa301056701a4fa4b9e96

SHA512
ef145beb53dba87f38ff9edb9e42e864bf2a44744441f4f1fde6bf986b1ed69d0cc38f51c07d4064bb9313f376a582fbfff6f70d4800cc655af27d4e7377bd8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
905d70ebdcdadb1cb7e6163978293090

SHA1
5ffbd681b9edb20d5408d47ee27931b711fb528c

SHA256
6f0f65ea5ac5c5bd5a545d05800604d24a262c382467f9e4585ad19ad5ce9180

SHA512
1fc29e42e08c380d7efd2589b7afc86e63a635d3341d834c8bd04f54a5074c52f4dfae4467a4e7d75a60cfb74bfbe56e2aef9d4c842f60eb2bf2244f4eedd8d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce1f659b469eee2e93026116a936a514

SHA1
56653d67fc093e1f35b65185d0295913f23d9718

SHA256
79f08ed4536620e55853b2b144ba64b7a2fed3de3fca55d675c043cb85d3f141

SHA512
898a9a018d997bc312182ef0cb072d418a845115e109576146073a4485372c1fd1e0d2e1dee833b964e6e603db018c234c66ff55f2aa174e28f26300b12a7838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0b1a34da122937ea4f50ea2b753b0a3c

SHA1
efe61ce9118b45ed4c6212882b28454ad35961a0

SHA256
4c576cd698073a19fbbcfdf737b8e23855352bfcab89093924950f9746bd3263

SHA512
efb63ae4d717c5cd8b5c7767d1d16b26de8987bb6e8b3c51a26218e34eb8e52297ed89982abbbcb19e7ded2a017c863d7d02b77f734f2ab05cc8a1e9dd0bc024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1ee05a0edcace641b1432ac3d9ad1f54

SHA1
b3eabbfd513f4bb7de0d43012e7106af781f4f29

SHA256
0b270f3671a6def6005c81de55d3c5638f426b87fe1018bb228eb4faca7c87b7

SHA512
f0f8ffc8d0434a32aa0e35f553afd00d59f69f7aeab9fc3941358c53cad64748a2f28ed571f8ea41c2657926671bc240a59ba984c310d5efb23b866b55a8a360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3a60955459c43130a322d83447b8460e

SHA1
02dd3d15ddba0e4f171f53458e0d7206f8d861a8

SHA256
905b39cdd3f6ac7480121467443bfdb2fecc51a058b4a211c29da645cf8df037

SHA512
06dd12db70512c0793327a6a7d06dba89a67548dedbdbaa76751c4112bbe05939e8ecd5a31fa000a789abf3e8aa13593571c4e361bf01be7edcae47629f48fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe594cce.TMP

Filesize
48B

MD5
f40792ed7e5c44bfc40ee6f7c0345640

SHA1
56f853f95527f20f25c78cc0592eddf75a7d33a5

SHA256
abb5b54a675178049ecf2543238db13210aa2c69105ca0e184475106e5aad83b

SHA512
e920dda120014940897ce9e69befd3edbb246f882ffc703b7f13432a1e97ef403215a8fa99c79a53e6f64875c104796f5116ee31b484e2f418316b2d998447a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
936507767a5accdb1464a502e9cd80ca

SHA1
fea6dd3090815281d57acfe35409102819b742ce

SHA256
78baa96ebd2e2f57416d26adc98d1893d6f1a3a5f42e712b4d210cf9d0a4360e

SHA512
c0475714a3cb88c16ba9f6c72c177058f6bc9068268241c369370e16fb86380f272def58f1c03ef853f2fa27806bfaab2bd7931532530ec2caa5076b95274586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
ef3c442202dea8d05660f9ba29838967

SHA1
9892aa5d8ed4ee9554fbc0ed3840e990b811e1d9

SHA256
38eba1b1db53ca14e826d7b90446a0ef0740a7500e2343989112fd61c81e9225

SHA512
795ce24a80d5710cb071c53bda41419937c02226bfceac52b81ad9eef8b2d8030155038d565fa64a1b57a7da01c6e1e0671a42ae446cc6e5ff02b97b3ae3c524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
a352a2f6559244c65f2b54b2737538c4

SHA1
8432081fc55c544fdecbac982ecb144ba6294882

SHA256
eede991ffa407237d5396c9072a05cf1f71ecbae4ad7e253460d514feb6194ac

SHA512
520b856d9970e8628972f3ea263b6675a97581474d25ff0533f18dd5747964a72fd861fc90f26480577efebcd6fc655aad02b2eedba983f1bf403b0c67e63eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
c5ed12c0d320fdb2685b61a78dcacd8f

SHA1
fed47a9749eb87b30270d0e4aefc37c0402b562a

SHA256
c1e7a2bea04995f576439bcb26c5ec8ffc84627b78b77e91f26b0ba51c2f7ace

SHA512
1223e2d9d47d4ebb4a610348b0cd6180f7ff3471159c628d5cc4b4cb7cfbdd97699fd7c454f1b847a92c0e132a2b8f70869aee83254364eee612185204d9f21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
030c148717714d14a6ba554f57884a7e

