Analysis Overview
Threat Level: Known bad
The file https://app.mediafire.com/yfz5pjw13emor was found to be: Known bad.
Malicious Activity Summary
Poverty Stealer
Detect Poverty Stealer Payload
RedLine
RedLine payload
Reads user/profile data of web browsers
Executes dropped EXE
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-24 07:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-24 07:58
Reported
2024-02-24 08:04
Platform
win10-20240221-en
Max time kernel
358s
Max time network
364s
Command Line
Signatures
Detect Poverty Stealer Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Poverty Stealer
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\installer4K.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\loader4K.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8077865C\loader4K.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\loader4K.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\installer4K.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3052 set thread context of 3624 | N/A | C:\Users\Admin\Desktop\loader4K.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 5472 set thread context of 5228 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8077865C\loader4K.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 1876 set thread context of 3592 | N/A | C:\Users\Admin\Desktop\loader4K.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532351384316603" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.mediafire.com/yfz5pjw13emor
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffabf889758,0x7ffabf889768,0x7ffabf889778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4988 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5460 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5316 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5204 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5660 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5836 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6076 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6168 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6372 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6504 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4856 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7348 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6684 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7196 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\installer4K.rar"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7372 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=916 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:2
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Admin\Desktop\installer4K.exe
"C:\Users\Admin\Desktop\installer4K.exe"
C:\Users\Admin\Desktop\loader4K.exe
"C:\Users\Admin\Desktop\loader4K.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\7zO8077865C\loader4K.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8077865C\loader4K.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO8079134C\PASSWORD FOR ARCHIVE - 2024.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO807FAE1C\README!!!.txt
C:\Users\Admin\Desktop\loader4K.exe
"C:\Users\Admin\Desktop\loader4K.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\installer4K.exe
"C:\Users\Admin\Desktop\installer4K.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 104.16.114.74:443 | app.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.57.101:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.184.154:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.57.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 52.24.22.222:443 | api.amplitude.com | tcp |
