hxxps://github[.]com/Miedev/nitro-sniper/releases/tag/Download

Resubmissions

20-06-2024 17:51

240620-we7bgatgrm 10

20-06-2024 17:47

240620-wdbs6szcqc 8

20-06-2024 17:46

240620-wcpzeatfrn 3

Analysis

max time kernel
130s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Miedev/nitro-sniper/releases/tag/Download

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

triage-vm-bypass.exe

pid process

5212 triage-vm-bypass.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

59 raw.githubusercontent.com
86 raw.githubusercontent.com
56 camo.githubusercontent.com

pid	process
5212	triage-vm-bypass.exe

flow	ioc
59	raw.githubusercontent.com
86	raw.githubusercontent.com
56	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633793017810726"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2964 chrome.exe
2964 chrome.exe
6112 chrome.exe
6112 chrome.exe
Suspicious behavior: LoadsDriver 10 IoCs

Processes:

pid

4
4
4
4
4
672
4
4
4
4
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

2964 chrome.exe
2964 chrome.exe

pid
4
4
4
4
4
672
4
4
4
4

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe
Token: SeShutdownPrivilege	2964	chrome.exe
Token: SeCreatePagefilePrivilege	2964	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

Processes:

chrome.exe

pid	process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe
2964	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2964 wrote to memory of 784	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 784	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 4336	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 2704	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 2704	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe
PID 2964 wrote to memory of 1776	2964	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Miedev/nitro-sniper/releases/tag/Download
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebcbe9758,0x7ffebcbe9768,0x7ffebcbe9778
2⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:2
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:8
2⤵
PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:8
2⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:1
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:1
2⤵
PID:644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:8
2⤵
PID:3616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:8
2⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:8
2⤵
PID:5664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:8
2⤵
PID:5732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5332 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:8
2⤵
PID:5652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2776 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:8
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:8
2⤵
PID:5744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4800 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:8
2⤵
PID:3768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4920 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:8
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3788 --field-trial-handle=1804,i,14104101664573906395,8686872692176178263,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6112

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:5868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4184

C:\Users\Admin\Downloads\triage-vm-bypass.exe
"C:\Users\Admin\Downloads\triage-vm-bypass.exe"
1⤵
- Executes dropped EXE
PID:5212

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2349a990-930c-48ce-8545-8cd79445bc8d.tmp
Filesize
6KB

MD5
c8c9188e18eb2d43af32c6cfdee1a039

SHA1
09b330e531459e0de8cceef9fe2fd0c60b1cedfd

SHA256
1e140991bae3cd6e618bca3c48ab80b43efc579c1aeeecce1175c4fbb5d6c54e

SHA512
82865e9b6d2213e8b79d61402b52523cfc8347b2c22207abfd1a6e812433aa9e39e7ec019b2a6a7bf3d596fcb29174c2663a6a94d6bf87752155f26c60c5bb3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
4a0fa70397accaad6dd0656818469bad

SHA1
10445ecfdaaa8ed58ae47c459521c40db2a765cf

SHA256
d5656ff73f092a932e1f2b2669f12652ba9ecd3af6ebfb9b4b681d52f4c03524

SHA512
4b37405521684742df9c09da8fac36a9f5c451e8841d1175c6524b055e2cebea19edc767926ecd63712d41d3be03362bc915af570991c374dcea5ccedf70809b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
8cb749c1bd3236142ea6289433ca43f9

SHA1
30168eb565dc3d7903bb7b632003fd46e1038f67

SHA256
6170ae9e22510dd2377af6f7562d0aa69867fd8f407e2ba16949eff525769df1

SHA512
2e718d963c74e75f47e7e5d773e3e9abbfd20d765cbedbeda744fa37395cba6abba7dfcc3f07546b92bd7a950fe0665c51c377673d305afde26fb103a3282a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
06f83f7cb1c0cc7426812f1c1146b60b

SHA1
b2ecb1883a5f9bed9e9d388d857771837b48ebbb

SHA256
b867d977d22da5cf2a0d185ba5fcb0f9f924569e026a25a96336e12685698df8

SHA512
cba22f6c86c91631a5c19a84828b4b21d787914e16c5de456c57731cb7c0fa35d3f302ad4b133583d5d0cafad253e6454acc38bfc6a237d0746069824de9baed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
8db8f185bd02470138cfa00d3c7b6f53