SHA1
79767d87e97f4ff0eb8124e1999deb5335ec9b8d

SHA256
96c03f3da266020443f8ff62366363cf809971418580128c544af3ce5c8b6665

SHA512
e50f05f6b6e57ceb10ad4d474091f6accc5dc171955e8e4dd01be1623e750f7a86605335903179919a49f9429223db320529c94608450ddcec20284f6e36211a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\VCRUNTIME140.dll

Filesize
84KB

MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\_ctypes.pyd

Filesize
105KB

MD5
9db2d9962cbd754e91b40f91cbc49542

SHA1
945ae09f678a4ca5f917339c304e5922e61dd588

SHA256
6a6df7d77b7a5552d8443bd1b98f681ad2e6b5a8acf7ade542dd369beab7e439

SHA512
a9d522f5768d265e2dca80faea239cc0ba7bec715d23058571651f8b61402650c01f3bca7f4d10e6806c8a553e79569dc852381d44169f535d63e85148d24e29

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\_queue.pyd

Filesize
23KB

MD5
8807dc228bb761439dc6525a2966e27e

SHA1
cb9e8e230eb8a684dec8886a856ec54ff1d2c682

SHA256
b7ed6dfb6882e8ec4267d9f80cd5b1dc0a43519382fcb72ab5e74c47875c209d

SHA512
def98c22bad3f32ea4caceead743c0fd775cfa4f5287ad8a4728830e10b7352ccc45646e9d8cbffd7d51ae71a6bff1bca38fcefb49c0530a6b69e38edec2ffb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\base_library.zip

Filesize
768KB

MD5
2c82437ada20c6385ee4cdc3dc132543

SHA1
7e37fc8646deb475e1d717dabc4c63920e07159b

SHA256
69ac408f51675a104c4dd738ac9c466025079301b2566ca9a6dd1076aa8d8739

SHA512
9bc0babcd5299c7d85ec1ddd9af817409e1a8e1c24c5364ce4b946d4b5edde9380dd64e604d2cc70d584dc430fac9901866ac8829909b73c8a92097640c9a8e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\bhop.exe.manifest

Filesize
1KB

MD5
f4dbc21b767191600abf9ceb22355120

SHA1
956c5cf7ceead7865e550300c4807cc9ce97b7f8

SHA256
ab259a1d09088dc1bc904dbae919fa1822f9260520434b0165e2834141fec44e

SHA512
9659b66aa77ec556a66740ba0c94fd3dd82967db73008fd62bbdb6b64a4007939a0995b98827a1032d520d39288bf13433cd1c9c76818eb8ea3a0a2165e8e393

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\python37.dll

Filesize
3.4MB

MD5
d49eac0faa510f2b2a8934a0f4e4a46f

SHA1
bbe4ab5dae01817157e2d187eb2999149a436a12

SHA256
625ca7bb2d34a3986f77c0c5ce572a08febfcacf5050a986507e822ff694dcaa

SHA512
b17f3370ecd3fe90b928f4a76cbad934b80b96775297acc1181b18ede8f2c8a8301d3298bafa4402bce4138df69d4b57e00e224a4ddbb0d78bb11b217a41a312

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47562\unicodedata.pyd

Filesize
1.0MB

MD5
e176f984d22f031098d700b7f1892378

SHA1
52842cdd08a3745756054b2278952e036031f5d9

SHA256
46876fc52f1529c2633372d8e2cea5b08b5a8582f8645cfad8f5ff8128a7f575

SHA512
b9ca5c965bf6b09cd05994340bfc8d006b64c78f0478cc58dffcb2932a4b54f92bc31c34bcbd0692b60adc7d3a31f8a156a2bc84d77379d900926d1e42b181b3

Download Submit
C:\Users\Admin\Downloads\bhop.exe

Filesize
4.9MB

MD5
0c8e38d1dfce8087a96e99c7ff05997d

SHA1
408ba6f7cebd952eb2d1d4b05cfdca8ccf29ab89

SHA256
8ecaf1b71fc99e9a440cf5612e83a74deda015e3307e6dad067657143b675075

SHA512
89390497431a7a9e4df55d6bd40c2f8e94c7ea022d3bb8f9ae9a54e2dd4a256f5027c1a60b94099fe35d1e4d98fd8159793a6008115d5ec97d8bbd91e609e562

Download Submit
C:\Users\Admin\Downloads\hotkey.txt

Filesize
1B

MD5
9dd4e461268c8034f5c8564e155c67a6

SHA1
11f6ad8ec52a2984abaafd7c3b516503785c2072

SHA256
2d711642b726b04401627ca9fbac32f5c8530fb1903cc4db02258717921a4881

SHA512
a4abd4448c49562d828115d13a1fccea927f52b4d5459297f8b43e42da89238bc13626e43dcb38ddb082488927ec904fb42057443983e88585179d50551afe62

Download Submit
memory/632-230-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download