| US | 52.24.22.222:443 | api.amplitude.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| BE | 64.233.184.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.88.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.22.24.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| DE | 52.222.190.45:443 | cdn.amplitude.com | tcp |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.19.215.37:443 | cdn.otnolatrnup.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.190.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.215.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.92.85.52.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.145.39.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| DE | 3.66.48.129:443 | btlr.sharethrough.com | tcp |
| DE | 3.66.48.129:443 | btlr.sharethrough.com | tcp |
| DE | 3.66.48.129:443 | btlr.sharethrough.com | tcp |
| DE | 3.66.48.129:443 | btlr.sharethrough.com | tcp |
| DE | 3.66.48.129:443 | btlr.sharethrough.com | tcp |
| DE | 3.77.12.39:443 | tlx.3lift.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.202:443 | translate-pa.googleapis.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| DE | 52.85.92.127:443 | tags.crwdcntrl.net | tcp |
| IE | 63.35.74.224:443 | bcp.crwdcntrl.net | tcp |
| IE | 99.80.32.224:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.48.66.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.12.77.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.74.35.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.32.80.99.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| GB | 92.123.240.21:443 | contextual.media.net | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.240.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | c46190d8e538def95e3c2cf6b3d598ef.safeframe.googlesyndication.com | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| DE | 54.192.210.17:443 | cdn.prod.uidapi.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 216.58.204.65:443 | c46190d8e538def95e3c2cf6b3d598ef.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 142.250.187.226:443 | googleads4.g.doubleclick.net | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.179.230:443 | s0.2mdn.net | tcp |
| GB | 142.250.179.230:443 | s0.2mdn.net | tcp |
| GB | 142.250.179.230:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.210.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| DE | 37.252.171.53:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | udp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | tcp |
| US | 104.19.215.37:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download2294.mediafire.com | udp |
| US | 199.91.155.35:443 | download2294.mediafire.com | tcp |
| US | 199.91.155.35:443 | download2294.mediafire.com | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.155.91.199.in-addr.arpa | udp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| DE | 54.230.206.4:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 18.195.1.56:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 4.206.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 216.58.213.14:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 56.1.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.85.84.104.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | udp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.201.110:443 | google.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| DE | 172.217.16.195:443 | beacons.gvt2.com | tcp |
| DE | 172.217.16.195:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.16.217.172.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | google.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| NL | 45.15.156.142:33597 | tcp | |
| US | 8.8.8.8:53 | 142.156.15.45.in-addr.arpa | udp |
| DE | 146.70.169.164:2227 | tcp | |
| DE | 146.70.169.164:2227 | tcp | |
| DE | 146.70.169.164:2227 | tcp | |
| NL | 45.15.156.142:33597 | tcp |
Files
\??\pipe\crashpad_2356_HBHVHOORBICFXUNL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 353bb56d56d5f21ed7a44259bd79922a |
| SHA1 | 23e0f360c45262905bc7e558a6b5b7e38d189437 |
| SHA256 | f6235c2be818300432de55effb71d406f3796c8046e1ce76b756185ce54377c5 |
| SHA512 | 67d33ad5fab5722b45c0f715800566dd1734444bd236ad30fcb94b4401e2c349e7f11185f334212433830a45acb5a7cb99a071754d17a4f687f0296ca0cea06b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 609a71d058706d1ed150e960f7b3a4b5 |
| SHA1 | 560a42be588937357dcd499d45bbd109369a739b |
| SHA256 | 56ba1b24b89f9113631d98fd39842de7ccc9b8572a1502c9a8e8238632abc56f |
| SHA512 | 02fbb04bc2af6aaf0b5634c19bf9a934335200772dd7a53f73fb86a932a69debfd9c9bf1c834fe0a11c6ecd25c6b8c540a55b49cd6058144a5c972f11eccfd54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bf1e4f4b59a3214037b31237a33fce8d |
| SHA1 | fc8c6d8610018b812c8ad4fef188e4eed6f5e85e |
| SHA256 | 6f25a8d4e098045373d09bc7091e615f0b1a91caf3136ded35f7228c75ec7c30 |
| SHA512 | a9c8f9edd77bf410f0f9014bd23dca43f2c2e21d8c16ca4f29cc1a5ebe880c939908850ca0f218f9f5a4d241cca1dcd5f9fd90eb76aa8f3912f4bbbdfbcadf47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 63644f3774b85c55b3c6248f01d9b4ba |
| SHA1 | fc52a9e63d87d07c489d093c40372dc9a47edde1 |
| SHA256 | 585a0edc80a09cc728d160781a37b72f5b44609ff92cf0c9e54e72d925dd761d |
| SHA512 | a72349c8fa19e8c657f942e4ac103b1ca346b623456b464404ddacb31535dd9073496d312f664d0561d6205e847dcce3308fe18dc99e02ad89864d3216d02d40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2b939ec9a20151e1aead98663183dbe6 |
| SHA1 | 9c67b749878f00b039ac9aa6e2d900c87e521146 |
| SHA256 | 6255c544440e23b9637ef83b2d4e4bb6adcc24ef3231c13b95694b696fa30d22 |
| SHA512 | 596bd107cfe551eb1e8099e5a0de161f51b73eb26c62b90cd74d32deb546fc67877ac8ccf9eea4db52f512ae51c0e853254996db199ba8827d3f6c6474a18114 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 96a10d4def79c29fe23eb53ff3255612 |
| SHA1 | efc58fada084f84f4aa7dc9b9f0cc63f56b419b9 |
| SHA256 | 12ab6cdbebca3b894de16e8a97e4761e17dfcab96525e16481e7aa1fd69c74f1 |
| SHA512 | b59cbc0ed3f006ebc6178c284e8f83fd4bac2d3ad16045bbdfe780458d11d5a59d3874ceffc3d021a0ced240c96f78b7dbc012e7c8e268e657d445264c2c521f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 72eae15d9e00f6199f99869be2fdec65 |
| SHA1 | ef04d90785f7c663850ff7e922c8686088bb20c1 |
| SHA256 | 0106666315858c1b5b9c571926914fc384fe6abcd5373ad150a93d1d4444f146 |
| SHA512 | 93567b7e2f24cf4aa668a8616062762edd46fa2ede91e3e1fb1befafde4e108444cb7c0d94746eaf4041e72e564633ca24ab6beb228f052ded8b0c7d6cbe3ef8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a4f0ec3bb7a312a759332276725a203 |
| SHA1 | 08e9c16c717db76c86cacd34a62b698b0f48c4f0 |
| SHA256 | 5fb022bc8e22db3090de437e8265586d6cbaf01f7a0aee09aa8bac3c55d8dd18 |
| SHA512 | 639a3bb3e919ab7e0f058408289e4994169aa9a4f75298683f54205c4332253236a77cc96e5002835792bcfe0b0f641082aad67d29d016f6705886985b217f4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7e5ab3a223b97701992b45b369a53a18 |
| SHA1 | ff99db45f5c839d85efafb58a53fc7cd46eabf72 |
| SHA256 | 23d3781cb5c0be3eda01023ce1050156a310ac3af397b4916506bc4bf99c3eb7 |
| SHA512 | 32a1f119b7b17c2d7249daebe396a9d931797363ef8df197e9e78378ac37027592ea6042bd33e67c0dffa72a3f87d4313ccd0f723d7f4e2f0a6a882fb616581c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f3a278ef86f2bb91708fff4497f47c4c |
| SHA1 | 9e2df6b9e130b6d2358ca20b0a66638bbbb6b775 |
| SHA256 | 4cbdfafcb05ffa4f98455c24a58d30ec2e38d50b7309a50e8cf2d706b1637da2 |
| SHA512 | f387e880426ce63d17be0306f33b9f7acd7f0b73abcdcbfe4d25c523d97b344d18bc804096d61f45706c4873836bfd13391344eaf0e967bbffc682df2b65eb87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584f73.TMP
| MD5 | 629742717b0660a03e9ab78b181f8e9e |
| SHA1 | dbe65325508d9facde45380b180cb1ae28f94bc9 |
| SHA256 | 10dbae33aca49ac900ac2145c0e7d89154c2ba561b114d25cf2ccef16165fdf5 |
| SHA512 | bd881f1844f9b116d0a6c9a70a5db57b05c6c26170779041b7fbb398486dae38165c58dc646ba69a1d4493152acd3289ef1424a3915292defc3bf4d6d235e1fa |
C:\Users\Admin\Downloads\installer4K.rar
| MD5 | 97048301f41fe6b3d1121931d0659e8b |
| SHA1 | db06375d26f1c905a3392f9bcf22b08a5cc62ff1 |
| SHA256 | 1148577834893af0379e660e2fc109f8fc1511d0bce55958ce5881a55fc819b2 |
| SHA512 | 4a8c30587ad60a5f7205147a7f62247c5170ec95783be058493d5f9739b7f0b5d4749c499fc628c54c12cb3e7bf69385d641aa4d249f6ba281a5f71e1a2ad32a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d3e8a05dd2f3814b27882fb4d6652c63 |
| SHA1 | a7413a439646bfd447467181e09f213c1473176f |
| SHA256 | 0aa843745a7a29e11b040ef6e2e37a2142c4a83e01679ef442481eacced18a0d |
| SHA512 | 3e52a51c8d622f7569be274c78faae9ac6c11ce6535816b8db476ac815ef61744892714b84a48560514d8ae0838dfdc3276cc0e2b81d23f8eb2f1dd3a90e8072 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e248dfca91553efa5ebcba014a863689 |
| SHA1 | 9733ede91560bac358a97bb10812f52db6c04995 |
| SHA256 | 95b6bc09fa1278053784d901e40272e0f3c398933e00c4e479cfc0c7ed714ccf |
| SHA512 | ca5714d4977ae211a288db36bdd715fbe89fafdb6a9dae4e2e6baa74707089e4afa52df24ac1cb21d6ad1305d996db57808b724e1b519250eee0b1b928f0b0b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b6260a7a50c663af9f82b04cd0eb4a67 |
| SHA1 | 62d91544869c3d64a5a5dca156ce19a3f22a1511 |
| SHA256 | 8faf82b698b4a9e1bc68cb3d60b649658f8ff16310234c36952af3744dfb056b |
| SHA512 | 2b6da4bb7a79c585b40d455d6479dbb3ca4cf4603492ea3780cbbb6196c5526e0687abe273bfc139785d383582e39eb9f4cd54a617d012bde88f12dab81ea062 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a96d5d75c34a6c23e6ac1161239e59ad |
| SHA1 | c2c3140d161bcfa91d55276a89fc4a2545ac26ba |
| SHA256 | a4e2cf70e6c83c948063621df736d24c68f3eb256d73782d49620b80c5cf072f |
| SHA512 | f3e1d17f85f7500eca6129bdb7cb9a8b8c71a44a197faf640d50e24329af974da654a6ec56641035f87bb4ebaee9dd9b33f2b77a5a9ff19d0018cb733e465807 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | adb725c64a986473241474d8fe59cdee |
| SHA1 | 0c0891acf37e28cff4603d4c7385c51b5f99a9b8 |
| SHA256 | 094f132c30f5ecd43736557b600c21a53a09ca351ca1585ef4a5b1a374469215 |
| SHA512 | b7f92168ad60996799418949a6dc7e8506819b7d814857d6afdcbe7071edc20980d201885b0b500e0d55f4cdd1fe1dde9eaba6ba59b644fa3a7368ab46c73297 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd69454e3b1dfcec803a15c5c49ca2ee |
| SHA1 | d44260f54460de1695821e5d3df4c7b9d7b139ff |
| SHA256 | 2a518c3d812b2304b2a2a14c430dce10044c21ff02c093c36a24be8b0e521064 |
| SHA512 | 53bf5fb200ccf8942782d8b22bc9cdce0839dc68b556a3bfdf6b823684fe85672ceee7696236a644c393f38b3b1c1ff3aa22746cf9fdfd27370623bcc42cda2f |
C:\Users\Admin\Desktop\installer4K.exe
| MD5 | 28544e97bfffe6faefe86b4e72875f1e |
| SHA1 | e442030c77d0f163dc567bacd7165c60b347fc6e |
| SHA256 | d95f4d43357fc94e73641c39ddb6703298dbac8b61dbe437e92c6b2162c49492 |
| SHA512 | 2dbe4cbfa32a45d6055ffe1257e4e084bbc197ac770620e9e5c82b76f7c5d633801ce7718e4c3c5d2fabfcac5c39cad657b5f619d96e21d0b2d02791c0cc4edd |
memory/4200-458-0x00000000009A0000-0x00000000009F4000-memory.dmp
memory/4200-462-0x0000000073160000-0x000000007384E000-memory.dmp
memory/4200-463-0x00000000054A0000-0x000000000599E000-memory.dmp
memory/4200-464-0x0000000004FA0000-0x0000000005032000-memory.dmp
memory/4200-465-0x0000000004F20000-0x0000000004F30000-memory.dmp
memory/4200-466-0x0000000004EE0000-0x0000000004EEA000-memory.dmp
memory/4200-467-0x0000000005FB0000-0x00000000065B6000-memory.dmp
memory/4200-468-0x0000000005220000-0x000000000532A000-memory.dmp
memory/4200-469-0x0000000005150000-0x0000000005162000-memory.dmp
memory/4200-470-0x00000000051B0000-0x00000000051EE000-memory.dmp
memory/4200-471-0x0000000005330000-0x000000000537B000-memory.dmp
memory/4200-472-0x0000000005A10000-0x0000000005A76000-memory.dmp
memory/4200-482-0x00000000067C0000-0x0000000006810000-memory.dmp
memory/4200-484-0x0000000006DD0000-0x0000000006F92000-memory.dmp
memory/4200-485-0x00000000074D0000-0x00000000079FC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 2297e451ca63d615676d3a6e1648d979 |
| SHA1 | e515687a911637058769cec13c6dd913fc5ec189 |
| SHA256 | f34b27ce98db29a3c2ce10f204c138fddf8a3281c736de8ef1d765729b400719 |
| SHA512 | 079cec9216ca8fd80c98d28d1657e40ef812de1ffb8bb4a2b8adb6ea35d7dfbef2442533bbd00af09b6232838f4c0d766797f81cc2c2bd2169a4f05c466a5d90 |
memory/4200-489-0x0000000073160000-0x000000007384E000-memory.dmp
C:\Users\Admin\Desktop\loader4K.exe
| MD5 | 87e8e5cc9f29defc6a1830dc51cbee81 |
| SHA1 | 120a066a17dc7611de5b080eb1caf1c65898717c |
| SHA256 | 04574d097b30594f382f537a80a2de88f29121908dbc3f223cc43326ffd16000 |
| SHA512 | f2007740c01e5e96efe18cadd5316fe04533282bcfe1eda80af6a72b98722fe6f7d181be12511f4ffd56bbfa8d4c8e26c13be0b86c2acbd239058cf86768532f |
memory/3052-492-0x0000000000630000-0x0000000000644000-memory.dmp
memory/3052-494-0x0000000073160000-0x000000007384E000-memory.dmp
memory/3624-496-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3624-499-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3052-501-0x0000000073160000-0x000000007384E000-memory.dmp
memory/3624-503-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3624-504-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3624-505-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3052-502-0x0000000002990000-0x0000000004990000-memory.dmp
memory/3624-507-0x0000000000F80000-0x0000000000F81000-memory.dmp
memory/3624-508-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3052-509-0x0000000002990000-0x0000000004990000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\loader4K.exe.log
| MD5 | 84cfdb4b995b1dbf543b26b86c863adc |
| SHA1 | d2f47764908bf30036cf8248b9ff5541e2711fa2 |
| SHA256 | d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b |
| SHA512 | 485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce |
memory/5472-519-0x0000000073160000-0x000000007384E000-memory.dmp
memory/5472-524-0x0000000073160000-0x000000007384E000-memory.dmp
memory/5472-525-0x00000000028A0000-0x00000000048A0000-memory.dmp
memory/5228-526-0x0000000000400000-0x000000000040A000-memory.dmp
memory/5228-528-0x0000000000400000-0x000000000040A000-memory.dmp
memory/5228-531-0x0000000000400000-0x000000000040A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zO8079134C\PASSWORD FOR ARCHIVE - 2024.txt
| MD5 | 2843eeda6a606d23467e8ae584e914dd |
| SHA1 | 019fefdcdad4e76e350c8ea5941e29bb8102cb06 |
| SHA256 | 0b675c1802d19ed3e8190ebf5778f6af39d4b0406ad6c837d4d045e551085f64 |
| SHA512 | 430cf672153c161922d62aec3691ee8477cf709adc754b34c0aa8ebe4db94fc59814d93f06da46c0f9d1aaafeaa0a2d3a8f449fbccce147dc66443f045cb78fb |
C:\Users\Admin\AppData\Local\Temp\7zO807FAE1C\README!!!.txt
| MD5 | 91d90643d610ef52f96effdc000e1c33 |
| SHA1 | f566e82902d7e4f5a943414be193bbb48cfd1ecd |
| SHA256 | 5b46ce0b0a28b985bccedd690231f9a76a4e002efcc41d884b910fe71f8c59da |
| SHA512 | 06cca7bf22fbfa47ee46b0434b2114f1913178048312ce6e70d2bff139e6994f217003a8460796efeb9e91b86ae1f618275a4b60d21ad184b52e90601bcc47da |
memory/5472-540-0x00000000028A0000-0x00000000048A0000-memory.dmp
memory/1876-543-0x0000000073200000-0x00000000738EE000-memory.dmp
memory/1876-549-0x0000000073200000-0x00000000738EE000-memory.dmp
memory/1876-552-0x0000000003170000-0x0000000005170000-memory.dmp
memory/3592-550-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3592-551-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3592-555-0x0000000000400000-0x000000000040A000-memory.dmp
memory/5564-557-0x0000000002C20000-0x0000000002C74000-memory.dmp
memory/5564-561-0x0000000073200000-0x00000000738EE000-memory.dmp
memory/5564-562-0x0000000005840000-0x0000000005850000-memory.dmp
memory/5564-563-0x0000000005930000-0x000000000597B000-memory.dmp
memory/5564-566-0x0000000073200000-0x00000000738EE000-memory.dmp
memory/1876-567-0x0000000003170000-0x0000000005170000-memory.dmp