SHA1
ee051966231731fd17dcd008e42aa3c449e7a5c1

SHA256
946ac457b4ef685cf937317c9f37ccf81fe44596e791d287def6f9327ea9e092

SHA512
199da9705d15f1e560c7443b0b5fefc89123e82f877eab7d612346537b684d74e83835a937b1f834f59437780c12759357077b2ac73456a80d810326a713c471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
5e0ca8e79d7abdffb8295435324f5889

SHA1
ace032cb2a52660fc7ab22013d0728200532622e

SHA256
345a240ae4d5c9fb9cf01f65c5f63c0f65a4611d0fe0c16746e51ade75e892af

SHA512
83e4b3eef06e84480226de77f5b314292d238c86cd8a96fd005b8d29a9a447afb828889647900d785d2bd71722d60ff8434999a61086e00118e2b67acaa3d257

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3a2a9ba159aa4125c305e816b55349c0

SHA1
0502f98220d3ff3187b61ef2138e1b8d6bd14e46

SHA256
51d14e27f94361a26ef553fe89d005d17c7e5f1753c2e1c55e6afcc1e7f0b456

SHA512
a857369477e295256dba43d67f95ceacc9b5bd56bc6ce89cedf31460d7e4cfdce0951ca23e2488fa6067fb9c707eaaa56316bcde06aa0b2ff963fcee0e6ac428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
872B

MD5
092a59c37ebd0206becb02cc7fb36b18

SHA1
4b7308cfb39f14033870bd0bb9504a8a03d4ae17

SHA256
c9a7f9daec369f74abf2745ca3a60193f089aeceaa136cfb636c8b464aeb2395

SHA512
bc552475e29971b22baf096fe85dc0e65ac19ea67aeed4911d236959bf67bb7e4a91ffc18e3beaedcc2dee35069c9d9d34a7ca7bbb112a6374ced3af3404ad21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e974245d958e5516fe95e05ba3c7a223

SHA1
4d375ec30890e1e66814c1415f44dc5d31cc9aef

SHA256
49082e6a4d5955fe06ce55da63f88d4ab306b93bf1f310dd34b36769b3702c33

SHA512
317ce1d17187b41b3e3fd8d60ce70ff18ccf3af209dcd884c0ede9c153d8cb3fbd78b4f649fd9ad044b018bee0206efa8d2cafb3a79ac92b6acf1e749956e14f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
defdbc1ff9503e565dd79575db47230f

SHA1
5e597d74f5ad8f1ddb60eece859ca2a76dcd0183

SHA256
1e878241deb141f7d56843120cc765f798fb3613423fe8617618a1024b089763

SHA512
8c962e0611e1595c969a8f8b3edc8e25676104c0214b2c8d07b3f19fd5ef884d219310e325f506a1282fe46ae191b5ac63c92c95bf2f1239aee22e7d2d1c4d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ef5e9bbd7cfaf626d30b3383391f7055

SHA1
f1a3c56203c5d6a7fca7f071a6884bc52eb62adc

SHA256
88ed47df6935fd5d11dffa39ecc6f35e6e89dcab2bc84dae9c9672c9972b3b09

SHA512
f6dfb2d550971f75e81af26a45e1c3b03e56dc720bf43ac88b9263806ec224d432c31b8cbf58b86eb6e4ce5f8621dffe38035339b2d1a6aaff48d9fdc5c2e16b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
200b90a5e23b87e8f009d8cc32b1c343

SHA1
f29c3d6b8ba831c8864aada6f764b9677d856733

SHA256
8eee023b5ce99773dcfcfd82a11251cc36a3ffe65aab57c1005147fa1c731552

SHA512
e3d0efba2b7b8f80c799386427219c7cc36b68c8a6afc874ebbb265744e22e2f78175252830882458de22d5d53c0cc14cc0b4bbdd573d43fe23bf152984bbb9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
327f4cea3dbea6b438908b68af624873

SHA1
1d0613ca7f95170ccde11653ae6f3743c8fde117

SHA256
f0e21a631db47831000a948d8e54573e0f3295d962701a57c219b95835270d38

SHA512
c621df5081af06a4e8b8b6f1ff5f4e08a60fc07bd033a3a93f1e68b4aa6c5a1f11ffda23cd8ae2a9f9190d956e565eeb88752a121ff51150ba8ce88971812175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
9fec310c09fd9981aeb7808407c11366

SHA1
2fcbfbfb6538d76a7f8731aeae049ab45f6b5484

SHA256
5d329c6e53780a9d4673170b493f6a5f2991785b90afd9bf0129374167aa111f

SHA512
41aa5f8040058620e3a7ae30e9bfe5f67fe7ba15b5e5128a81dda937190b96ba6d4e53c89ef6256673d32558f53bcb0a1b246f54ed67aa9523f256a4e27c5a23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
de58b18ae7907007ad2012013294eaff

SHA1
c549263c3419818bbe4d78b4562579aa8e03d387

SHA256
24f95c556ba673713afe235d2702b0c7539dc83324604d5c86468a175ec2003f

SHA512
e2b5a20ce6aa30e3cdf1e56300f4994281e6b6c67706a72ecc7007b864d9c3c56b803c720172a94e77e5e92d235d095f60d7af4833762dcec413cc94b1c64397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
fabfd8c00875d8f3fcf3f42e87eee239

SHA1
bbdc80878714e2858b57929017105b4e0d45a115

SHA256
001041003faaacca35c5e111288c703ca2f4cd16a2f6cb5b1b6e0a42ba4507ee

SHA512
6d289205ad49f5fa404e3c5b895b50f0a30c09794248280d7fb07d59e979c0bd2d4f5d38ffce85197a87479b5f4112dde91061cdac96ec4837bad9792d8b1c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8ea90e5c5e5c27c422e6938e85af5378

SHA1
17d8cb907e4d8effe536b4808a7482a35809cc21

SHA256
a4143050ab23781205d2a024198de314399e343938f5890f5035963bd2fd1b46

SHA512
987283673156ab74aa3b7f39f189651b47931245d3f8c811e6511708e1a1a672f7e6383b229265160016bd3d5071cc58a581f84223308517a33e8c1b21eb1ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bca59f9ab93a08662204d5fedab5ee38

SHA1
5f179fc9221e1bfb10723e9931712624eef9460e

SHA256
2b50decf3d4343f1725e01b429a82182d20301f35f09984474abd703588ea681

SHA512
8923ccf646010f43e93f5f8b1aada82262fef8787451eaaad22dab05a19d15d3db9fc9de82966bd257d2efae4a143fb60d90b443c2d57afedc5c81641485239f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
a9f7810c99c044f1d671d9908c5430e6

SHA1
8326f55d977c587fc3cc75f9086289b2319a719e

SHA256
84631877ddf1f940ea998965814bf5d726918cec1ea753521528abe3cc8b1227

SHA512
e4a656e1484724416543df4522a8dd7bce4a69aa19fa573acafdb59a98b0750b02d5b3447bb867a6a80df5ae1ff9e6be0464c089247bbcad28e64c444be5fb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
108KB

MD5
1883e5c0dc712f8ec50349f53f689e65

SHA1
765fb9af1d29a2da4fe17a7de38e17edcdb46c36

SHA256
8247aed76354ffcd365f1d1f3ae1a15e99e3a94b2f45e8b32c48b64294732600

SHA512
9a162fd907eb0678a3729253d72c53f0091c80ae996c3f21727636af2d71a98406ea35c03498b6a09ec03f204a70f0d091efd761141bcdb3f4ed36bf3f138208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b08e.TMP
Filesize
103KB

MD5
738b83f5627a2f99a6b48a6db4e90df5

SHA1
163b8fd6c32cd9adc6cd2d7958111e45c227006e

SHA256
53837714457f3499cf2987e43ad0ed0dee507955951986b5b3859440db072801

SHA512
95f7a25878adeef7201c7638916311405fd4d4ee5b86da2d813435891ef4fdef1dd9629837ac10abeeeb135c445cff6d97ac4781a44d7c95215942a486e296e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\triage-vm-bypass.exe
Filesize
67KB

MD5
d4246e9c08a6c90161bb6091bd89791f

SHA1
8b4cf934747188e5cbf2aa25ff7a9a632dda604c

SHA256
e1977f4bfeb6ed3d190193cd7cc5f6b33d307c59842ea2004f113ddb404721b7

SHA512
4ec030f18ead051c4ec61793cb64ce2e3af32666dc643dbe52359e77466a047ae30988c73ba4be80981bf3768cf59279b37738672cd71f92db9828f4a03aa7c4

Download Submit
\??\pipe\crashpad_2964_MHMDXEMGASWWDUOH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit